Backporting r325647 and r325713:llvmorg-5.0.2-rc1

------------------------------------------------------------------------
r325713 | sdardis | 2018-02-21 20:01:43 +0000 (Wed, 21 Feb 2018) | 5 lines

[mips][lld] Address post commit review nit.

Address @ruiu's post commit review comment about a value which is intended
to be a unsigned 32 bit integer as using uint32_t rather than unsigned.

------------------------------------------------------------------------
------------------------------------------------------------------------
r325647 | sdardis | 2018-02-20 23:49:17 +0000 (Tue, 20 Feb 2018) | 27 lines

[mips][lld] Spectre variant two mitigation for MIPSR2

This patch provides migitation for CVE-2017-5715, Spectre variant two,
which affects the P5600 and P6600. It implements the LLD part of
-z hazardplt. Like the Clang part of this patch, I have opted for that
specific option name in case alternative migitation methods are required
in the future.

The mitigation strategy suggested by MIPS for these processors is to use
hazard barrier instructions. 'jalr.hb' and 'jr.hb' are hazard
barrier variants of the 'jalr' and 'jr' instructions respectively.

These instructions impede the execution of instruction stream until
architecturally defined hazards (changes to the instruction stream,
privileged registers which may affect execution) are cleared. These
instructions in MIPS' designs are not speculated past.

These instructions are defined by the MIPS32R2 ISA, so this mitigation
method is not compatible with processors which implement an earlier
revision of the MIPS ISA.

For LLD, this changes PLT stubs to use 'jalr.hb' and 'jr.hb'.

Reviewers: atanasyan, ruiu

Differential Revision: https://reviews.llvm.org/D43488

------------------------------------------------------------------------

llvm-svn: 327757

4 files changed, 17 insertions, 5 deletions

diff --git a/lld/ELF/Arch/Mips.cpp b/lld/ELF/Arch/Mips.cpp
index b8d796f5897a..38150bbae336 100644
--- a/lld/ELF/Arch/Mips.cpp
+++ b/lld/ELF/Arch/Mips.cpp
@@ -203,7 +203,8 @@ template <class ELFT> void MIPS<ELFT>::writePltHeader(uint8_t *Buf) const {
 
   write32<E>(Buf + 16, 0x03e07825); // move  $15, $31
   write32<E>(Buf + 20, 0x0018c082); // srl   $24, $24, 2
-  write32<E>(Buf + 24, 0x0320f809); // jalr  $25
+  uint32_t JalrInst = Config->ZHazardplt ? 0x0320fc09 : 0x0320f809;
+  write32<E>(Buf + 24, JalrInst); // jalr.hb $25 or jalr $25
   write32<E>(Buf + 28, 0x2718fffe); // subu  $24, $24, 2
 
