[PATCH] arm: Zero/Sign extends for CMSE security on Armv8-M.baseline

public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed

From: "Torbjörn SVENSSON" <torbjorn.svensson@foss.st.com>
To: <gcc-patches@gcc.gnu.org>
Cc: Richard.Earnshaw@arm.com, Richard.Ball@arm.com,
	"Torbjörn SVENSSON" <torbjorn.svensson@foss.st.com>,
	"Yvan ROUX" <yvan.roux@foss.st.com>
Subject: [PATCH] arm: Zero/Sign extends for CMSE security on Armv8-M.baseline
Date: Thu, 6 Jun 2024 18:43:18 +0200	[thread overview]
Message-ID: <20240606164317.574181-1-torbjorn.svensson@foss.st.com> (raw)

I would like to push this patch to the following branches:

- releases/gcc-11
- releases/gcc-12
- releases/gcc-13
- releases/gcc-14
- trunk

Ok?

The problem was highlighted by https://linaro.atlassian.net/browse/GNU-1239

--

Properly handle zero and sign extension for Armv8-M.baseline as
Cortex-M23 can have the security extension active.
Currently, there is a internal compiler error on Cortex-M23 for the
epilog processing of sign extension.

This patch addresses the following CVE-2024-0151 for Armv8-M.baseline.

gcc/ChangeLog:

	* config/arm/arm.cc (cmse_nonsecure_call_inline_register_clear):
	Sign extend for Thumb1.
	(thumb1_expand_prologue): Add zero/sign extend.

Signed-off-by: Torbjörn SVENSSON <torbjorn.svensson@foss.st.com>
Co-authored-by: Yvan ROUX <yvan.roux@foss.st.com>
---
 gcc/config/arm/arm.cc | 68 ++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 60 insertions(+), 8 deletions(-)

diff --git a/gcc/config/arm/arm.cc b/gcc/config/arm/arm.cc
index ea0c963a4d6..077cb61f42a 100644
--- a/gcc/config/arm/arm.cc
+++ b/gcc/config/arm/arm.cc
@@ -19220,17 +19220,23 @@ cmse_nonsecure_call_inline_register_clear (void)
 	      || TREE_CODE (ret_type) == BOOLEAN_TYPE)
 	      && known_lt (GET_MODE_SIZE (TYPE_MODE (ret_type)), 4))
 	    {
-	      machine_mode ret_mode = TYPE_MODE (ret_type);
+	      rtx ret_mode = gen_rtx_REG (TYPE_MODE (ret_type), R0_REGNUM);
+	      rtx si_mode = gen_rtx_REG (SImode, R0_REGNUM);
 	      rtx extend;
 	      if (TYPE_UNSIGNED (ret_type))
-		extend = gen_rtx_ZERO_EXTEND (SImode,
-					      gen_rtx_REG (ret_mode, R0_REGNUM));
+		extend = gen_rtx_SET (si_mode, gen_rtx_ZERO_EXTEND (SImode,
+								    ret_mode));
+	      else if (TARGET_THUMB1)
+		{
+		  if (known_lt (GET_MODE_SIZE (TYPE_MODE (ret_type)), 2))
+		    extend = gen_thumb1_extendqisi2 (si_mode, ret_mode);
+		  else
+		    extend = gen_thumb1_extendhisi2 (si_mode, ret_mode);
+		}
 	      else
-		extend = gen_rtx_SIGN_EXTEND (SImode,
-					      gen_rtx_REG (ret_mode, R0_REGNUM));
-	      emit_insn_after (gen_rtx_SET (gen_rtx_REG (SImode, R0_REGNUM),
-					     extend), insn);
-
+		extend = gen_rtx_SET (si_mode, gen_rtx_SIGN_EXTEND (SImode,
+								    ret_mode));
+	      emit_insn_after (extend, insn);
 	    }
 
 
@@ -27250,6 +27256,52 @@ thumb1_expand_prologue (void)
   live_regs_mask = offsets->saved_regs_mask;
   lr_needs_saving = live_regs_mask & (1 << LR_REGNUM);
 
