From: liuhongt <hongtao.liu@intel.com>
To: gcc-patches@gcc.gnu.org
Cc: crazylht@gmail.com, hjl.tools@gmail.com, ubizjak@gmail.com
Subject: [PATCH 1/2] Implement hwasan target_hook.
Date: Fri, 11 Nov 2022 09:26:30 +0800 [thread overview]
Message-ID: <20221111012631.76776-2-hongtao.liu@intel.com> (raw)
In-Reply-To: <20221111012631.76776-1-hongtao.liu@intel.com>
gcc/ChangeLog:
* config/i386/i386-opts.h (enum lam_type): New enum.
* config/i386/i386.c (ix86_memtag_can_tag_addresses): New.
(ix86_memtag_set_tag): Ditto.
(ix86_memtag_extract_tag): Ditto.
(ix86_memtag_add_tag): Ditto.
(ix86_memtag_tag_size): Ditto.
(ix86_memtag_untagged_pointer): Ditto.
(TARGET_MEMTAG_CAN_TAG_ADDRESSES): New.
(TARGET_MEMTAG_ADD_TAG): Ditto.
(TARGET_MEMTAG_SET_TAG): Ditto.
(TARGET_MEMTAG_EXTRACT_TAG): Ditto.
(TARGET_MEMTAG_UNTAGGED_POINTER): Ditto.
(TARGET_MEMTAG_TAG_SIZE): Ditto.
(IX86_HWASAN_SHIFT): Ditto.
(IX86_HWASAN_TAG_SIZE): Ditto.
* config/i386/i386-expand.c (ix86_expand_call): Untag code
pointer.
* config/i386/i386-options.c (ix86_option_override_internal):
Error when enable -mlam=[u48|u57] for 32-bit code.
* config/i386/i386.opt: Add -mlam=[none|u48|u57].
* config/i386/i386-protos.h (ix86_memtag_untagged_pointer):
Declare.
(ix86_memtag_can_tag_addresses): Ditto.
---
gcc/config/i386/i386-expand.cc | 12 ++++
gcc/config/i386/i386-options.cc | 3 +
gcc/config/i386/i386-opts.h | 6 ++
gcc/config/i386/i386-protos.h | 2 +
gcc/config/i386/i386.cc | 123 ++++++++++++++++++++++++++++++++
gcc/config/i386/i386.opt | 16 +++++
6 files changed, 162 insertions(+)
diff --git a/gcc/config/i386/i386-expand.cc b/gcc/config/i386/i386-expand.cc
index 9c92b07d5cd..1af50c86c39 100644
--- a/gcc/config/i386/i386-expand.cc
+++ b/gcc/config/i386/i386-expand.cc
@@ -92,6 +92,7 @@ along with GCC; see the file COPYING3. If not see
#include "i386-options.h"
#include "i386-builtins.h"
#include "i386-expand.h"
+#include "asan.h"
/* Split one or more double-mode RTL references into pairs of half-mode
references. The RTL can be REG, offsettable MEM, integer constant, or
@@ -9436,6 +9437,17 @@ ix86_expand_call (rtx retval, rtx fnaddr, rtx callarg1,
fnaddr = gen_rtx_MEM (QImode, copy_to_mode_reg (word_mode, fnaddr));
}
+ /* PR100665: Hwasan may tag code pointer which is not supported by LAM,
+ mask off code pointers here.
+ TODO: also need to handle indirect jump. */
+ if (ix86_memtag_can_tag_addresses () && !fndecl
+ && sanitize_flags_p (SANITIZE_HWADDRESS))
+ {
+ rtx untagged_addr = ix86_memtag_untagged_pointer (XEXP (fnaddr, 0),
+ NULL_RTX);
+ fnaddr = gen_rtx_MEM (QImode, untagged_addr);
+ }
+
call = gen_rtx_CALL (VOIDmode, fnaddr, callarg1);
if (retval)
diff --git a/gcc/config/i386/i386-options.cc b/gcc/config/i386/i386-options.cc
index e5c77f3a84d..b59ed5aee45 100644
--- a/gcc/config/i386/i386-options.cc
+++ b/gcc/config/i386/i386-options.cc
@@ -2006,6 +2006,9 @@ ix86_option_override_internal (bool main_args_p,
if (TARGET_UINTR && !TARGET_64BIT)
error ("%<-muintr%> not supported for 32-bit code");
+ if (ix86_lam_type && !TARGET_LP64)
+ error ("%<-mlam=%> option: [u48|u57] not supported for 32-bit code");
+
if (!opts->x_ix86_arch_string)
opts->x_ix86_arch_string
= TARGET_64BIT_P (opts->x_ix86_isa_flags)
diff --git a/gcc/config/i386/i386-opts.h b/gcc/config/i386/i386-opts.h
index 8f71e89fa9a..d3bfeed0af2 100644
--- a/gcc/config/i386/i386-opts.h
+++ b/gcc/config/i386/i386-opts.h
