From: Sam Tebbs <Sam.Tebbs@arm.com>
To: Kyrill Tkachov <kyrylo.tkachov@foss.arm.com>,
James Greenhalgh <James.Greenhalgh@arm.com>
Cc: "gcc-patches@gcc.gnu.org" <gcc-patches@gcc.gnu.org>,
Richard Earnshaw <Richard.Earnshaw@arm.com>,
Marcus Shawcroft <Marcus.Shawcroft@arm.com>, nd <nd@arm.com>,
"ian@airs.com" <ian@airs.com>, Jeff Law <law@redhat.com>
Subject: Re: [PATCH 3/3][GCC][AARCH64] Add support for pointer authentication B key
Date: Fri, 01 Mar 2019 14:12:00 -0000 [thread overview]
Message-ID: <642d019c-ce63-9a3f-dcae-60795e6b20eb@arm.com> (raw)
In-Reply-To: <503f43e4-d0b4-02b9-b365-152bb618d1a0@arm.com>
[-- Attachment #1: Type: text/plain, Size: 4118 bytes --]
On 31/01/2019 14:54, Sam Tebbs wrote:
> <snip>
>> ping 3. The preceding two patches were committed a while ago but require
>> the minor libgcc changes in this patch, which are the only parts left to
>> be reviewed.
> ping 4
Attached is a rebased patch made to work on top of Sudi Das' BTI patch
(by renaming UNSPEC_PACISP to UNSPEC_PACIASP and UNSPEC_PACIBSP in
aarch64-bti-insert.c). The updated changelog is below.
Are the libgcc changes OK for trunk?
gcc/
2019-03-01 Sam Tebbs<sam.tebbs@arm.com>
* config/aarch64/aarch64-builtins.c (aarch64_builtins): Add
AARCH64_PAUTH_BUILTIN_AUTIB1716 and AARCH64_PAUTH_BUILTIN_PACIB1716.
* config/aarch64/aarch64-builtins.c (aarch64_init_pauth_hint_builtins):
Add autib1716 and pacib1716 initialisation.
* config/aarch64/aarch64-builtins.c (aarch64_expand_builtin): Add checks
for autib1716 and pacib1716.
* config/aarch64/aarch64-protos.h (aarch64_key_type,
aarch64_post_cfi_startproc): Define.
* config/aarch64/aarch64-protos.h (aarch64_ra_sign_key): Define extern.
* config/aarch64/aarch64.c (aarch64_handle_standard_branch_protection,
aarch64_handle_pac_ret_protection): Set default sign key to A.
* config/aarch64/aarch64.c (aarch64_expand_epilogue,
aarch64_expand_prologue): Add check for b-key.
* config/aarch64/aarch64.c (aarch64_ra_sign_key,
aarch64_post_cfi_startproc, aarch64_handle_pac_ret_b_key): Define.
* config/aarch64/aarch64.h (TARGET_ASM_POST_CFI_STARTPROC): Define.
* config/aarch64/aarch64.c (aarch64_pac_ret_subtypes): Add "b-key".
* config/aarch64/aarch64.md (unspec): Add UNSPEC_AUTIA1716,
UNSPEC_AUTIB1716, UNSPEC_AUTIASP, UNSPEC_AUTIBSP, UNSPEC_PACIA1716,
UNSPEC_PACIB1716, UNSPEC_PACIASP, UNSPEC_PACIBSP.
* config/aarch64/aarch64.md (do_return): Add check for b-key.
* config/aarch64/aarch64.md (<pauth_mnem_prefix>sp): Replace
pauth_hint_num_a with pauth_hint_num.
* config/aarch64/aarch64.md (<pauth_mnem_prefix>1716): Replace
pauth_hint_num_a with pauth_hint_num.
* config/aarch64/aarch64.opt (msign-return-address=): Deprecate.
* config/aarch64/iterators.md (PAUTH_LR_SP): Add UNSPEC_AUTIASP,
UNSPEC_AUTIBSP, UNSPEC_PACIASP, UNSPEC_PACIBSP.
* config/aarch64/iterators.md (PAUTH_17_16): Add UNSPEC_AUTIA1716,
UNSPEC_AUTIB1716, UNSPEC_PACIA1716, UNSPEC_PACIB1716.
* config/aarch64/iterators.md (pauth_mnem_prefix): Add UNSPEC_AUTIA1716,
UNSPEC_AUTIB1716, UNSPEC_PACIA1716, UNSPEC_PACIB1716, UNSPEC_AUTIASP,
UNSPEC_AUTIBSP, UNSPEC_PACIASP, UNSPEC_PACIBSP.
