Backporting r325647 and r325713:

Simon Dardis · Simon Dardis · commit 4e1dadff9a5f · 2018-03-16T22:28:08.000Z
------------------------------------------------------------------------ r325713 | sdardis | 2018-02-21 20:01:43 +0000 (Wed, 21 Feb 2018) | 5 lines [mips][lld] Address post commit review nit. Address @RuiU's post commit review comment about a value which is intended to be a unsigned 32 bit integer as using uint32_t rather than unsigned. ------------------------------------------------------------------------ ------------------------------------------------------------------------ r325647 | sdardis | 2018-02-20 23:49:17 +0000 (Tue, 20 Feb 2018) | 27 lines [mips][lld] Spectre variant two mitigation for MIPSR2 This patch provides migitation for CVE-2017-5715, Spectre variant two, which affects the P5600 and P6600. It implements the LLD part of -z hazardplt. Like the Clang part of this patch, I have opted for that specific option name in case alternative migitation methods are required in the future. The mitigation strategy suggested by MIPS for these processors is to use hazard barrier instructions. 'jalr.hb' and 'jr.hb' are hazard barrier variants of the 'jalr' and 'jr' instructions respectively. These instructions impede the execution of instruction stream until architecturally defined hazards (changes to the instruction stream, privileged registers which may affect execution) are cleared. These instructions in MIPS' designs are not speculated past. These instructions are defined by the MIPS32R2 ISA, so this mitigation method is not compatible with processors which implement an earlier revision of the MIPS ISA. For LLD, this changes PLT stubs to use 'jalr.hb' and 'jr.hb'. Reviewers: atanasyan, ruiu Differential Revision: https://reviews.llvm.org/D43488 ------------------------------------------------------------------------ llvm-svn: 327757
diff --git a/lld/ELF/Arch/Mips.cpp b/lld/ELF/Arch/Mips.cpp
@@ -203,7 +203,8 @@ template <class ELFT> void MIPS<ELFT>::writePltHeader(uint8_t *Buf) const {
 
   write32<E>(Buf + 16, 0x03e07825); // move  $15, $31
   write32<E>(Buf + 20, 0x0018c082); // srl   $24, $24, 2
-  write32<E>(Buf + 24, 0x0320f809); // jalr  $25
+  uint32_t JalrInst = Config->ZHazardplt ? 0x0320fc09 : 0x0320f809;
+  write32<E>(Buf + 24, JalrInst); // jalr.hb $25 or jalr $25
   write32<E>(Buf + 28, 0x2718fffe); // subu  $24, $24, 2
 
   uint64_t GotPlt = InX::GotPlt->getVA();
@@ -217,10 +218,14 @@ void MIPS<ELFT>::writePlt(uint8_t *Buf, uint64_t GotPltEntryAddr,
                           uint64_t PltEntryAddr, int32_t Index,
                           unsigned RelOff) const {
   const endianness E = ELFT::TargetEndianness;
+  uint32_t JrInst = isMipsR6<ELFT>()
+                        ? (Config->ZHazardplt ? 0x03200409 : 0x03200009)
+                        : (Config->ZHazardplt ? 0x03200408 : 0x03200008);
+
   write32<E>(Buf, 0x3c0f0000);     // lui   $15, %hi(.got.plt entry)
   write32<E>(Buf + 4, 0x8df90000); // l[wd] $25, %lo(.got.plt entry)($15)
                                    // jr    $25
-  write32<E>(Buf + 8, isMipsR6<ELFT>() ? 0x03200009 : 0x03200008);
+  write32<E>(Buf + 8, JrInst);     // jr  $25 / jr.hb $25
   write32<E>(Buf + 12, 0x25f80000); // addiu $24, $15, %lo(.got.plt entry)
   writeMipsHi16<E>(Buf, GotPltEntryAddr);
   writeMipsLo16<E>(Buf + 4, GotPltEntryAddr);
diff --git a/lld/ELF/Config.h b/lld/ELF/Config.h
@@ -148,6 +148,7 @@ struct Configuration {
   bool WarnMissingEntry;
   bool ZCombreloc;
   bool ZExecstack;
+  bool ZHazardplt;
   bool ZNocopyreloc;
   bool ZNodelete;
   bool ZNodlopen;
diff --git a/lld/ELF/Driver.cpp b/lld/ELF/Driver.cpp
@@ -682,6 +682,7 @@ void LinkerDriver::readConfigs(opt::InputArgList &Args) {
   Config->WarnCommon = Args.hasArg(OPT_warn_common);
   Config->ZCombreloc = !hasZOption(Args, "nocombreloc");
   Config->ZExecstack = hasZOption(Args, "execstack");
+  Config->ZHazardplt = hasZOption(Args, "hazardplt");
   Config->ZNocopyreloc = hasZOption(Args, "nocopyreloc");
   Config->ZNodelete = hasZOption(Args, "nodelete");
   Config->ZNodlopen = hasZOption(Args, "nodlopen");
diff --git a/lld/test/ELF/mips-plt-r6.s b/lld/test/ELF/mips-plt-r6.s
@@ -6,7 +6,10 @@
 # RUN:         -mcpu=mips32r6 %S/Inputs/mips-dynamic.s -o %t2.o
 # RUN: ld.lld %t2.o -shared -o %t.so
 # RUN: ld.lld %t1.o %t.so -o %t.exe
-# RUN: llvm-objdump -d %t.exe | FileCheck %s
+# RUN: llvm-objdump -d %t.exe | FileCheck %s --check-prefixes=DEFAULT,CHECK
+# RUN: ld.lld %t2.o -shared -o %t.so -z hazardplt
+# RUN: ld.lld %t1.o %t.so -o %t.exe -z hazardplt
+# RUN: llvm-objdump -d %t.exe | FileCheck %s --check-prefixes=HAZARDPLT,CHECK
 
 # REQUIRES: mips
 
@@ -24,12 +27,14 @@
 # CHECK-NEXT:   2001c:       03 1c c0 23     subu    $24, $24, $gp
 # CHECK-NEXT:   20020:       03 e0 78 25     move    $15, $ra
 # CHECK-NEXT:   20024:       00 18 c0 82     srl     $24, $24, 2
-# CHECK-NEXT:   20028:       03 20 f8 09     jalr    $25
+# DEFAULT:      20028:       03 20 f8 09     jalr    $25
+# HAZARDPLT:    20028:       03 20 fc 09     jalr.hb $25
 # CHECK-NEXT:   2002c:       27 18 ff fe     addiu   $24, $24, -2
 
 # CHECK-NEXT:   20030:       3c 0f 00 03     aui     $15, $zero, 3
 # CHECK-NEXT:   20034:       8d f9 00 0c     lw      $25, 12($15)
-# CHECK-NEXT:   20038:       03 20 00 09     jr      $25
+# DEFAULT:      20038:       03 20 00 09     jr      $25
+# HAZARDPLT:    20038:       03 20 04 09     jr.hb   $25
 # CHECK-NEXT:   2003c:       25 f8 00 0c     addiu   $24, $15, 12
 
   .text