@@ -128,4 +128,10 @@ enum harden_sls {
harden_sls_all = harden_sls_return | harden_sls_indirect_jmp
};
+enum lam_type {
+ lam_none = 0,
+ lam_u48 = 1,
+ lam_u57
+};
+
#endif
diff --git a/gcc/config/i386/i386-protos.h b/gcc/config/i386/i386-protos.h
index 5318fc7fddf..2533f17006d 100644
--- a/gcc/config/i386/i386-protos.h
+++ b/gcc/config/i386/i386-protos.h
@@ -227,6 +227,8 @@ extern void ix86_expand_atomic_fetch_op_loop (rtx, rtx, rtx, enum rtx_code,
bool, bool);
extern void ix86_expand_cmpxchg_loop (rtx *, rtx, rtx, rtx, rtx, rtx,
bool, rtx_code_label *);
+extern rtx ix86_memtag_untagged_pointer (rtx, rtx);
+extern bool ix86_memtag_can_tag_addresses (void);
#ifdef TREE_CODE
extern void init_cumulative_args (CUMULATIVE_ARGS *, tree, rtx, tree, int);
diff --git a/gcc/config/i386/i386.cc b/gcc/config/i386/i386.cc
index f8586499cd1..e6609cc12bb 100644
--- a/gcc/config/i386/i386.cc
+++ b/gcc/config/i386/i386.cc
@@ -24260,6 +24260,111 @@ ix86_push_rounding (poly_int64 bytes)
return ROUND_UP (bytes, UNITS_PER_WORD);
}
+/* Use 8 bits metadata start from bit48 for LAM_U48,
+ 6 bits metadat start from bit57 for LAM_U57. */
+#define IX86_HWASAN_SHIFT (ix86_lam_type == lam_u48 \
+ ? 48 \
+ : (ix86_lam_type == lam_u57 ? 57 : 0))
+#define IX86_HWASAN_TAG_SIZE (ix86_lam_type == lam_u48 \
+ ? 8 \
+ : (ix86_lam_type == lam_u57 ? 6 : 0))
+
+/* Implement TARGET_MEMTAG_CAN_TAG_ADDRESSES. */
+bool
+ix86_memtag_can_tag_addresses ()
+{
+ return ix86_lam_type != lam_none && TARGET_LP64;
+}
+
+/* Implement TARGET_MEMTAG_TAG_SIZE. */
+unsigned char
+ix86_memtag_tag_size ()
+{
+ return IX86_HWASAN_TAG_SIZE;
+}
+
+/* Implement TARGET_MEMTAG_SET_TAG. */
+rtx
+ix86_memtag_set_tag (rtx untagged, rtx tag, rtx target)
+{
+ /* default_memtag_insert_random_tag may
+ generate tag with value more than 6 bits. */
+ if (ix86_lam_type == lam_u57)
+ {
+ unsigned HOST_WIDE_INT and_imm
+ = (HOST_WIDE_INT_1U << IX86_HWASAN_TAG_SIZE) - 1;
+
+ emit_insn (gen_andqi3 (tag, tag, GEN_INT (and_imm)));
+ }
+ tag = expand_simple_binop (Pmode, ASHIFT, tag,
+ GEN_INT (IX86_HWASAN_SHIFT), NULL_RTX,
+ /* unsignedp = */1, OPTAB_WIDEN);
+ rtx ret = expand_simple_binop (Pmode, IOR, untagged, tag, target,
+ /* unsignedp = */1, OPTAB_DIRECT);
+ return ret;
+}
+
+/* Implement TARGET_MEMTAG_EXTRACT_TAG. */
+rtx
+ix86_memtag_extract_tag (rtx tagged_pointer, rtx target)
+{
+ rtx tag = expand_simple_binop (Pmode, LSHIFTRT, tagged_pointer,
+ GEN_INT (IX86_HWASAN_SHIFT), target,
+ /* unsignedp = */0,
+ OPTAB_DIRECT);
+ rtx ret = gen_reg_rtx (QImode);
+ /* Mask off bit63 when LAM_U57. */
+ if (ix86_lam_type == lam_u57)
+ {
+ unsigned HOST_WIDE_INT and_imm
+ = (HOST_WIDE_INT_1U << IX86_HWASAN_TAG_SIZE) - 1;
+ emit_insn (gen_andqi3 (ret, gen_lowpart (QImode, tag),
+ gen_int_mode (and_imm, QImode)));
+ }
+ else
+ emit_move_insn (ret, gen_lowpart (QImode, tag));
+ return ret;
+}
+
+/* The default implementation of TARGET_MEMTAG_UNTAGGED_POINTER. */
+rtx
+ix86_memtag_untagged_pointer (rtx tagged_pointer, rtx target)
+{
+ /* Leave bit63 alone. */
+ rtx tag_mask = gen_int_mode (((HOST_WIDE_INT_1U << IX86_HWASAN_SHIFT)
+ + (HOST_WIDE_INT_1U << 63) - 1),
+ Pmode);
+ rtx untagged_base = expand_simple_binop (Pmode, AND, tagged_pointer,
+ tag_mask, target, true,
+ OPTAB_DIRECT);
+ gcc_assert (untagged_base);
+ return untagged_base;
+}
+
+/* Implement TARGET_MEMTAG_ADD_TAG. */
+rtx
