poky/meta/recipes-devtools/gcc/gcc-9.3/0001-aarch64-New-Straight-Line-Speculation-SLS-mitigation.patch - openbmc/openbmc - Gitiles

 CVE: CVE-2020-13844
 Upstream-Status: Backport
 Signed-off-by: Ross Burton <ross.burton@arm.com>

 From 20da13e395bde597d8337167c712039c8f923c3b Mon Sep 17 00:00:00 2001
 From: Matthew Malcomson <matthew.malcomson@arm.com>
 Date: Thu, 9 Jul 2020 09:11:58 +0100
 Subject: [PATCH 1/3] aarch64: New Straight Line Speculation (SLS) mitigation
  flags

 Here we introduce the flags that will be used for straight line speculation.

 The new flag introduced is `-mharden-sls=`.
 This flag can take arguments of `none`, `all`, or a comma seperated list
 of one or more of `retbr` or `blr`.
 `none` indicates no special mitigation of the straight line speculation
 vulnerability.
 `all` requests all mitigations currently implemented.
 `retbr` requests that the RET and BR instructions have a speculation
 barrier inserted after them.
 `blr` requests that BLR instructions are replaced by a BL to a function
 stub using a BR with a speculation barrier after it.

 Setting this on a per-function basis using attributes or the like is not
 enabled, but may be in the future.

 (cherry picked from commit a9ba2a9b77bec7eacaf066801f22d1c366a2bc86)

 gcc/ChangeLog:

 2020-06-02  Matthew Malcomson  <matthew.malcomson@arm.com>

 	* config/aarch64/aarch64-protos.h (aarch64_harden_sls_retbr_p):
 	New.
 	(aarch64_harden_sls_blr_p): New.
 	* config/aarch64/aarch64.c (enum aarch64_sls_hardening_type):
 	New.
 	(aarch64_harden_sls_retbr_p): New.
 	(aarch64_harden_sls_blr_p): New.
 	(aarch64_validate_sls_mitigation): New.
 	(aarch64_override_options): Parse options for SLS mitigation.
 	* config/aarch64/aarch64.opt (-mharden-sls): New option.
 	* doc/invoke.texi: Document new option.
 ---
  gcc/config/aarch64/aarch64-protos.h |  3 ++
  gcc/config/aarch64/aarch64.c        | 76 +++++++++++++++++++++++++++++
  gcc/config/aarch64/aarch64.opt      |  4 ++
  gcc/doc/invoke.texi                 | 12 +++++
  4 files changed, 95 insertions(+)

 diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
 index c083cad53..31493f412 100644
 --- a/gcc/config/aarch64/aarch64-protos.h
 +++ b/gcc/config/aarch64/aarch64-protos.h
 @@ -644,4 +644,7 @@ poly_uint64 aarch64_regmode_natural_size (machine_mode);

  bool aarch64_high_bits_all_ones_p (HOST_WIDE_INT);

 +extern bool aarch64_harden_sls_retbr_p (void);
 +extern bool aarch64_harden_sls_blr_p (void);
 +
  #endif /* GCC_AARCH64_PROTOS_H */
 diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
 index b452a53af..269ff6c92 100644
 --- a/gcc/config/aarch64/aarch64.c
 +++ b/gcc/config/aarch64/aarch64.c
 @@ -11734,6 +11734,79 @@ aarch64_validate_mcpu (const char *str, const struct processor **res,
    return false;
  }

