powerpc64le: ROP changes for the *context and setjmp functions

Add ROP protection for the getcontext, setcontext, makecontext, swapcontext and __sigsetjmp_symbol functions. Reviewed-by: Peter Bergner <bergner@linux.ibm.com>
2025-03-06 20:58:33 +01:00 · 2024-12-09 16:47:40 -05:00 · 2024-12-09 16:47:40 -05:00 · be13e46764
commit be13e46764
parent 9e08698e4c
5 changed files with 60 additions and 12 deletions
--- a/sysdeps/powerpc/powerpc64/setjmp-common.S
+++ b/sysdeps/powerpc/powerpc64/setjmp-common.S
@ -224,6 +224,9 @@ L(no_vmx):
 #else
 	mflr	r0
 	std	r0,FRAME_LR_SAVE(r1)
+#ifdef __ROP_PROTECT__
+	hashst	r0,FRAME_ROP_SAVE(r1)
+#endif
 	stdu	r1,-FRAME_MIN_SIZE(r1)
 	cfi_adjust_cfa_offset(FRAME_MIN_SIZE)
 	cfi_offset(lr,FRAME_LR_SAVE)
@ -232,6 +235,9 @@ L(no_vmx):
 	ld	r0,FRAME_MIN_SIZE+FRAME_LR_SAVE(r1)
 	addi	r1,r1,FRAME_MIN_SIZE
 	mtlr	r0
+#ifdef __ROP_PROTECT__
+	hashchk	r0,FRAME_ROP_SAVE(r1)
+#endif
 	blr
 #endif
 END (__sigsetjmp_symbol)
--- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/getcontext.S
+++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/getcontext.S
@ -32,6 +32,9 @@ ENTRY(__novec_getcontext)
  std  r0,(SIGCONTEXT_GP_REGS+(PT_R0*8))(r3)
  std  r1,(SIGCONTEXT_GP_REGS+(PT_R1*8))(r3)
  mflr  r0
+#ifdef __ROP_PROTECT__
+  hashst  r0,FRAME_ROP_SAVE(r1)
+#endif
  std  r2,(SIGCONTEXT_GP_REGS+(PT_R2*8))(r3)
  std  r0,FRAME_LR_SAVE(r1)
  cfi_offset (lr, FRAME_LR_SAVE)
@ -139,6 +142,9 @@ ENTRY(__novec_getcontext)
  ld    r0,128+FRAME_LR_SAVE(r1)
  addi  r1,r1,128
  mtlr  r0
+#ifdef __ROP_PROTECT__
+  hashchk  r0,FRAME_ROP_SAVE(r1)
+#endif
  blr
 PSEUDO_END(__novec_getcontext)

@ -161,6 +167,9 @@ ENTRY(__getcontext)
  std  r0,(SIGCONTEXT_GP_REGS+(PT_R0*8))(r3)
  std  r1,(SIGCONTEXT_GP_REGS+(PT_R1*8))(r3)
  mflr  r0
+#ifdef __ROP_PROTECT__
+  hashst  r0,FRAME_ROP_SAVE(r1)
+#endif
  std  r2,(SIGCONTEXT_GP_REGS+(PT_R2*8))(r3)
  std  r0,FRAME_LR_SAVE(r1)
  cfi_offset (lr, FRAME_LR_SAVE)
@ -377,6 +386,9 @@ L(has_no_vec):
  ld    r0,128+FRAME_LR_SAVE(r1)
  addi  r1,r1,128
  mtlr  r0
+#ifdef __ROP_PROTECT__
+  hashchk  r0,FRAME_ROP_SAVE(r1)
+#endif
  blr
 PSEUDO_END(__getcontext)

--- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/makecontext.S
+++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/makecontext.S
@ -39,6 +39,9 @@ ENTRY (__makecontext)
  addi  r6,r1,FRAME_PARM_SAVE+24
  std   r0,FRAME_LR_SAVE(r1)
  cfi_offset (lr, FRAME_LR_SAVE)
+#ifdef __ROP_PROTECT__
+  hashst  r0,FRAME_ROP_SAVE(r1)
+#endif
  stdu  r1,-128(r1)
  cfi_adjust_cfa_offset (128)

@ -181,6 +184,9 @@ L(gotexitcodeaddr):
  ld    r0,128+FRAME_LR_SAVE(r1)
  addi  r1,r1,128
  mtlr  r0
+#ifdef __ROP_PROTECT__
+  hashchk  r0,FRAME_ROP_SAVE(r1)
+#endif
  blr
 END(__makecontext)

--- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/setcontext.S
+++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/setcontext.S
@ -38,8 +38,11 @@
 ENTRY(__novec_setcontext)
 	CALL_MCOUNT 1
  mflr  r0
-  std   r31,-8(1)
-  cfi_offset(r31,-8)
+  std   r31,-16(1)
+  cfi_offset(r31,-16)
+#ifdef __ROP_PROTECT__
+  hashst  r0,FRAME_ROP_SAVE(r1)
+#endif
  std   r0,FRAME_LR_SAVE(r1)
  cfi_offset (lr, FRAME_LR_SAVE)
  stdu  r1,-128(r1)
@ -184,7 +187,10 @@ L(nv_error_exit):
  ld   r0,128+FRAME_LR_SAVE(r1)
  addi r1,r1,128
  mtlr r0
-	ld   r31,-8(r1)
+#ifdef __ROP_PROTECT__
+  hashchk  r0,FRAME_ROP_SAVE(r1)
+#endif
+  ld   r31,-16(r1)
  blr
 PSEUDO_END(__novec_setcontext)

@ -197,8 +203,11 @@ compat_symbol (libc, __novec_setcontext, setcontext, GLIBC_2_3)
 ENTRY(__setcontext)
 	CALL_MCOUNT 1
  mflr  r0
-  std   r31,-8(1)
-  cfi_offset(r31,-8)
+  std   r31,-16(1)
+  cfi_offset(r31,-16)
+#ifdef __ROP_PROTECT__
+  hashst  r0,FRAME_ROP_SAVE(r1)
+#endif
  std   r0,FRAME_LR_SAVE(r1)
  cfi_offset (lr, FRAME_LR_SAVE)
  stdu  r1,-128(r1)
@ -446,7 +455,10 @@ L(error_exit):
  ld   r0,128+FRAME_LR_SAVE(r1)
  addi r1,r1,128
  mtlr r0
-	ld   r31,-8(r1)
+#ifdef __ROP_PROTECT__
+  hashchk  r0,FRAME_ROP_SAVE(r1)
+#endif
+  ld   r31,-16(r1)
  blr

 PSEUDO_END(__setcontext)
--- a/sysdeps/unix/sysv/linux/powerpc/powerpc64/swapcontext.S
+++ b/sysdeps/unix/sysv/linux/powerpc/powerpc64/swapcontext.S
@ -40,8 +40,11 @@ ENTRY(__novec_swapcontext)
  std  r0,(SIGCONTEXT_GP_REGS+(PT_R0*8))(r3)
  std  r1,(SIGCONTEXT_GP_REGS+(PT_R1*8))(r3)
  mflr  r0
-  std   r31,-8(1)
-  cfi_offset(r31,-8)
+  std   r31,-16(1)
+  cfi_offset(r31,-16)
+#ifdef __ROP_PROTECT__
+  hashst  r0,FRAME_ROP_SAVE(r1)
+#endif
  std  r2,(SIGCONTEXT_GP_REGS+(PT_R2*8))(r3)
  std  r0,FRAME_LR_SAVE(r1)
  cfi_offset (lr, FRAME_LR_SAVE)
@ -271,7 +274,10 @@ L(nv_error_exit):
  ld    r0,128+FRAME_LR_SAVE(r1)
  addi  r1,r1,128
  mtlr  r0
-  ld    r31,-8(r1)
+#ifdef __ROP_PROTECT__
+  hashchk  r0,FRAME_ROP_SAVE(r1)
+#endif
+  ld    r31,-16(r1)
  blr

 PSEUDO_END(__novec_swapcontext)
@ -287,8 +293,11 @@ ENTRY(__swapcontext)
  std  r0,(SIGCONTEXT_GP_REGS+(PT_R0*8))(r3)
  std  r1,(SIGCONTEXT_GP_REGS+(PT_R1*8))(r3)
  mflr  r0
-  std   r31,-8(1)
-  cfi_offset(r31,-8)
+  std   r31,-16(1)
+  cfi_offset(r31,-16)
+#ifdef __ROP_PROTECT__
+  hashst  r0,FRAME_ROP_SAVE(r1)
+#endif
  std  r2,(SIGCONTEXT_GP_REGS+(PT_R2*8))(r3)
  std  r0,FRAME_LR_SAVE(r1)
  cfi_offset (lr, FRAME_LR_SAVE)
@ -731,7 +740,10 @@ L(error_exit):
  ld    r0,128+FRAME_LR_SAVE(r1)
  addi  r1,r1,128
  mtlr  r0
-  ld    r31,-8(r1)
+#ifdef __ROP_PROTECT__
+  hashchk  r0,FRAME_ROP_SAVE(r1)
+#endif
+  ld    r31,-16(r1)
  blr

 PSEUDO_END(__swapcontext)