やり方としては、GIMPLE レベルで仕込む方法と、MD レベルで仕込む方法の、主に 2 種類ぐらいがあるようだ。
GIMPLE レベルで何かを仕込むのは、rtx に対する知識が必要だし、最適化の過程でコードの順番などが入れ替わる可能性もある。
MD レベルの方が、最適化の後だし、基本的には GCC のインラインアセンブラのような感じに記述できるので、比較的容易な気がする。
GCC の SSP (Stack Smashing Protector) は、セキュリティ用のコードを MD ファイルで仕込んでいるらしい。
ちょっと gcc-4.3.2/gcc/config/i386/i386.md を見てみる。
; SSP patterns
(UNSPEC_SP_SET 100)
(UNSPEC_SP_TEST 101)
(UNSPEC_SP_TLS_SET 102)
(UNSPEC_SP_TLS_TEST 103)
...
(define_expand "stack_protect_set"
[(match_operand 0 "memory_operand" "")
(match_operand 1 "memory_operand" "")]
""
{
#ifdef TARGET_THREAD_SSP_OFFSET
if (TARGET_64BIT)
emit_insn (gen_stack_tls_protect_set_di (operands[0],
GEN_INT (TARGET_THREAD_SSP_OFFSET)));
else
emit_insn (gen_stack_tls_protect_set_si (operands[0],
GEN_INT (TARGET_THREAD_SSP_OFFSET)));
#else
if (TARGET_64BIT)
emit_insn (gen_stack_protect_set_di (operands[0], operands[1]));
else
emit_insn (gen_stack_protect_set_si (operands[0], operands[1]));
#endif
DONE;
})
(define_insn "stack_protect_set_si"
[(set (match_operand:SI 0 "memory_operand" "=m")
(unspec:SI [(match_operand:SI 1 "memory_operand" "m")] UNSPEC_SP_SET))
(set (match_scratch:SI 2 "=&r") (const_int 0))
(clobber (reg:CC FLAGS_REG))]
""
"mov{l}\t{%1, %2|%2, %1}\;mov{l}\t{%2, %0|%0, %2}\;xor{l}\t%2, %2"
[(set_attr "type" "multi")])
(define_insn "stack_protect_set_di"
[(set (match_operand:DI 0 "memory_operand" "=m")
(unspec:DI [(match_operand:DI 1 "memory_operand" "m")] UNSPEC_SP_SET))
(set (match_scratch:DI 2 "=&r") (const_int 0))
(clobber (reg:CC FLAGS_REG))]
"TARGET_64BIT"
"mov{q}\t{%1, %2|%2, %1}\;mov{q}\t{%2, %0|%0, %2}\;xor{l}\t%k2, %k2"
[(set_attr "type" "multi")])
(define_insn "stack_tls_protect_set_si"
[(set (match_operand:SI 0 "memory_operand" "=m")
(unspec:SI [(match_operand:SI 1 "const_int_operand" "i")] UNSPEC_SP_TLS_SET))
(set (match_scratch:SI 2 "=&r") (const_int 0))
(clobber (reg:CC FLAGS_REG))]
""
"mov{l}\t{%%gs:%P1, %2|%2, DWORD PTR gs:%P1}\;mov{l}\t{%2, %0|%0, %2}\;xor{l}\t%2, %2"
[(set_attr "type" "multi")])
(define_insn "stack_tls_protect_set_di"
[(set (match_operand:DI 0 "memory_operand" "=m")
(unspec:DI [(match_operand:DI 1 "const_int_operand" "i")] UNSPEC_SP_TLS_SET))
(set (match_scratch:DI 2 "=&r") (const_int 0))
(clobber (reg:CC FLAGS_REG))]
"TARGET_64BIT"
{
/* The kernel uses a different segment register for performance reasons; a
system call would not have to trash the userspace segment register,
which would be expensive */
if (ix86_cmodel != CM_KERNEL)
return "mov{q}\t{%%fs:%P1, %2|%2, QWORD PTR fs:%P1}\;mov{q}\t{%2, %0|%0, %2}\;xor{l}\t%k2, %k2";
else