* config/aarch64/iterators.md (pauth_hint_num_a): Replace
UNSPEC_PACI1716 and UNSPEC_AUTI1716 with UNSPEC_PACIA1716 and
UNSPEC_AUTIA1716 respectively.
* config/aarch64/iterators.md (pauth_hint_num_a): Rename to pauth_hint_num
and add UNSPEC_PACIBSP, UNSPEC_AUTIBSP, UNSPEC_PACIB1716, UNSPEC_AUTIB1716.
* doc/invoke.texi (-mbranch-protection): Add b-key type.
* config/aarch64/aarch64-bti-insert.c (aarch64_pac_insn_p): Rename
UNSPEC_PACISP to UNSPEC_PACIASP and UNSPEC_PACIBSP.
gcc/testsuite
2019-03-01 Sam Tebbs<sam.tebbs@arm.com>
* gcc.target/aarch64/return_address_sign_b_1.c: New file.
* gcc.target/aarch64/return_address_sign_b_2.c: New file.
* gcc.target/aarch64/return_address_sign_b_3.c: New file.
* gcc.target/aarch64/return_address_sign_b_exception.c: New file.
* gcc.target/aarch64/return_address_sign_ab_exception.c: New file.
* gcc.target/aarch64/return_address_sign_builtin.c: New file
libgcc/
2019-03-01 Sam Tebbs<sam.tebbs@arm.com>
* config/aarch64/aarch64-unwind.h (aarch64_cie_signed_with_b_key): New
function.
* config/aarch64/aarch64-unwind.h (aarch64_post_extract_frame_addr,
aarch64_post_frob_eh_handler_addr): Add check for b-key.
* config/aarch64/aarch64-unwind-h (aarch64_post_extract_frame_addr,
aarch64_post_frob_eh_handler_addr, aarch64_post_frob_update_context):
Rename RA_A_SIGNED_BIT to RA_SIGNED_BIT.
* unwind-dw2-fde.c (get_cie_encoding): Add check for 'B' in augmentation
string.
* unwind-dw2.c (extract_cie_info): Add check for 'B' in augmentation
string.
(RA_A_SIGNED_BIT): Rename to RA_SIGNED_BIT.
[-- Attachment #2: diff --]
[-- Type: text/plain, Size: 25253 bytes --]
diff --git a/gcc/config/aarch64/aarch64-bti-insert.c b/gcc/config/aarch64/aarch64-bti-insert.c
index e519a0f0ac1751f4268e03381757bc1a10c13144..db8ebb1ba8e45b4bf7cd2f27ae8a2c606a1a6c89 100644
--- a/gcc/config/aarch64/aarch64-bti-insert.c
+++ b/gcc/config/aarch64/aarch64-bti-insert.c
@@ -106,7 +106,9 @@ aarch64_pac_insn_p (rtx x)
int unspec_val = XINT (sub, 1);
switch (unspec_val)
{
- case UNSPEC_PACISP:
+ case UNSPEC_PACIASP:
+ /* fall-through. */
+ case UNSPEC_PACIBSP:
return true;
default:
diff --git a/gcc/config/aarch64/aarch64-builtins.c b/gcc/config/aarch64/aarch64-builtins.c
index d7b1b7bd6867a0f98a2f67fec0fd80a0a08f69c1..549a6c249243372eacb5d29923b5d1abce4ac79a 100644
--- a/gcc/config/aarch64/aarch64-builtins.c
+++ b/gcc/config/aarch64/aarch64-builtins.c
@@ -432,6 +432,8 @@ enum aarch64_builtins
/* ARMv8.3-A Pointer Authentication Builtins. */
AARCH64_PAUTH_BUILTIN_AUTIA1716,
AARCH64_PAUTH_BUILTIN_PACIA1716,
+ AARCH64_PAUTH_BUILTIN_AUTIB1716,
+ AARCH64_PAUTH_BUILTIN_PACIB1716,
AARCH64_PAUTH_BUILTIN_XPACLRI,
/* Special cased Armv8.3-A Complex FMA by Lane quad Builtins. */
AARCH64_SIMD_FCMLA_LANEQ_BUILTIN_BASE,
@@ -1051,6 +1053,14 @@ aarch64_init_pauth_hint_builtins (void)
= add_builtin_function ("__builtin_aarch64_pacia1716", ftype_pointer_auth,
AARCH64_PAUTH_BUILTIN_PACIA1716, BUILT_IN_MD, NULL,
NULL_TREE);
+ aarch64_builtin_decls[AARCH64_PAUTH_BUILTIN_AUTIB1716]
+ = add_builtin_function ("__builtin_aarch64_autib1716", ftype_pointer_auth,
+ AARCH64_PAUTH_BUILTIN_AUTIB1716, BUILT_IN_MD, NULL,
+ NULL_TREE);
