[lld] r325647 - [mips][lld] Spectre variant two mitigation for MIPSR2

Simon Dardis via llvm-commits llvm-commits at lists.llvm.org
Tue Feb 20 15:49:17 PST 2018 

Author: sdardis
Date: Tue Feb 20 15:49:17 2018
New Revision: 325647

URL: http://llvm.org/viewvc/llvm-project?rev=325647&view=rev
Log:
[mips][lld] Spectre variant two mitigation for MIPSR2

This patch provides migitation for CVE-2017-5715, Spectre variant two,
which affects the P5600 and P6600. It implements the LLD part of
-z hazardplt. Like the Clang part of this patch, I have opted for that
specific option name in case alternative migitation methods are required
in the future.

The mitigation strategy suggested by MIPS for these processors is to use
hazard barrier instructions. 'jalr.hb' and 'jr.hb' are hazard
barrier variants of the 'jalr' and 'jr' instructions respectively.

These instructions impede the execution of instruction stream until
architecturally defined hazards (changes to the instruction stream,
privileged registers which may affect execution) are cleared. These
instructions in MIPS' designs are not speculated past.

These instructions are defined by the MIPS32R2 ISA, so this mitigation
method is not compatible with processors which implement an earlier
revision of the MIPS ISA.

For LLD, this changes PLT stubs to use 'jalr.hb' and 'jr.hb'.

Reviewers: atanasyan, ruiu

Differential Revision: https://reviews.llvm.org/D43488

Modified:
    lld/trunk/ELF/Arch/Mips.cpp
    lld/trunk/ELF/Config.h
    lld/trunk/ELF/Driver.cpp
    lld/trunk/test/ELF/mips-26-n32-n64.s
    lld/trunk/test/ELF/mips-plt-r6.s

Modified: lld/trunk/ELF/Arch/Mips.cpp
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/ELF/Arch/Mips.cpp?rev=325647&r1=325646&r2=325647&view=diff
==============================================================================
--- lld/trunk/ELF/Arch/Mips.cpp (original)
+++ lld/trunk/ELF/Arch/Mips.cpp Tue Feb 20 15:49:17 2018
@@ -296,7 +296,8 @@ template <class ELFT> void MIPS<ELFT>::w
     write32<E>(Buf + 20, 0x0018c082); // srl   $24, $24, 2
   }
 
-  write32<E>(Buf + 24, 0x0320f809); // jalr  $25
+  uint32_t JalrInst = Config->ZHazardplt ? 0x0320fc09 : 0x0320f809;
+  write32<E>(Buf + 24, JalrInst); // jalr.hb $25 or jalr $25
   write32<E>(Buf + 28, 0x2718fffe); // subu  $24, $24, 2
 
   uint64_t GotPlt = InX::GotPlt->getVA();
@@ -330,9 +331,13 @@ void MIPS<ELFT>::writePlt(uint8_t *Buf,
     return;
   }
 
+  unsigned JrInst =
+      isMipsR6() ? (Config->ZHazardplt ? 0x03200409 : 0x03200009)
+                 : (Config->ZHazardplt ? 0x03200408 : 0x03200008);
+
   write32<E>(Buf, 0x3c0f0000);     // lui   $15, %hi(.got.plt entry)
   write32<E>(Buf + 4, 0x8df90000); // l[wd] $25, %lo(.got.plt entry)($15)
-  write32<E>(Buf + 8, isMipsR6() ? 0x03200009 : 0x03200008);  // jr  $25
+  write32<E>(Buf + 8, JrInst);     // jr  $25 / jr.hb $25
   write32<E>(Buf + 12, 0x25f80000); // addiu $24, $15, %lo(.got.plt entry)
   writeValue<E>(Buf, GotPltEntryAddr + 0x8000, 16, 16);
   writeValue<E>(Buf + 4, GotPltEntryAddr, 16, 0);

Modified: lld/trunk/ELF/Config.h
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/ELF/Config.h?rev=325647&r1=325646&r2=325647&view=diff
==============================================================================
--- lld/trunk/ELF/Config.h (original)
+++ lld/trunk/ELF/Config.h Tue Feb 20 15:49:17 2018
@@ -155,6 +155,7 @@ struct Configuration {
   bool WriteAddends;
   bool ZCombreloc;
   bool ZExecstack;
+  bool ZHazardplt;
   bool ZNocopyreloc;
   bool ZNodelete;
   bool ZNodlopen;

Modified: lld/trunk/ELF/Driver.cpp
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/ELF/Driver.cpp?rev=325647&r1=325646&r2=325647&view=diff
==============================================================================
--- lld/trunk/ELF/Driver.cpp (original)
+++ lld/trunk/ELF/Driver.cpp Tue Feb 20 15:49:17 2018
@@ -692,6 +692,7 @@ void LinkerDriver::readConfigs(opt::Inpu
       Args.hasFlag(OPT_warn_symbol_ordering, OPT_no_warn_symbol_ordering, true);
   Config->ZCombreloc = !hasZOption(Args, "nocombreloc");
   Config->ZExecstack = hasZOption(Args, "execstack");
+  Config->ZHazardplt = hasZOption(Args, "hazardplt");
   Config->ZNocopyreloc = hasZOption(Args, "nocopyreloc");
   Config->ZNodelete = hasZOption(Args, "nodelete");
   Config->ZNodlopen = hasZOption(Args, "nodlopen");