return "mov{q}\t{%%gs:%P1, %2|%2, QWORD PTR gs:%P1}\;mov{q}\t{%2, %0|%0, %2}\;xor{l}\t%k2, %k2";
}
[(set_attr "type" "multi")])
(define_expand "stack_protect_test"
[(match_operand 0 "memory_operand" "")
(match_operand 1 "memory_operand" "")
(match_operand 2 "" "")]
""
{
rtx flags = gen_rtx_REG (CCZmode, FLAGS_REG);
ix86_compare_op0 = operands[0];
ix86_compare_op1 = operands[1];
ix86_compare_emitted = flags;
#ifdef TARGET_THREAD_SSP_OFFSET
if (TARGET_64BIT)
emit_insn (gen_stack_tls_protect_test_di (flags, operands[0],
GEN_INT (TARGET_THREAD_SSP_OFFSET)));
else
emit_insn (gen_stack_tls_protect_test_si (flags, operands[0],
GEN_INT (TARGET_THREAD_SSP_OFFSET)));
#else
if (TARGET_64BIT)
emit_insn (gen_stack_protect_test_di (flags, operands[0], operands[1]));
else
emit_insn (gen_stack_protect_test_si (flags, operands[0], operands[1]));
#endif
emit_jump_insn (gen_beq (operands[2]));
DONE;
})
(define_insn "stack_protect_test_si"
[(set (match_operand:CCZ 0 "flags_reg_operand" "")
(unspec:CCZ [(match_operand:SI 1 "memory_operand" "m")
(match_operand:SI 2 "memory_operand" "m")]
UNSPEC_SP_TEST))
(clobber (match_scratch:SI 3 "=&r"))]
""
"mov{l}\t{%1, %3|%3, %1}\;xor{l}\t{%2, %3|%3, %2}"
[(set_attr "type" "multi")])
(define_insn "stack_protect_test_di"
[(set (match_operand:CCZ 0 "flags_reg_operand" "")
(unspec:CCZ [(match_operand:DI 1 "memory_operand" "m")
(match_operand:DI 2 "memory_operand" "m")]
UNSPEC_SP_TEST))
(clobber (match_scratch:DI 3 "=&r"))]
"TARGET_64BIT"
"mov{q}\t{%1, %3|%3, %1}\;xor{q}\t{%2, %3|%3, %2}"
[(set_attr "type" "multi")])
(define_insn "stack_tls_protect_test_si"
[(set (match_operand:CCZ 0 "flags_reg_operand" "")
(unspec:CCZ [(match_operand:SI 1 "memory_operand" "m")
(match_operand:SI 2 "const_int_operand" "i")]
UNSPEC_SP_TLS_TEST))
(clobber (match_scratch:SI 3 "=r"))]
""
"mov{l}\t{%1, %3|%3, %1}\;xor{l}\t{%%gs:%P2, %3|%3, DWORD PTR gs:%P2}"
[(set_attr "type" "multi")])
(define_insn "stack_tls_protect_test_di"
[(set (match_operand:CCZ 0 "flags_reg_operand" "")
(unspec:CCZ [(match_operand:DI 1 "memory_operand" "m")
(match_operand:DI 2 "const_int_operand" "i")]
UNSPEC_SP_TLS_TEST))
(clobber (match_scratch:DI 3 "=r"))]
"TARGET_64BIT"
{
/* The kernel uses a different segment register for performance reasons; a
system call would not have to trash the userspace segment register,
which would be expensive */
if (ix86_cmodel != CM_KERNEL)
return "mov{q}\t{%1, %3|%3, %1}\;xor{q}\t{%%fs:%P2, %3|%3, QWORD PTR fs:%P2}";
else
return "mov{q}\t{%1, %3|%3, %1}\;xor{q}\t{%%gs:%P2, %3|%3, QWORD PTR gs:%P2}";
}
[(set_attr "type" "multi")])
0 件のコメント:
コメントを投稿