 +/* Straight line speculation indicators.  */
 +enum aarch64_sls_hardening_type
 +{
 +  SLS_NONE = 0,
 +  SLS_RETBR = 1,
 +  SLS_BLR = 2,
 +  SLS_ALL = 3,
 +};
 +static enum aarch64_sls_hardening_type aarch64_sls_hardening;
 +
 +/* Return whether we should mitigatate Straight Line Speculation for the RET
 +   and BR instructions.  */
 +bool
 +aarch64_harden_sls_retbr_p (void)
 +{
 +  return aarch64_sls_hardening & SLS_RETBR;
 +}
 +
 +/* Return whether we should mitigatate Straight Line Speculation for the BLR
 +   instruction.  */
 +bool
 +aarch64_harden_sls_blr_p (void)
 +{
 +  return aarch64_sls_hardening & SLS_BLR;
 +}
 +
 +/* As of yet we only allow setting these options globally, in the future we may
 +   allow setting them per function.  */
 +static void
 +aarch64_validate_sls_mitigation (const char *const_str)
 +{
 +  char *token_save = NULL;
 +  char *str = NULL;
 +
 +  if (strcmp (const_str, "none") == 0)
 +    {
 +      aarch64_sls_hardening = SLS_NONE;
 +      return;
 +    }
 +  if (strcmp (const_str, "all") == 0)
 +    {
 +      aarch64_sls_hardening = SLS_ALL;
 +      return;
 +    }
 +
 +  char *str_root = xstrdup (const_str);
 +  str = strtok_r (str_root, ",", &token_save);
 +  if (!str)
 +    error ("invalid argument given to %<-mharden-sls=%>");
 +
 +  int temp = SLS_NONE;
 +  while (str)
 +    {
 +      if (strcmp (str, "blr") == 0)
 +	temp |= SLS_BLR;
 +      else if (strcmp (str, "retbr") == 0)
 +	temp |= SLS_RETBR;
 +      else if (strcmp (str, "none") == 0 || strcmp (str, "all") == 0)
 +	{
 +	  error ("%<%s%> must be by itself for %<-mharden-sls=%>", str);
 +	  break;
 +	}
 +      else
 +	{
 +	  error ("invalid argument %<%s%> for %<-mharden-sls=%>", str);
 +	  break;
 +	}
 +      str = strtok_r (NULL, ",", &token_save);
 +    }
 +  aarch64_sls_hardening = (aarch64_sls_hardening_type) temp;
 +  free (str_root);
 +}
 +
  /* Parses CONST_STR for branch protection features specified in
     aarch64_branch_protect_types, and set any global variables required.  Returns
     the parsing result and assigns LAST_STR to the last processed token from
 @@ -11972,6 +12045,9 @@ aarch64_override_options (void)
    selected_arch = NULL;
    selected_tune = NULL;

 +  if (aarch64_harden_sls_string)
 +    aarch64_validate_sls_mitigation (aarch64_harden_sls_string);
 +
    if (aarch64_branch_protection_string)
      aarch64_validate_mbranch_protection (aarch64_branch_protection_string);

 diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt
 index 3c6d1cc90..d27ab6df8 100644
 --- a/gcc/config/aarch64/aarch64.opt
 +++ b/gcc/config/aarch64/aarch64.opt
 @@ -71,6 +71,10 @@ mgeneral-regs-only
  Target Report RejectNegative Mask(GENERAL_REGS_ONLY) Save
  Generate code which uses only the general registers.

 +mharden-sls=
 +Target RejectNegative Joined Var(aarch64_harden_sls_string)
 +Generate code to mitigate against straight line speculation.
 +
  mfix-cortex-a53-835769
  Target Report Var(aarch64_fix_a53_err835769) Init(2) Save
  Workaround for ARM Cortex-A53 Erratum number 835769.
 diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
 index 2f7ffe456..5f04a7d2b 100644
 --- a/gcc/doc/invoke.texi
 +++ b/gcc/doc/invoke.texi
 @@ -638,6 +638,7 @@ Objective-C and Objective-C++ Dialects}.
  -mpc-relative-literal-loads @gol
  -msign-return-address=@var{scope} @gol
  -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}]|@var{bti} @gol
 +-mharden-sls=@var{opts} @gol
  -march=@var{name}  -mcpu=@var{name}  -mtune=@var{name}  @gol
  -moverride=@var{string}  -mverbose-cost-dump @gol
  -mstack-protector-guard=@var{guard} -mstack-protector-guard-reg=@var{sysreg} @gol
 @@ -15955,6 +15956,17 @@ argument @samp{leaf} can be used to extend the signing to include leaf
  functions.
  @samp{bti} turns on branch target identification mechanism.

