[gcc/devel/omp/gcc-10] aarch64: New Straight Line Speculation (SLS) mitigation flags

Tobias Burnus burnus@gcc.gnu.org
Fri Aug 21 07:57:32 GMT 2020 

https://gcc.gnu.org/g:50703e93a82df4af69c692d01b980b3b2c0eb53e

commit 50703e93a82df4af69c692d01b980b3b2c0eb53e
Author: Matthew Malcomson <matthew.malcomson@arm.com>
Date:   Thu Jul 9 09:11:58 2020 +0100

    aarch64: New Straight Line Speculation (SLS) mitigation flags
    
    Here we introduce the flags that will be used for straight line speculation.
    
    The new flag introduced is `-mharden-sls=`.
    This flag can take arguments of `none`, `all`, or a comma seperated list of one
    or more of `retbr` or `blr`.
    `none` indicates no special mitigation of the straight line speculation
    vulnerability.
    `all` requests all mitigations currently implemented.
    `retbr` requests that the RET and BR instructions have a speculation barrier
    inserted after them.
    `blr` requests that BLR instructions are replaced by a BL to a function stub
    using a BR with a speculation barrier after it.
    
    Setting this on a per-function basis using attributes or the like is not
    enabled, but may be in the future.
    
    (cherry-picked from a9ba2a9b77bec7eacaf066801f22d1c366a2bc86)
    
    gcc/ChangeLog:
    
    2020-06-02  Matthew Malcomson  <matthew.malcomson@arm.com>
    
            * config/aarch64/aarch64-protos.h (aarch64_harden_sls_retbr_p):
            New.
            (aarch64_harden_sls_blr_p): New.
            * config/aarch64/aarch64.c (enum aarch64_sls_hardening_type):
            New.
            (aarch64_harden_sls_retbr_p): New.
            (aarch64_harden_sls_blr_p): New.
            (aarch64_validate_sls_mitigation): New.
            (aarch64_override_options): Parse options for SLS mitigation.
            * config/aarch64/aarch64.opt (-mharden-sls): New option.
            * doc/invoke.texi: Document new option.

Diff:
---
 gcc/config/aarch64/aarch64-protos.h |  3 ++
 gcc/config/aarch64/aarch64.c        | 76 +++++++++++++++++++++++++++++++++++++
 gcc/config/aarch64/aarch64.opt      |  4 ++
 gcc/doc/invoke.texi                 | 12 ++++++
 4 files changed, 95 insertions(+)

diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
index 723d9ba6ac6..eb5f4b4da02 100644
--- a/gcc/config/aarch64/aarch64-protos.h
+++ b/gcc/config/aarch64/aarch64-protos.h
@@ -781,4 +781,7 @@ extern const atomic_ool_names aarch64_ool_ldeor_names;
 
 tree aarch64_resolve_overloaded_builtin_general (location_t, tree, void *);
 
+extern bool aarch64_harden_sls_retbr_p (void);
+extern bool aarch64_harden_sls_blr_p (void);
+
 #endif /* GCC_AARCH64_PROTOS_H */
diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
index d31c506fbed..8d5defb027e 100644
--- a/gcc/config/aarch64/aarch64.c
+++ b/gcc/config/aarch64/aarch64.c
@@ -14531,6 +14531,79 @@ aarch64_validate_mcpu (const char *str, const struct processor **res,
   return false;
 }
 
