From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=nYPe=NM=foss.st.com=prvs=6891e9a20c=torbjorn.svensson@sourceware.org>
Received: from mx08-00178001.pphosted.com (mx08-00178001.pphosted.com [91.207.212.93])
	by sourceware.org (Postfix) with ESMTPS id 622343858D39
	for <gcc-patches@gcc.gnu.org>; Mon, 10 Jun 2024 14:05:24 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 622343858D39
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=foss.st.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=foss.st.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 622343858D39
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=91.207.212.93
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1718028327; cv=none;
	b=Dud/LU0lmiFR0ozn4hIvejI/lgQF3gLXd8Lpu63e4YZShYMbmytq1GZwBkF7qWUnE1kNrA8anmDvyvf0RdqjsXvk0PIld1wIoK9TAMENR82pJW0BpjMdIX8vMH7Tt0OA1iPOFBe/5BOChfkXlhCd1b1Yrd5j9BaeYZxLH2HAifk=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1718028327; c=relaxed/simple;
	bh=Mr5Jjkmzm9knmQ6UKCSQeX7M2zf+PQ2OQy6Aowqacvw=;
	h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=d6y/hJzHfgKIa7l8s1bjYBQS6JvgIdOBKv7OMq39BXGFrhbQzEd0P49iFHEnZ9BazO3vLPnFcMybCJIOPGoQmujnLN8NusLKnwT/GhK997nKnePcZpRP4izP1vKPc3SrZAzsylGww0/u3PYqBseUQPzsAyt4DfPdUaW/JMCUou4=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from pps.filterd (m0369457.ppops.net [127.0.0.1])
	by mx07-00178001.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 45ACQgkr001003;
	Mon, 10 Jun 2024 16:05:21 +0200
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=foss.st.com; h=
	cc:content-transfer-encoding:content-type:date:from:in-reply-to
	:message-id:mime-version:references:subject:to; s=selector1; bh=
	i2Cp+9ex5vDOgT2130sGSw5M0WoL9TBCp0m7NclJkdY=; b=Gu68gymGCO/3hFrC
	gBTGc4Gu3VESB0jfEhGEZ7FQHnKrdtF6lNHnzBICqxGXDhD9Hcic70xptTik+sjo
	s81yeFi2bsVCa1Iqtqq4Ejo8kBVVOWLkYTLN6NQyvOmtJHTy0sD8xvUFHEcXpti7
	aO4QqtjuZwgMizuD8Y7BeoDyTmJ6g6p8czM8D/GZ/BhqPEOvQSV2xl5NWI2LPHkT
	6nfat8QYUMuXySJ5NQdMLdZqK1ZrS3UTB9DbU87QpoNsTkoBtHgflp8ttEgIATHu
	3rmNpsbXWuSaYoLJ0EfbF7ZUvUTts5jBuvxV3BeMSxUvS0zVkZAcTXLv40+iXIi1
	4gLxHQ==
Received: from beta.dmz-ap.st.com (beta.dmz-ap.st.com [138.198.100.35])
	by mx07-00178001.pphosted.com (PPS) with ESMTPS id 3yn28hw06p-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
	Mon, 10 Jun 2024 16:05:20 +0200 (MEST)
Received: from euls16034.sgp.st.com (euls16034.sgp.st.com [10.75.44.20])
	by beta.dmz-ap.st.com (STMicroelectronics) with ESMTP id DD3B540045;
	Mon, 10 Jun 2024 16:05:14 +0200 (CEST)
Received: from Webmail-eu.st.com (shfdag1node3.st.com [10.75.129.71])
	by euls16034.sgp.st.com (STMicroelectronics) with ESMTP id 4EC1821A224;
	Mon, 10 Jun 2024 16:04:56 +0200 (CEST)
Received: from jkgcxl0004.jkg.st.com (10.74.22.255) by SHFDAG1NODE3.st.com
 (10.75.129.71) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2507.35; Mon, 10 Jun
 2024 16:04:55 +0200
From: =?UTF-8?q?Torbj=C3=B6rn=20SVENSSON?= <torbjorn.svensson@foss.st.com>
To: <gcc-patches@gcc.gnu.org>
CC: <Richard.Earnshaw@arm.com>, <Richard.Ball@arm.com>,
        <christophe.lyon@linaro.org>, <yvan.roux@foss.st.com>,
        =?UTF-8?q?Torbj=C3=B6rn=20SVENSSON?= <torbjorn.svensson@foss.st.com>
Subject: [PATCH v3 1/2] arm: Zero/Sign extends for CMSE security on Armv8-M.baseline [PR115253]
Date: Mon, 10 Jun 2024 16:04:36 +0200
Message-ID: <20240610140437.966245-2-torbjorn.svensson@foss.st.com>
X-Mailer: git-send-email 2.25.1
In-Reply-To: <20240610140437.966245-1-torbjorn.svensson@foss.st.com>
References: <51e7905e-60da-27ae-19c1-286128899e93@arm.com>
 <20240610140437.966245-1-torbjorn.svensson@foss.st.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
X-Originating-IP: [10.74.22.255]
X-ClientProxiedBy: SHFCAS1NODE1.st.com (10.75.129.72) To SHFDAG1NODE3.st.com
 (10.75.129.71)
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16
 definitions=2024-06-10_02,2024-06-10_01,2024-05-17_01
X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,GIT_PATCH_0,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>

Properly handle zero and sign extension for Armv8-M.baseline as
Cortex-M23 can have the security extension active.
Currently, there is an internal compiler error on Cortex-M23 for the
epilog processing of sign extension.