+ aarch64_builtin_decls[AARCH64_PAUTH_BUILTIN_PACIB1716]
+ = add_builtin_function ("__builtin_aarch64_pacib1716", ftype_pointer_auth,
+ AARCH64_PAUTH_BUILTIN_PACIB1716, BUILT_IN_MD, NULL,
+ NULL_TREE);
aarch64_builtin_decls[AARCH64_PAUTH_BUILTIN_XPACLRI]
= add_builtin_function ("__builtin_aarch64_xpaclri", ftype_pointer_strip,
AARCH64_PAUTH_BUILTIN_XPACLRI, BUILT_IN_MD, NULL,
@@ -1540,6 +1550,8 @@ aarch64_expand_builtin (tree exp,
case AARCH64_PAUTH_BUILTIN_AUTIA1716:
case AARCH64_PAUTH_BUILTIN_PACIA1716:
+ case AARCH64_PAUTH_BUILTIN_AUTIB1716:
+ case AARCH64_PAUTH_BUILTIN_PACIB1716:
case AARCH64_PAUTH_BUILTIN_XPACLRI:
arg0 = CALL_EXPR_ARG (exp, 0);
op0 = force_reg (Pmode, expand_normal (arg0));
@@ -1563,8 +1575,24 @@ aarch64_expand_builtin (tree exp,
{
tree arg1 = CALL_EXPR_ARG (exp, 1);
rtx op1 = force_reg (Pmode, expand_normal (arg1));
- icode = (fcode == AARCH64_PAUTH_BUILTIN_PACIA1716
- ? CODE_FOR_paci1716 : CODE_FOR_auti1716);
+ switch (fcode)
+ {
+ case AARCH64_PAUTH_BUILTIN_AUTIA1716:
+ icode = CODE_FOR_autia1716;
+ break;
+ case AARCH64_PAUTH_BUILTIN_AUTIB1716:
+ icode = CODE_FOR_autib1716;
+ break;
+ case AARCH64_PAUTH_BUILTIN_PACIA1716:
+ icode = CODE_FOR_pacia1716;
+ break;
+ case AARCH64_PAUTH_BUILTIN_PACIB1716:
+ icode = CODE_FOR_pacib1716;
+ break;
+ default:
+ icode = 0;
+ gcc_unreachable ();
+ }
rtx x16_reg = gen_rtx_REG (Pmode, R16_REGNUM);
rtx x17_reg = gen_rtx_REG (Pmode, R17_REGNUM);
diff --git a/gcc/config/aarch64/aarch64-protos.h b/gcc/config/aarch64/aarch64-protos.h
index b035e35f33ba86ceb7b0255e7e0e9ad2d69bf829..8603d4c270bfd780a1a3c21874ed6ce92121e090 100644
--- a/gcc/config/aarch64/aarch64-protos.h
+++ b/gcc/config/aarch64/aarch64-protos.h
@@ -396,8 +396,17 @@ enum simd_immediate_check {
AARCH64_CHECK_MOV = AARCH64_CHECK_ORR | AARCH64_CHECK_BIC
};
+/* The key type that -msign-return-address should use. */
+enum aarch64_key_type {
+ AARCH64_KEY_A,
+ AARCH64_KEY_B
+};
+
+extern enum aarch64_key_type aarch64_ra_sign_key;
+
extern struct tune_params aarch64_tune_params;
+void aarch64_post_cfi_startproc (void);
poly_int64 aarch64_initial_elimination_offset (unsigned, unsigned);
int aarch64_get_condition_code (rtx);
bool aarch64_address_valid_for_prefetch_p (rtx, bool);
diff --git a/gcc/config/aarch64/aarch64.h b/gcc/config/aarch64/aarch64.h
index 7bd3bf525dd71347a12ed9cd2227bc2cd6e9cc55..c2f558b67837d4d2fc843e3c9bc1a205c6c507d6 100644
--- a/gcc/config/aarch64/aarch64.h
+++ b/gcc/config/aarch64/aarch64.h
@@ -505,6 +505,9 @@ extern unsigned aarch64_architecture_version;
#define ASM_DECLARE_FUNCTION_NAME(STR, NAME, DECL) \
aarch64_declare_function_name (STR, NAME, DECL)
+/* Output assembly strings after .cfi_startproc is emitted. */
+#define ASM_POST_CFI_STARTPROC aarch64_post_cfi_startproc
+
/* For EH returns X4 contains the stack adjustment. */
#define EH_RETURN_STACKADJ_RTX gen_rtx_REG (Pmode, R4_REGNUM)
#define EH_RETURN_HANDLER_RTX aarch64_eh_return_handler_rtx ()
diff --git a/gcc/config/aarch64/aarch64.c b/gcc/config/aarch64/aarch64.c
index f13f2681f7784766ba6a59a3a1093f008d9a9d06..cd7e5cc450a734909f9d8411b95ec24fb2904931 100644
--- a/gcc/config/aarch64/aarch64.c