+/* Straight line speculation indicators.  */
+enum aarch64_sls_hardening_type
+{
+  SLS_NONE = 0,
+  SLS_RETBR = 1,
+  SLS_BLR = 2,
+  SLS_ALL = 3,
+};
+static enum aarch64_sls_hardening_type aarch64_sls_hardening;
+
+/* Return whether we should mitigatate Straight Line Speculation for the RET
+   and BR instructions.  */
+bool
+aarch64_harden_sls_retbr_p (void)
+{
+  return aarch64_sls_hardening & SLS_RETBR;
+}
+
+/* Return whether we should mitigatate Straight Line Speculation for the BLR
+   instruction.  */
+bool
+aarch64_harden_sls_blr_p (void)
+{
+  return aarch64_sls_hardening & SLS_BLR;
+}
+
+/* As of yet we only allow setting these options globally, in the future we may
+   allow setting them per function.  */
+static void
+aarch64_validate_sls_mitigation (const char *const_str)
+{
+  char *token_save = NULL;
+  char *str = NULL;
+
+  if (strcmp (const_str, "none") == 0)
+    {
+      aarch64_sls_hardening = SLS_NONE;
+      return;
+    }
+  if (strcmp (const_str, "all") == 0)
+    {
+      aarch64_sls_hardening = SLS_ALL;
+      return;
+    }
+
+  char *str_root = xstrdup (const_str);
+  str = strtok_r (str_root, ",", &token_save);
+  if (!str)
+    error ("invalid argument given to %<-mharden-sls=%>");
+
+  int temp = SLS_NONE;
+  while (str)
+    {
+      if (strcmp (str, "blr") == 0)
+	temp |= SLS_BLR;
+      else if (strcmp (str, "retbr") == 0)
+	temp |= SLS_RETBR;
+      else if (strcmp (str, "none") == 0 || strcmp (str, "all") == 0)
+	{
+	  error ("%<%s%> must be by itself for %<-mharden-sls=%>", str);
+	  break;
+	}
+      else
+	{
+	  error ("invalid argument %<%s%> for %<-mharden-sls=%>", str);
+	  break;
+	}
+      str = strtok_r (NULL, ",", &token_save);
+    }
+  aarch64_sls_hardening = (aarch64_sls_hardening_type) temp;
+  free (str_root);
+}
+
 /* Parses CONST_STR for branch protection features specified in
    aarch64_branch_protect_types, and set any global variables required.  Returns
    the parsing result and assigns LAST_STR to the last processed token from
@@ -14775,6 +14848,9 @@ aarch64_override_options (void)
   selected_arch = NULL;
   selected_tune = NULL;
 
+  if (aarch64_harden_sls_string)
+    aarch64_validate_sls_mitigation (aarch64_harden_sls_string);
+
   if (aarch64_branch_protection_string)
     aarch64_validate_mbranch_protection (aarch64_branch_protection_string);
 
diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt
index d99d14c137d..5170361fd5e 100644
--- a/gcc/config/aarch64/aarch64.opt
+++ b/gcc/config/aarch64/aarch64.opt
@@ -71,6 +71,10 @@ mgeneral-regs-only
 Target Report RejectNegative Mask(GENERAL_REGS_ONLY) Save
 Generate code which uses only the general registers.
 
+mharden-sls=
+Target RejectNegative Joined Var(aarch64_harden_sls_string)
+Generate code to mitigate against straight line speculation.
+
 mfix-cortex-a53-835769
 Target Report Var(aarch64_fix_a53_err835769) Init(2) Save
 Workaround for ARM Cortex-A53 Erratum number 835769.
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 8afe62ad619..4dc64ffe9dd 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -696,6 +696,7 @@ Objective-C and Objective-C++ Dialects}.
 -msign-return-address=@var{scope} @gol
 -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}
 +@var{b-key}]|@var{bti} @gol
+-mharden-sls=@var{opts} @gol
 -march=@var{name}  -mcpu=@var{name}  -mtune=@var{name}  @gol
 -moverride=@var{string}  -mverbose-cost-dump @gol
 -mstack-protector-guard=@var{guard} -mstack-protector-guard-reg=@var{sysreg} @gol
@@ -17066,6 +17067,17 @@ functions.  The optional argument @samp{b-key} can be used to sign the functions
 with the B-key instead of the A-key.
 @samp{bti} turns on branch target identification mechanism.
 
+@item -mharden-sls=@var{opts}
+@opindex mharden-sls
+Enable compiler hardening against straight line speculation (SLS).
+@var{opts} is a comma-separated list of the following options:
+@table @samp
+@item retbr
+@item blr
+@end table
+In addition, @samp{-mharden-sls=all} enables all SLS hardening while
+@samp{-mharden-sls=none} disables all SLS hardening.
+
 @item -msve-vector-bits=@var{bits}
 @opindex msve-vector-bits
 Specify the number of bits in an SVE vector register.  This option only has

More information about the Gcc-cvs mailing list