This patch addresses the following CVE-2024-0151 for Armv8-M.baseline.

gcc/ChangeLog:

	PR target/115253
	* config/arm/arm.cc (cmse_nonsecure_call_inline_register_clear):
	Sign extend for Thumb1.
	(thumb1_expand_prologue): Add zero/sign extend.

Signed-off-by: Torbjörn SVENSSON <torbjorn.svensson@foss.st.com>
Co-authored-by: Yvan ROUX <yvan.roux@foss.st.com>
---
 gcc/config/arm/arm.cc | 71 ++++++++++++++++++++++++++++++++++++++-----
 1 file changed, 63 insertions(+), 8 deletions(-)

diff --git a/gcc/config/arm/arm.cc b/gcc/config/arm/arm.cc
index ea0c963a4d6..e7b4caf1083 100644
--- a/gcc/config/arm/arm.cc
+++ b/gcc/config/arm/arm.cc
@@ -19220,17 +19220,22 @@ cmse_nonsecure_call_inline_register_clear (void)
 	      || TREE_CODE (ret_type) == BOOLEAN_TYPE)
 	      && known_lt (GET_MODE_SIZE (TYPE_MODE (ret_type)), 4))
 	    {
-	      machine_mode ret_mode = TYPE_MODE (ret_type);
+	      rtx ret_reg = gen_rtx_REG (TYPE_MODE (ret_type), R0_REGNUM);
+	      rtx si_reg = gen_rtx_REG (SImode, R0_REGNUM);
 	      rtx extend;
 	      if (TYPE_UNSIGNED (ret_type))
-		extend = gen_rtx_ZERO_EXTEND (SImode,
-					      gen_rtx_REG (ret_mode, R0_REGNUM));
+		extend = gen_rtx_SET (si_reg, gen_rtx_ZERO_EXTEND (SImode,
+								   ret_reg));
 	      else
-		extend = gen_rtx_SIGN_EXTEND (SImode,
-					      gen_rtx_REG (ret_mode, R0_REGNUM));
-	      emit_insn_after (gen_rtx_SET (gen_rtx_REG (SImode, R0_REGNUM),
-					     extend), insn);
-
+		/* Signed-extension is a special case because of
+		   thumb1_extendhisi2.  */
+		if (TARGET_THUMB1
+		    && known_ge (GET_MODE_SIZE (TYPE_MODE (ret_type)), 2))
+		  extend = gen_thumb1_extendhisi2 (si_reg, ret_reg);
+		else
+		  extend = gen_rtx_SET (si_reg, gen_rtx_SIGN_EXTEND (SImode,
+								     ret_reg));
+	      emit_insn_after (extend, insn);
 	    }
 
 
@@ -27250,6 +27255,56 @@ thumb1_expand_prologue (void)
   live_regs_mask = offsets->saved_regs_mask;
   lr_needs_saving = live_regs_mask & (1 << LR_REGNUM);
 
+  /* The AAPCS requires the callee to widen integral types narrower
+     than 32 bits to the full width of the register; but when handling
+     calls to non-secure space, we cannot trust the callee to have
+     correctly done so.  So forcibly re-widen the result here.  */
+  if (IS_CMSE_ENTRY (func_type))
+    {
+      function_args_iterator args_iter;
+      CUMULATIVE_ARGS args_so_far_v;
+      cumulative_args_t args_so_far;
+      bool first_param = true;
+      tree arg_type;
+      tree fndecl = current_function_decl;
+      tree fntype = TREE_TYPE (fndecl);
+      arm_init_cumulative_args (&args_so_far_v, fntype, NULL_RTX, fndecl);
+      args_so_far = pack_cumulative_args (&args_so_far_v);
+      FOREACH_FUNCTION_ARGS (fntype, arg_type, args_iter)
+	{
+	  rtx arg_rtx;
+
+	  if (VOID_TYPE_P (arg_type))
+	    break;
+
+	  function_arg_info arg (arg_type, /*named=*/true);
+	  if (!first_param)
+	    /* We should advance after processing the argument and pass
+	       the argument we're advancing past.  */
+	    arm_function_arg_advance (args_so_far, arg);
+	  first_param = false;
+	  arg_rtx = arm_function_arg (args_so_far, arg);
+	  gcc_assert (REG_P (arg_rtx));
+	  if ((TREE_CODE (arg_type) == INTEGER_TYPE
+	      || TREE_CODE (arg_type) == ENUMERAL_TYPE
+	      || TREE_CODE (arg_type) == BOOLEAN_TYPE)
+	      && known_lt (GET_MODE_SIZE (GET_MODE (arg_rtx)), 4))
+	    {
+	      rtx res_reg = gen_rtx_REG (SImode, REGNO (arg_rtx));
+	      if (TYPE_UNSIGNED (arg_type))
+		emit_set_insn (res_reg, gen_rtx_ZERO_EXTEND (SImode, arg_rtx));
+	      else
+		/* Signed-extension is a special case because of
+		   thumb1_extendhisi2.  */
+		if (known_ge (GET_MODE_SIZE (GET_MODE (arg_rtx)), 2))
+		  emit_insn (gen_thumb1_extendhisi2 (res_reg, arg_rtx));
+		else
+		  emit_set_insn (res_reg,
+				 gen_rtx_SIGN_EXTEND (SImode, arg_rtx));
+	    }
+	}
+    }
+
   /* Extract a mask of the ones we can give to the Thumb's push instruction.  */
   l_mask = live_regs_mask & 0x40ff;
   /* Then count how many other high registers will need to be pushed.  */
-- 
2.25.1