This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] S/390: Disable prediction of indirect branches


On Thu, Feb 8, 2018 at 11:57 AM, H.J. Lu <hjl.tools@gmail.com> wrote:
> On Thu, Feb 8, 2018 at 4:17 AM, Andreas Krebbel
> <krebbel@linux.vnet.ibm.com> wrote:
>> On 02/08/2018 12:33 PM, Richard Biener wrote:
>>> On Wed, Feb 7, 2018 at 1:01 PM, Andreas Krebbel
>>> <krebbel@linux.vnet.ibm.com> wrote:
>>>> This patch implements GCC support for mitigating vulnerability
>>>> CVE-2017-5715 known as Spectre #2 on IBM Z.
>>>>
>>>> In order to disable prediction of indirect branches the implementation
>>>> makes use of an IBM Z specific feature - the execute instruction.
>>>> Performing an indirect branch via execute prevents the branch from
>>>> being subject to dynamic branch prediction.
>>>>
>>>> The implementation tries to stay close to the x86 solution regarding
>>>> user interface.
>>>>
>>>> x86 style options supported (without thunk-inline):
>>>>
>>>> -mindirect-branch=(keep|thunk|thunk-extern)
>>>> -mfunction-return=(keep|thunk|thunk-extern)
>>>>
>>>> IBM Z specific options:
>>>>
>>>> -mindirect-branch-jump=(keep|thunk|thunk-extern|thunk-inline)
>>>> -mindirect-branch-call=(keep|thunk|thunk-extern)
>>>> -mfunction-return-reg=(keep|thunk|thunk-extern)
>>>> -mfunction-return-mem=(keep|thunk|thunk-extern)
>>>>
>>>> These options allow us to enable/disable the branch conversion at a
>>>> finer granularity.
>>>>
>>>> -mindirect-branch sets the value of -mindirect-branch-jump and
>>>>  -mindirect-branch-call.
>>>>
>>>> -mfunction-return sets the value of -mfunction-return-reg and
>>>>  -mfunction-return-mem.
>>>>
>>>> All these options are supported on GCC command line as well as
>>>> function attributes.
>>>>
>>>> 'thunk' triggers the generation of out of line thunks (expolines) and
>>>> replaces the formerly indirect branch with a direct branch to the
>>>> thunk.  Depending on the -march= setting two different types of thunks
>>>> are generated.  With -march=z10 or higher exrl (execute relative long)
>>>> is being used while targeting older machines makes use of larl/ex
>>>> instead.  From a security perspective the exrl variant is preferable.
>>>>
>>>> 'thunk-extern' does the branch replacement like 'thunk' but does not
>>>> emit the thunks.
>>>>
>>>> 'thunk-inline' is only available for indirect jumps.  It should be used
>>>> in environments where correct CFI is important - known as user space.
>>>>
>>>> Additionally the patch introduces the -mindirect-branch-table option
>>>> which generates tables pointing to the locations which have been
>>>> modified.  This is supposed to allow reverting the changes without
>>>> re-compilation in situations where it isn't required. The sections are
>>>> split up into one section per option.
>>>>
>>>> I plan to commit the patch tomorrow.
>>>
>>> Do you also plan to backport this to the GCC 7 branch?
>>
>> Yes, I'm working on it.
>>
>
> This breaks glibc build:
>
> /export/gnu/import/git/toolchain/build/compilers/s390x-linux-gnu/glibc/s390x-linux-gnu/libc_pic.os:
> In function `__cmsg_nxthdr':
> /export/ssd/git/toolchain/build/compilers/s390x-linux-gnu/glibc-src/s390x-linux-gnu/socket/../sysdeps/unix/sysv/linux/cmsg_nxthdr.c:39:
> undefined reference to `__s390_indirect_jump_r1use_r14'
> /export/ssd/git/toolchain/build/compilers/s390x-linux-gnu/glibc-src/s390x-linux-gnu/socket/../sysdeps/unix/sysv/linux/cmsg_nxthdr.c:39:
> undefined reference to `__s390_indirect_jump_r1use_r14'
> collect2: error: ld returned 1 exit status
> make[4]: *** [../Makerules:765:
> /export/gnu/import/git/toolchain/build/compilers/s390x-linux-gnu/glibc/s390x-linux-gnu/libc.so]
> Error 1
> make[4]: Leaving directory
> '/export/ssd/git/toolchain/build/compilers/s390x-linux-gnu/glibc-src/s390x-linux-gnu/elf'
> make[3]: *** [Makefile:215: elf/subdir_lib] Error 2
> make[3]: Leaving directory
> '/export/ssd/git/toolchain/build/compilers/s390x-linux-gnu/glibc-src/s390x-linux-gnu'
> make[2]: *** [Makefile:9: all] Error 2
> make[2]: Leaving directory
> '/export/ssd/git/toolchain/build/compilers/s390x-linux-gnu/glibc/s390x-linux-gnu'

I opened:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=84295

-- 
H.J.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]