 +@item -mharden-sls=@var{opts}
 +@opindex mharden-sls
 +Enable compiler hardening against straight line speculation (SLS).
 +@var{opts} is a comma-separated list of the following options:
 +@table @samp
 +@item retbr
 +@item blr
 +@end table
 +In addition, @samp{-mharden-sls=all} enables all SLS hardening while
 +@samp{-mharden-sls=none} disables all SLS hardening.
 +
  @item -msve-vector-bits=@var{bits}
  @opindex msve-vector-bits
  Specify the number of bits in an SVE vector register.  This option only has
 --
 2.25.1
	CVE: CVE-2020-13844
	Upstream-Status: Backport
	Signed-off-by: Ross Burton <ross.burton@arm.com>

	From 20da13e395bde597d8337167c712039c8f923c3b Mon Sep 17 00:00:00 2001
	From: Matthew Malcomson <matthew.malcomson@arm.com>
	Date: Thu, 9 Jul 2020 09:11:58 +0100
	Subject: [PATCH 1/3] aarch64: New Straight Line Speculation (SLS) mitigation
	flags

	Here we introduce the flags that will be used for straight line speculation.

	The new flag introduced is `-mharden-sls=`.
	This flag can take arguments of `none`, `all`, or a comma seperated list
	of one or more of `retbr` or `blr`.
	`none` indicates no special mitigation of the straight line speculation
	vulnerability.
	`all` requests all mitigations currently implemented.
	`retbr` requests that the RET and BR instructions have a speculation
	barrier inserted after them.
	`blr` requests that BLR instructions are replaced by a BL to a function
	stub using a BR with a speculation barrier after it.

	Setting this on a per-function basis using attributes or the like is not
	enabled, but may be in the future.

	(cherry picked from commit a9ba2a9b77bec7eacaf066801f22d1c366a2bc86)

	gcc/ChangeLog:

	2020-06-02 Matthew Malcomson <matthew.malcomson@arm.com>

	* config/aarch64/aarch64-protos.h (aarch64_harden_sls_retbr_p):
	New.
	(aarch64_harden_sls_blr_p): New.
	* config/aarch64/aarch64.c (enum aarch64_sls_hardening_type):
	New.
	(aarch64_harden_sls_retbr_p): New.
	(aarch64_harden_sls_blr_p): New.
	(aarch64_validate_sls_mitigation): New.
	(aarch64_override_options): Parse options for SLS mitigation.
	* config/aarch64/aarch64.opt (-mharden-sls): New option.
	* doc/invoke.texi: Document new option.
	---
	gcc/config/aarch64/aarch64-protos.h \| 3 ++
	gcc/config/aarch64/aarch64.c \| 76 +++++++++++++++++++++++++++++
	gcc/config/aarch64/aarch64.opt \| 4 ++
	gcc/doc/invoke.texi \| 12 +++++
	4 files changed, 95 insertions(+)

	diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
	index c083cad53..31493f412 100644
	--- a/gcc/config/aarch64/aarch64-protos.h
	+++ b/gcc/config/aarch64/aarch64-protos.h
	@@ -644,4 +644,7 @@ poly_uint64 aarch64_regmode_natural_size (machine_mode);

	bool aarch64_high_bits_all_ones_p (HOST_WIDE_INT);

	+extern bool aarch64_harden_sls_retbr_p (void);
	+extern bool aarch64_harden_sls_blr_p (void);
	+
	#endif /* GCC_AARCH64_PROTOS_H */
	diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
	index b452a53af..269ff6c92 100644
	--- a/gcc/config/aarch64/aarch64.c
	+++ b/gcc/config/aarch64/aarch64.c
	@@ -11734,6 +11734,79 @@ aarch64_validate_mcpu (const char str, const struct processor *res,
	return false;
	}