+  /* The AAPCS requires the callee to widen integral types narrower
+     than 32 bits to the full width of the register; but when handling
+     calls to non-secure space, we cannot trust the callee to have
+     correctly done so.  So forcibly re-widen the result here.  */
+  if (IS_CMSE_ENTRY (func_type))
+    {
+      function_args_iterator args_iter;
+      CUMULATIVE_ARGS args_so_far_v;
+      cumulative_args_t args_so_far;
+      bool first_param = true;
+      tree arg_type;
+      tree fndecl = current_function_decl;
+      tree fntype = TREE_TYPE (fndecl);
+      arm_init_cumulative_args (&args_so_far_v, fntype, NULL_RTX, fndecl);
+      args_so_far = pack_cumulative_args (&args_so_far_v);
+      FOREACH_FUNCTION_ARGS (fntype, arg_type, args_iter)
+	{
+	  rtx arg_rtx;
+
+	  if (VOID_TYPE_P (arg_type))
+	    break;
+
+	  function_arg_info arg (arg_type, /*named=*/true);
+	  if (!first_param)
+	    /* We should advance after processing the argument and pass
+	       the argument we're advancing past.  */
+	    arm_function_arg_advance (args_so_far, arg);
+	  first_param = false;
+	  arg_rtx = arm_function_arg (args_so_far, arg);
+	  gcc_assert (REG_P (arg_rtx));
+	  if ((TREE_CODE (arg_type) == INTEGER_TYPE
+	      || TREE_CODE (arg_type) == ENUMERAL_TYPE
+	      || TREE_CODE (arg_type) == BOOLEAN_TYPE)
+	      && known_lt (GET_MODE_SIZE (GET_MODE (arg_rtx)), 4))
+	    {
+	      rtx res_reg = gen_rtx_REG (SImode, REGNO(arg_rtx));
+	      if (TYPE_UNSIGNED (arg_type))
+		emit_set_insn (res_reg, gen_rtx_ZERO_EXTEND (SImode, arg_rtx));
+	      else if (known_lt (GET_MODE_SIZE (GET_MODE (arg_rtx)), 2))
+		emit_insn (gen_thumb1_extendqisi2 (res_reg, arg_rtx));
+	      else
+		emit_insn (gen_thumb1_extendhisi2 (res_reg, arg_rtx));
+	    }
+	}
+    }
+
   /* Extract a mask of the ones we can give to the Thumb's push instruction.  */
   l_mask = live_regs_mask & 0x40ff;
   /* Then count how many other high registers will need to be pushed.  */
-- 
2.25.1

next             reply	other threads:[~2024-06-06 16:47 UTC|newest]

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-06 16:43 Torbjörn SVENSSON [this message]
2024-06-06 17:19 ` Christophe Lyon
2024-06-07  8:56   ` [PATH 0/2] arm: Zero/Sign extends for CMSE security on Torbjörn SVENSSON
2024-06-07  8:56     ` [PATCH v2 1/2] arm: Zero/Sign extends for CMSE security on Armv8-M.baseline [PR115253] Torbjörn SVENSSON
2024-06-10 10:37       ` Andre Vieira (lists)
2024-06-10 12:19         ` Torbjorn SVENSSON
2024-06-10 12:51           ` Andre Vieira (lists)
2024-06-10 14:04             ` [PATCH v3 0/2] " Torbjörn SVENSSON
2024-06-10 14:04               ` [PATCH v3 1/2] " Torbjörn SVENSSON
2024-06-11 13:59                 ` Richard Earnshaw (lists)
2024-06-11 14:31                   ` Andre Vieira (lists)
2024-06-12 12:16                   ` Torbjorn SVENSSON
2024-06-12 21:15                   ` Richard Sandiford
2024-06-10 14:04               ` [PATCH v3 2/2] testsuite: Fix expand-return CMSE test for Armv8.1-M [PR115253] Torbjörn SVENSSON
2024-06-11 14:00                 ` Richard Earnshaw (lists)
2024-06-12 12:16                   ` Torbjorn SVENSSON
2024-06-07  8:56     ` [PATCH v2 " Torbjörn SVENSSON

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240606164317.574181-1-torbjorn.svensson@foss.st.com \
    --to=torbjorn.svensson@foss.st.com \
    --cc=Richard.Ball@arm.com \
    --cc=Richard.Earnshaw@arm.com \
    --cc=gcc-patches@gcc.gnu.org \
    --cc=yvan.roux@foss.st.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).