From 1be5d8d3bbec4c9a112114993ac5c85b2b26c4c4 Mon Sep 17 00:00:00 2001 From: Alan Modra Date: Wed, 17 Jan 2018 14:19:08 +1030 Subject: PowerPC PLT speculative execution barriers Spectre variant 2 mitigation for PowerPC and PowerPC64. bfd/ * elf32-ppc.c (GLINK_ENTRY_SIZE): Handle speculation barrier. (CRSETEQ, BEQCTRM): Define. (is_nonpic_glink_stub): Don't check bctr. (ppc_elf_link_hash_table_create): Init new ppc_elf_params field. (ppc_elf_relax_section): Size speculation barrier. (output_bctr): New function. (write_glink_stub): Use output_bctr. (ppc_elf_relocate_section): Use output_bctr for long branch stub. (ppc_elf_finish_dynamic_symbol): Likewise. (ppc_elf_finish_dynamic_sections): Use output_bctr. * elf32-ppc.h (struct ppc_elf_params): Add speculate_indirect_jumps. * elf64-ppc.c (CRSETEQ, BEQCTRM, BEQCTRLM): Define. (GLINK_PLTRESOLVE_SIZE): Size speculation barrier. (size_global_entry_stubs): Handle speculation barrier sizing. (plt_stub_size): Likewise. (output_bctr): New function. (build_plt_stub, build_tls_get_addr_stub): Output speculation barrier. (ppc_build_one_stub): Likewise for ppc_stub_plt_branch. (ppc_size_one_stub): Size speculation barrier in ppc_stub_plt_branch. (build_global_entry_stubs): Output speculation barrier. (ppc64_elf_build_stubs): Likewise in __glink_PLTresolve stub. * elf64-ppc.h (struct ppc64_elf_params): Add speculate_indirect_jumps. gold/ * options.h (speculate_indirect_jumps): New option. * powerpc.cc (beqctrm, beqctrlm, crseteq): New insn constants. (output_bctr): New function. (Stub_table::plt_call_size): Add space for speculation barrier. (Stub_table::branch_stub_size): Likewise. (Output_data_glink::pltresolve_size): Likewise. (Stub_table::do_write): Output speculation barriers. ld/ * emultempl/ppc32elf.em (params): Init new field. (OPTION_SPECULATE_INDIRECT_JUMPS): Define. (OPTION_NO_SPECULATE_INDIRECT_JUMPS): Define. (PARSE_AND_LIST_LONGOPTS): Handle new options. (PARSE_AND_LIST_ARGS_CASES): Likewise. (PARSE_AND_LIST_OPTIONS): Likewise. * emultempl/ppc64elf.em (params): Init new field. (OPTION_SPECULATE_INDIRECT_JUMPS): Define. (OPTION_NO_SPECULATE_INDIRECT_JUMPS): Define. (PARSE_AND_LIST_LONGOPTS): Handle --speculate-indirect-jumps. (PARSE_AND_LIST_OPTIONS): Likewise. (PARSE_AND_LIST_ARGS_CASES): Likewise. * ld.texinfo (--no-plt-thread-safe): Correct itemx. (--speculate-indirect-jumps): Document. * testsuite/ld-powerpc/elfv2exe.d, * testsuite/ld-powerpc/elfv2so.d, * testsuite/ld-powerpc/relbrlt.d, * testsuite/ld-powerpc/powerpc.exp: Disable plt alignment and speculation barriers on various tests. --- ld/ld.texinfo | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'ld/ld.texinfo') diff --git a/ld/ld.texinfo b/ld/ld.texinfo index 94d340c..c89915f 100644 --- a/ld/ld.texinfo +++ b/ld/ld.texinfo @@ -7635,7 +7635,7 @@ chain since there is never any need to do so on a PLT call. @kindex --plt-thread-safe @kindex --no-plt-thread-safe @item --plt-thread-safe -@itemx --no-thread-safe +@itemx --no-plt-thread-safe With power7's weakly ordered memory model, it is possible when using lazy binding for ld.so to update a plt entry in one thread and have another thread see the individual plt entry words update in the wrong @@ -7646,6 +7646,15 @@ looks for calls to commonly used functions that create threads, and if seen, adds the necessary barriers. Use these options to change the default behaviour. +@cindex PowerPC64 PLT call stub speculative execution barrier +@kindex --speculate-indirect-jumps +@kindex --no-speculate-indirect-jumps +@item --speculate-indirect-jumps +@itemx --no-speculate-indirect-jumps +Use these options to control whether all indirect branch instructions +emitted by @code{ld}, such as those in the PLT, have a speculative +execution barrier to mitigate Spectre variant 2 attacks. + @cindex PowerPC64 ELFv2 PLT localentry optimization @kindex --plt-localentry @kindex --no-plt-localentry -- cgit v1.1