+ix86_memtag_add_tag (rtx base, poly_int64 offset, unsigned char tag_offset)
+{
+ rtx base_tag = gen_reg_rtx (QImode);
+ rtx base_addr = gen_reg_rtx (Pmode);
+ rtx tagged_addr = gen_reg_rtx (Pmode);
+ rtx new_tag = gen_reg_rtx (QImode);
+ unsigned HOST_WIDE_INT and_imm
+ = (HOST_WIDE_INT_1U << IX86_HWASAN_SHIFT) - 1;
+
+ /* When there's "overflow" in tag adding,
+ need to mask the most significant bit off. */
+ emit_move_insn (base_tag, ix86_memtag_extract_tag (base, NULL_RTX));
+ emit_move_insn (base_addr,
+ ix86_memtag_untagged_pointer (base, NULL_RTX));
+ emit_insn (gen_add2_insn (base_tag, gen_int_mode (tag_offset, QImode)));
+ emit_move_insn (new_tag, base_tag);
+ emit_insn (gen_andqi3 (new_tag, new_tag, gen_int_mode (and_imm, QImode)));
+ emit_move_insn (tagged_addr,
+ ix86_memtag_set_tag (base_addr, new_tag, NULL_RTX));
+ return plus_constant (Pmode, tagged_addr, offset);
+}
+
/* Target-specific selftests. */
#if CHECKING_P
@@ -25054,6 +25159,24 @@ ix86_libgcc_floating_mode_supported_p
# define TARGET_ASM_RELOC_RW_MASK ix86_reloc_rw_mask
#endif
+#undef TARGET_MEMTAG_CAN_TAG_ADDRESSES
+#define TARGET_MEMTAG_CAN_TAG_ADDRESSES ix86_memtag_can_tag_addresses
+
+#undef TARGET_MEMTAG_ADD_TAG
+#define TARGET_MEMTAG_ADD_TAG ix86_memtag_add_tag
+
+#undef TARGET_MEMTAG_SET_TAG
+#define TARGET_MEMTAG_SET_TAG ix86_memtag_set_tag
+
+#undef TARGET_MEMTAG_EXTRACT_TAG
+#define TARGET_MEMTAG_EXTRACT_TAG ix86_memtag_extract_tag
+
+#undef TARGET_MEMTAG_UNTAGGED_POINTER
+#define TARGET_MEMTAG_UNTAGGED_POINTER ix86_memtag_untagged_pointer
+
+#undef TARGET_MEMTAG_TAG_SIZE
+#define TARGET_MEMTAG_TAG_SIZE ix86_memtag_tag_size
+
static bool ix86_libc_has_fast_function (int fcode ATTRIBUTE_UNUSED)
{
#ifdef OPTION_GLIBC
diff --git a/gcc/config/i386/i386.opt b/gcc/config/i386/i386.opt
index 415c52e1bb4..2c5fc361d07 100644
--- a/gcc/config/i386/i386.opt
+++ b/gcc/config/i386/i386.opt
@@ -1246,3 +1246,19 @@ Support PREFETCHI built-in functions and code generation.
mraoint
Target Mask(ISA2_RAOINT) Var(ix86_isa_flags2) Save
Support RAOINT built-in functions and code generation.
+
+mlam=
+Target RejectNegative Joined Enum(lam_type) Var(ix86_lam_type) Init(lam_none)
+-mlam=[none|u48|u57] Instrument meta data position in user data pointers.
+
+Enum
+Name(lam_type) Type(enum lam_type) UnknownError(unknown lam type %qs)
+
+EnumValue
+Enum(lam_type) String(none) Value(lam_none)
+
+EnumValue
+Enum(lam_type) String(u48) Value(lam_u48)
+
+EnumValue
+Enum(lam_type) String(u57) Value(lam_u57)
--
2.18.1
next prev parent reply other threads:[~2022-11-11 1:26 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-11 1:26 [PATCH 0/2] Support HWASAN with Intel LAM liuhongt
2022-11-11 1:26 ` liuhongt [this message]
2022-11-30 5:21 ` [PATCH 1/2 V2] Implement hwasan target_hook liuhongt
2022-11-11 1:26 ` [PATCH 2/2] Enable hwasan for x86-64 liuhongt
2022-11-28 3:35 ` [PATCH 0/2] Support HWASAN with Intel LAM Hongtao Liu
2022-11-28 7:12 ` Uros Bizjak
2022-11-28 14:40 ` Martin Liška
2022-11-29 2:10 ` H.J. Lu
2022-11-29 2:37 ` Hongtao Liu
2022-11-30 14:07 ` Martin Liška
2022-12-09 2:04 ` Hongtao Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20221111012631.76776-2-hongtao.liu@intel.com \
--to=hongtao.liu@intel.com \
--cc=crazylht@gmail.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=hjl.tools@gmail.com \
--cc=ubizjak@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).