+++ b/gcc/config/aarch64/aarch64.c
@@ -1172,6 +1172,8 @@ static const struct processor *selected_arch;
static const struct processor *selected_cpu;
static const struct processor *selected_tune;
+enum aarch64_key_type aarch64_ra_sign_key = AARCH64_KEY_A;
+
/* The current tuning set. */
struct tune_params aarch64_tune_params = generic_tunings;
@@ -1241,6 +1243,7 @@ static enum aarch64_parse_opt_result
aarch64_handle_standard_branch_protection (char* str, char* rest)
{
aarch64_ra_sign_scope = AARCH64_FUNCTION_NON_LEAF;
+ aarch64_ra_sign_key = AARCH64_KEY_A;
aarch64_enable_bti = 1;
if (rest)
{
@@ -1255,6 +1258,7 @@ aarch64_handle_pac_ret_protection (char* str ATTRIBUTE_UNUSED,
char* rest ATTRIBUTE_UNUSED)
{
aarch64_ra_sign_scope = AARCH64_FUNCTION_NON_LEAF;
+ aarch64_ra_sign_key = AARCH64_KEY_A;
return AARCH64_PARSE_OK;
}
@@ -1267,6 +1271,14 @@ aarch64_handle_pac_ret_leaf (char* str ATTRIBUTE_UNUSED,
}
static enum aarch64_parse_opt_result
+aarch64_handle_pac_ret_b_key (char* str ATTRIBUTE_UNUSED,
+ char* rest ATTRIBUTE_UNUSED)
+{
+ aarch64_ra_sign_key = AARCH64_KEY_B;
+ return AARCH64_PARSE_OK;
+}
+
+static enum aarch64_parse_opt_result
aarch64_handle_bti_protection (char* str ATTRIBUTE_UNUSED,
char* rest ATTRIBUTE_UNUSED)
{
@@ -1276,6 +1288,7 @@ aarch64_handle_bti_protection (char* str ATTRIBUTE_UNUSED,
static const struct aarch64_branch_protect_type aarch64_pac_ret_subtypes[] = {
{ "leaf", aarch64_handle_pac_ret_leaf, NULL, 0 },
+ { "b-key", aarch64_handle_pac_ret_b_key, NULL, 0 },
{ NULL, NULL, NULL, 0 }
};
@@ -4852,7 +4865,7 @@ aarch64_return_address_signing_enabled (void)
gcc_assert (cfun->machine->frame.laid_out);
/* If signing scope is AARCH64_FUNCTION_NON_LEAF, we only sign a leaf function
- if it's LR is pushed onto stack. */
+ if its LR is pushed onto stack. */
return (aarch64_ra_sign_scope == AARCH64_FUNCTION_ALL
|| (aarch64_ra_sign_scope == AARCH64_FUNCTION_NON_LEAF
&& cfun->machine->frame.reg_offset[LR_REGNUM] >= 0));
@@ -5651,7 +5664,17 @@ aarch64_expand_prologue (void)
/* Sign return address for functions. */
if (aarch64_return_address_signing_enabled ())
{
- insn = emit_insn (gen_pacisp ());
+ switch (aarch64_ra_sign_key)
+ {
+ case AARCH64_KEY_A:
+ insn = emit_insn (gen_paciasp ());
+ break;
+ case AARCH64_KEY_B:
+ insn = emit_insn (gen_pacibsp ());
+ break;
+ default:
+ gcc_unreachable ();
+ }
add_reg_note (insn, REG_CFA_TOGGLE_RA_MANGLE, const0_rtx);
RTX_FRAME_RELATED_P (insn) = 1;
}
@@ -5907,7 +5930,17 @@ aarch64_expand_epilogue (bool for_sibcall)
if (aarch64_return_address_signing_enabled ()
&& (for_sibcall || !TARGET_ARMV8_3 || crtl->calls_eh_return))
{
- insn = emit_insn (gen_autisp ());
+ switch (aarch64_ra_sign_key)
+ {
+ case AARCH64_KEY_A:
+ insn = emit_insn (gen_autiasp ());
+ break;
+ case AARCH64_KEY_B:
+ insn = emit_insn (gen_autibsp ());
+ break;
+ default:
+ gcc_unreachable ();
+ }
add_reg_note (insn, REG_CFA_TOGGLE_RA_MANGLE, const0_rtx);
RTX_FRAME_RELATED_P (insn) = 1;
}
@@ -15302,6 +15335,18 @@ aarch64_declare_function_name (FILE *stream, const char* name,
ASM_OUTPUT_LABEL (stream, name);
}
+/* Triggered after a .cfi_startproc directive is emitted into the assembly file.