   uint64_t GotPlt = InX::GotPlt->getVA();
@@ -217,10 +218,14 @@ void MIPS<ELFT>::writePlt(uint8_t *Buf, uint64_t GotPltEntryAddr,
                           uint64_t PltEntryAddr, int32_t Index,
                           unsigned RelOff) const {
   const endianness E = ELFT::TargetEndianness;
+  uint32_t JrInst = isMipsR6<ELFT>()
+                        ? (Config->ZHazardplt ? 0x03200409 : 0x03200009)
+                        : (Config->ZHazardplt ? 0x03200408 : 0x03200008);
+
   write32<E>(Buf, 0x3c0f0000);     // lui   $15, %hi(.got.plt entry)
   write32<E>(Buf + 4, 0x8df90000); // l[wd] $25, %lo(.got.plt entry)($15)
                                    // jr    $25
-  write32<E>(Buf + 8, isMipsR6<ELFT>() ? 0x03200009 : 0x03200008);
+  write32<E>(Buf + 8, JrInst);     // jr  $25 / jr.hb $25
   write32<E>(Buf + 12, 0x25f80000); // addiu $24, $15, %lo(.got.plt entry)
   writeMipsHi16<E>(Buf, GotPltEntryAddr);
   writeMipsLo16<E>(Buf + 4, GotPltEntryAddr);
diff --git a/lld/ELF/Config.h b/lld/ELF/Config.h
index bc8a5ae16ffb..348db80dad04 100644
--- a/lld/ELF/Config.h
+++ b/lld/ELF/Config.h
@@ -148,6 +148,7 @@ struct Configuration {
   bool WarnMissingEntry;
   bool ZCombreloc;
   bool ZExecstack;
+  bool ZHazardplt;
   bool ZNocopyreloc;
   bool ZNodelete;
   bool ZNodlopen;
diff --git a/lld/ELF/Driver.cpp b/lld/ELF/Driver.cpp
index 4a6556fc9ede..455f383a94fe 100644
--- a/lld/ELF/Driver.cpp
+++ b/lld/ELF/Driver.cpp
@@ -682,6 +682,7 @@ void LinkerDriver::readConfigs(opt::InputArgList &Args) {
   Config->WarnCommon = Args.hasArg(OPT_warn_common);
   Config->ZCombreloc = !hasZOption(Args, "nocombreloc");
   Config->ZExecstack = hasZOption(Args, "execstack");
+  Config->ZHazardplt = hasZOption(Args, "hazardplt");
   Config->ZNocopyreloc = hasZOption(Args, "nocopyreloc");
   Config->ZNodelete = hasZOption(Args, "nodelete");
   Config->ZNodlopen = hasZOption(Args, "nodlopen");
diff --git a/lld/test/ELF/mips-plt-r6.s b/lld/test/ELF/mips-plt-r6.s
index 4bab21c32eb9..34e63421a397 100644
--- a/lld/test/ELF/mips-plt-r6.s
+++ b/lld/test/ELF/mips-plt-r6.s
@@ -6,7 +6,10 @@
 # RUN:         -mcpu=mips32r6 %S/Inputs/mips-dynamic.s -o %t2.o
 # RUN: ld.lld %t2.o -shared -o %t.so
 # RUN: ld.lld %t1.o %t.so -o %t.exe
-# RUN: llvm-objdump -d %t.exe | FileCheck %s
+# RUN: llvm-objdump -d %t.exe | FileCheck %s --check-prefixes=DEFAULT,CHECK
+# RUN: ld.lld %t2.o -shared -o %t.so -z hazardplt
+# RUN: ld.lld %t1.o %t.so -o %t.exe -z hazardplt
+# RUN: llvm-objdump -d %t.exe | FileCheck %s --check-prefixes=HAZARDPLT,CHECK
 
 # REQUIRES: mips
 
@@ -24,12 +27,14 @@
 # CHECK-NEXT:   2001c:       03 1c c0 23     subu    $24, $24, $gp
 # CHECK-NEXT:   20020:       03 e0 78 25     move    $15, $ra
 # CHECK-NEXT:   20024:       00 18 c0 82     srl     $24, $24, 2
-# CHECK-NEXT:   20028:       03 20 f8 09     jalr    $25
+# DEFAULT:      20028:       03 20 f8 09     jalr    $25
+# HAZARDPLT:    20028:       03 20 fc 09     jalr.hb $25
 # CHECK-NEXT:   2002c:       27 18 ff fe     addiu   $24, $24, -2
 
 # CHECK-NEXT:   20030:       3c 0f 00 03     aui     $15, $zero, 3
 # CHECK-NEXT:   20034:       8d f9 00 0c     lw      $25, 12($15)
-# CHECK-NEXT:   20038:       03 20 00 09     jr      $25
+# DEFAULT:      20038:       03 20 00 09     jr      $25
+# HAZARDPLT:    20038:       03 20 04 09     jr.hb   $25
 # CHECK-NEXT:   2003c:       25 f8 00 0c     addiu   $24, $15, 12
 
   .text