	+/* Straight line speculation indicators. */
	+enum aarch64_sls_hardening_type
	+{
	+ SLS_NONE = 0,
	+ SLS_RETBR = 1,
	+ SLS_BLR = 2,
	+ SLS_ALL = 3,
	+};
	+static enum aarch64_sls_hardening_type aarch64_sls_hardening;
	+
	+/* Return whether we should mitigatate Straight Line Speculation for the RET
	+ and BR instructions. */
	+bool
	+aarch64_harden_sls_retbr_p (void)
	+{
	+ return aarch64_sls_hardening & SLS_RETBR;
	+}
	+
	+/* Return whether we should mitigatate Straight Line Speculation for the BLR
	+ instruction. */
	+bool
	+aarch64_harden_sls_blr_p (void)
	+{
	+ return aarch64_sls_hardening & SLS_BLR;
	+}
	+
	+/* As of yet we only allow setting these options globally, in the future we may
	+ allow setting them per function. */
	+static void
	+aarch64_validate_sls_mitigation (const char *const_str)
	+{
	+ char *token_save = NULL;
	+ char *str = NULL;
	+
	+ if (strcmp (const_str, "none") == 0)
	+ {
	+ aarch64_sls_hardening = SLS_NONE;
	+ return;
	+ }
	+ if (strcmp (const_str, "all") == 0)
	+ {
	+ aarch64_sls_hardening = SLS_ALL;
	+ return;
	+ }
	+
	+ char *str_root = xstrdup (const_str);
	+ str = strtok_r (str_root, ",", &token_save);
	+ if (!str)
	+ error ("invalid argument given to %<-mharden-sls=%>");
	+
	+ int temp = SLS_NONE;
	+ while (str)
	+ {
	+ if (strcmp (str, "blr") == 0)
	+ temp \|= SLS_BLR;
	+ else if (strcmp (str, "retbr") == 0)
	+ temp \|= SLS_RETBR;
	+ else if (strcmp (str, "none") == 0 \|\| strcmp (str, "all") == 0)
	+ {
	+ error ("%<%s%> must be by itself for %<-mharden-sls=%>", str);
	+ break;
	+ }
	+ else
	+ {
	+ error ("invalid argument %<%s%> for %<-mharden-sls=%>", str);
	+ break;
	+ }
	+ str = strtok_r (NULL, ",", &token_save);
	+ }
	+ aarch64_sls_hardening = (aarch64_sls_hardening_type) temp;
	+ free (str_root);
	+}
	+
	/* Parses CONST_STR for branch protection features specified in
	aarch64_branch_protect_types, and set any global variables required. Returns
	the parsing result and assigns LAST_STR to the last processed token from
	@@ -11972,6 +12045,9 @@ aarch64_override_options (void)
	selected_arch = NULL;
	selected_tune = NULL;

	+ if (aarch64_harden_sls_string)
	+ aarch64_validate_sls_mitigation (aarch64_harden_sls_string);
	+
	if (aarch64_branch_protection_string)
	aarch64_validate_mbranch_protection (aarch64_branch_protection_string);

	diff --git a/gcc/config/aarch64/aarch64.opt b/gcc/config/aarch64/aarch64.opt
	index 3c6d1cc90..d27ab6df8 100644
	--- a/gcc/config/aarch64/aarch64.opt
	+++ b/gcc/config/aarch64/aarch64.opt
	@@ -71,6 +71,10 @@ mgeneral-regs-only
	Target Report RejectNegative Mask(GENERAL_REGS_ONLY) Save
	Generate code which uses only the general registers.

	+mharden-sls=
	+Target RejectNegative Joined Var(aarch64_harden_sls_string)
	+Generate code to mitigate against straight line speculation.
	+
	mfix-cortex-a53-835769
	Target Report Var(aarch64_fix_a53_err835769) Init(2) Save
	Workaround for ARM Cortex-A53 Erratum number 835769.
	diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
	index 2f7ffe456..5f04a7d2b 100644
	--- a/gcc/doc/invoke.texi
	+++ b/gcc/doc/invoke.texi
	@@ -638,6 +638,7 @@ Objective-C and Objective-C++ Dialects}.
	-mpc-relative-literal-loads @gol
	-msign-return-address=@var{scope} @gol
	-mbranch-protection=@var{none}\|@var{standard}\|@var{pac-ret}[+@var{leaf}]\|@var{bti} @gol
	+-mharden-sls=@var{opts} @gol
	-march=@var{name} -mcpu=@var{name} -mtune=@var{name} @gol
	-moverride=@var{string} -mverbose-cost-dump @gol
	-mstack-protector-guard=@var{guard} -mstack-protector-guard-reg=@var{sysreg} @gol
	@@ -15955,6 +15956,17 @@ argument @samp{leaf} can be used to extend the signing to include leaf
	functions.
	@samp{bti} turns on branch target identification mechanism.

	+@item -mharden-sls=@var{opts}
	+@opindex mharden-sls
	+Enable compiler hardening against straight line speculation (SLS).
	+@var{opts} is a comma-separated list of the following options:
	+@table @samp
	+@item retbr
	+@item blr
	+@end table
	+In addition, @samp{-mharden-sls=all} enables all SLS hardening while
	+@samp{-mharden-sls=none} disables all SLS hardening.
	+
	@item -msve-vector-bits=@var{bits}
	@opindex msve-vector-bits
	Specify the number of bits in an SVE vector register. This option only has
	--
	2.25.1