RE: [PATCH] arm: Fix canary address calculation for non-PIC

Thu, 24 Sep 2020 01:29:40 -0700 

Hi Richard,

> -----Original Message-----
> From: Richard Sandiford <richard.sandif...@arm.com>
> Sent: 23 September 2020 19:20
> To: gcc-patches@gcc.gnu.org
> Cc: ni...@redhat.com; Richard Earnshaw <richard.earns...@arm.com>;
> Ramana Radhakrishnan <ramana.radhakrish...@arm.com>; Kyrylo
> Tkachov <kyrylo.tkac...@arm.com>; Kees Cook <keesc...@chromium.org>
> Subject: [PATCH] arm: Fix canary address calculation for non-PIC
> 
> For non-PIC, the stack protector patterns did:
> 
>         rtx mem = XEXP (force_const_mem (SImode, operands[1]), 0);
>         emit_move_insn (operands[2], mem);
> 
> Here, operands[1] is the address of the canary (&__stack_chk_guard)
> and operands[2] is the register that we want to move that address into.
> However, the code above instead sets operands[2] to the address of a
> constant pool entry that contains &__stack_chk_guard, rather than to
> &__stack_chk_guard itself.  The sequence therefore does one less
> pointer indirection than it should.
> 
> The net effect was to use &__stack_chk_guard for stack-smash detection,
> instead of using __stack_chk_guard itself.
> 
> Tested on arm-linux-gnueabi, arm-linux-gnueabihf and armeb-eabi.
> OK for trunk and branches?

Ok.
Thanks,
Kyrill

> 
> Richard
> 
> 
> gcc/
>       * config/arm/arm.md (*stack_protect_combined_set_insn): For non-
> PIC,
>       load the address of the canary rather than the address of the
>       constant pool entry that points to it.
>       (*stack_protect_combined_test_insn): Likewise.
> 
> gcc/testsuite/
>       * gcc.target/arm/stack-protector-3.c: New test.
>       * gcc.target/arm/stack-protector-4.c: Likewise.
> ---
>  gcc/config/arm/arm.md                         |  4 +-
>  .../gcc.target/arm/stack-protector-3.c        | 38 +++++++++++++++++++
>  .../gcc.target/arm/stack-protector-4.c        |  6 +++
>  3 files changed, 46 insertions(+), 2 deletions(-)
>  create mode 100644 gcc/testsuite/gcc.target/arm/stack-protector-3.c
>  create mode 100644 gcc/testsuite/gcc.target/arm/stack-protector-4.c
> 
> diff --git a/gcc/config/arm/arm.md b/gcc/config/arm/arm.md
> index bffdb0b3987..c4fa116ab77 100644
> --- a/gcc/config/arm/arm.md
> +++ b/gcc/config/arm/arm.md
> @@ -9212,7 +9212,7 @@ (define_insn_and_split
> "*stack_protect_combined_set_insn"
>       operands[2] = operands[1];
>        else
>       {
> -       rtx mem = XEXP (force_const_mem (SImode, operands[1]), 0);
> +       rtx mem = force_const_mem (SImode, operands[1]);
>         emit_move_insn (operands[2], mem);
>       }
>      }
> @@ -9295,7 +9295,7 @@ (define_insn_and_split
> "*stack_protect_combined_test_insn"
>       operands[3] = operands[1];
>        else
>       {
> -       rtx mem = XEXP (force_const_mem (SImode, operands[1]), 0);
> +       rtx mem = force_const_mem (SImode, operands[1]);
>         emit_move_insn (operands[3], mem);
>       }
>      }
> diff --git a/gcc/testsuite/gcc.target/arm/stack-protector-3.c
> b/gcc/testsuite/gcc.target/arm/stack-protector-3.c
> new file mode 100644
> index 00000000000..b8f77fa2309
> --- /dev/null
> +++ b/gcc/testsuite/gcc.target/arm/stack-protector-3.c
> @@ -0,0 +1,38 @@
> +/* { dg-do run } */
> +/* { dg-require-effective-target fstack_protector } */
> +/* { dg-options "-fstack-protector-all -O2" } */
> +
> +extern volatile long *stack_chk_guard_ptr;
> +
> +void __attribute__ ((noipa))
> +f (void)
> +{
> +  volatile int x;
> +  /* Munging the contents of __stack_chk_guard should trigger a
> +     stack-smashing failure for this function.  */
> +  *stack_chk_guard_ptr += 1;
> +}
> +
> +asm (
> +"    .data\n"
> +"    .align  3\n"
> +"    .globl  stack_chk_guard_ptr\n"
> +"stack_chk_guard_ptr:\n"
> +"    .word   __stack_chk_guard\n"
> +"    .weak   __stack_chk_guard\n"
> +"__stack_chk_guard:\n"
> +"    .word   0xdead4321\n"
> +"    .text\n"
> +"    .type   __stack_chk_fail, %function\n"
> +"__stack_chk_fail:\n"
> +"    movs    r0, #0\n"
> +"    b       exit\n"
> +"    .size   __stack_chk_fail, .-__stack_chk_fail"
> +);
> +
> +int
> +main (void)
> +{
> +  f ();
> +  __builtin_abort ();
> +}
> diff --git a/gcc/testsuite/gcc.target/arm/stack-protector-4.c
> b/gcc/testsuite/gcc.target/arm/stack-protector-4.c
> new file mode 100644
> index 00000000000..6334dd00908
> --- /dev/null
> +++ b/gcc/testsuite/gcc.target/arm/stack-protector-4.c
> @@ -0,0 +1,6 @@
> +/* { dg-do run } */
> +/* { dg-require-effective-target fstack_protector } */
> +/* { dg-require-effective-target fpic } */
> +/* { dg-options "-fstack-protector-all -O2 -fpic" } */
> +
> +#include "stack-protector-3.c"

Reply via email to