Modified: lld/trunk/test/ELF/mips-26-n32-n64.s
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/test/ELF/mips-26-n32-n64.s?rev=325647&r1=325646&r2=325647&view=diff
==============================================================================
--- lld/trunk/test/ELF/mips-26-n32-n64.s (original)
+++ lld/trunk/test/ELF/mips-26-n32-n64.s Tue Feb 20 15:49:17 2018
@@ -5,7 +5,11 @@
 # RUN: ld.lld %t-so.o -shared -o %t.so
 # RUN: llvm-mc -filetype=obj -triple=mips64-unknown-linux %s -o %t.o
 # RUN: ld.lld %t.o %t.so -o %t.exe
-# RUN: llvm-objdump -d %t.exe | FileCheck %s
+# RUN: llvm-objdump -d %t.exe | FileCheck %s --check-prefixes=CHECK,DEFAULT
+# RUN: ld.lld %t-so.o -shared -o %t.so -z hazardplt
+# RUN: ld.lld %t.o %t.so -o %t.exe -z hazardplt
+# RUN: llvm-objdump -d %t.exe | FileCheck %s --check-prefixes=CHECK,HAZARDPLT
+
 
 # REQUIRES: mips
 
@@ -21,11 +25,13 @@
 # CHECK-NEXT:    2001c:       03 0e c0 23     subu    $24, $24, $14
 # CHECK-NEXT:    20020:       03 e0 78 25     move    $15, $ra
 # CHECK-NEXT:    20024:       00 18 c0 c2     srl     $24, $24, 3
-# CHECK-NEXT:    20028:       03 20 f8 09     jalr    $25
+# DEFAULT:       20028:       03 20 f8 09     jalr    $25
+# HAZARDPLT:     20028:       03 20 fc 09     jalr.hb $25
 # CHECK-NEXT:    2002c:       27 18 ff fe     addiu   $24, $24, -2
 # CHECK-NEXT:    20030:       3c 0f 00 03     lui     $15, 3
 # CHECK-NEXT:    20034:       8d f9 00 18     lw      $25, 24($15)
-# CHECK-NEXT:    20038:       03 20 00 08     jr      $25
+# DEFAULT:       20038:       03 20 00 08     jr      $25
+# HAZARDPLT:     20038:       03 20 04 08     jr.hb   $25
 # CHECK-NEXT:    2003c:       25 f8 00 18     addiu   $24, $15, 24
 
   .text

Modified: lld/trunk/test/ELF/mips-plt-r6.s
URL: http://llvm.org/viewvc/llvm-project/lld/trunk/test/ELF/mips-plt-r6.s?rev=325647&r1=325646&r2=325647&view=diff
==============================================================================
--- lld/trunk/test/ELF/mips-plt-r6.s (original)
+++ lld/trunk/test/ELF/mips-plt-r6.s Tue Feb 20 15:49:17 2018
@@ -6,7 +6,10 @@
 # RUN:         -mcpu=mips32r6 %S/Inputs/mips-dynamic.s -o %t2.o
 # RUN: ld.lld %t2.o -shared -o %t.so
 # RUN: ld.lld %t1.o %t.so -o %t.exe
-# RUN: llvm-objdump -d %t.exe | FileCheck %s
+# RUN: llvm-objdump -d %t.exe | FileCheck %s --check-prefixes=DEFAULT,CHECK
+# RUN: ld.lld %t2.o -shared -o %t.so -z hazardplt
+# RUN: ld.lld %t1.o %t.so -o %t.exe -z hazardplt
+# RUN: llvm-objdump -d %t.exe | FileCheck %s --check-prefixes=HAZARDPLT,CHECK
 
 # REQUIRES: mips
 
@@ -24,12 +27,14 @@
 # CHECK-NEXT:   2001c:       03 1c c0 23     subu    $24, $24, $gp
 # CHECK-NEXT:   20020:       03 e0 78 25     move    $15, $ra
 # CHECK-NEXT:   20024:       00 18 c0 82     srl     $24, $24, 2
-# CHECK-NEXT:   20028:       03 20 f8 09     jalr    $25
+# DEFAULT:      20028:       03 20 f8 09     jalr    $25
+# HAZARDPLT:    20028:       03 20 fc 09     jalr.hb $25
 # CHECK-NEXT:   2002c:       27 18 ff fe     addiu   $24, $24, -2
 
 # CHECK-NEXT:   20030:       3c 0f 00 03     aui     $15, $zero, 3
 # CHECK-NEXT:   20034:       8d f9 00 0c     lw      $25, 12($15)
-# CHECK-NEXT:   20038:       03 20 00 09     jr      $25
+# DEFAULT:      20038:       03 20 00 09     jr      $25
+# HAZARDPLT:    20038:       03 20 04 09     jr.hb   $25
 # CHECK-NEXT:   2003c:       25 f8 00 0c     addiu   $24, $15, 12
 
   .text

More information about the llvm-commits mailing list