+ Used to output the .cfi_b_key_frame directive when signing the current
+ function with the B key. */
+
+void
+aarch64_post_cfi_startproc (FILE *f, tree ignored ATTRIBUTE_UNUSED)
+{
+ if (aarch64_return_address_signing_enabled ()
+ && aarch64_ra_sign_key == AARCH64_KEY_B)
+ asm_fprintf (f, "\t.cfi_b_key_frame\n");
+}
+
/* Implements TARGET_ASM_FILE_START. Output the assembly header. */
static void
@@ -19262,6 +19307,9 @@ aarch64_libgcc_floating_mode_supported_p
#define TARGET_RUN_TARGET_SELFTESTS selftest::aarch64_run_selftests
#endif /* #if CHECKING_P */
+#undef TARGET_ASM_POST_CFI_STARTPROC
+#define TARGET_ASM_POST_CFI_STARTPROC aarch64_post_cfi_startproc
+
struct gcc_target targetm = TARGET_INITIALIZER;
#include "gt-aarch64.h"
diff --git a/gcc/config/aarch64/aarch64.md b/gcc/config/aarch64/aarch64.md
index ff83974aeb0b1bf46415c29ba47ada74a79d7586..a7ea7f05d4bdf0cd220822ba8a175de3bf925722 100644
--- a/gcc/config/aarch64/aarch64.md
+++ b/gcc/config/aarch64/aarch64.md
@@ -125,8 +125,10 @@
)
(define_c_enum "unspec" [
- UNSPEC_AUTI1716
- UNSPEC_AUTISP
+ UNSPEC_AUTIA1716
+ UNSPEC_AUTIB1716
+ UNSPEC_AUTIASP
+ UNSPEC_AUTIBSP
UNSPEC_CASESI
UNSPEC_CRC32B
UNSPEC_CRC32CB
@@ -169,8 +171,10 @@
UNSPEC_LD4_LANE
UNSPEC_MB
UNSPEC_NOP
- UNSPEC_PACI1716
- UNSPEC_PACISP
+ UNSPEC_PACIA1716
+ UNSPEC_PACIB1716
+ UNSPEC_PACIASP
+ UNSPEC_PACIBSP
UNSPEC_PRLG_STK
UNSPEC_REV
UNSPEC_RBIT
@@ -738,8 +742,12 @@
if (aarch64_return_address_signing_enabled ()
&& TARGET_ARMV8_3
&& !crtl->calls_eh_return)
- return "retaa";
-
+ {
+ if (aarch64_ra_sign_key == AARCH64_KEY_B)
+ return "retab";
+ else
+ return "retaa";
+ }
return "ret";
}
[(set_attr "type" "branch")]
@@ -6709,7 +6717,7 @@
[(set (reg:DI R30_REGNUM)
(unspec:DI [(reg:DI R30_REGNUM) (reg:DI SP_REGNUM)] PAUTH_LR_SP))]
""
- "hint\t<pauth_hint_num_a> // <pauth_mnem_prefix>asp";
+ "hint\t<pauth_hint_num> // <pauth_mnem_prefix>sp";
)
;; Signing/Authenticating X17 using X16 as the salt.
@@ -6718,7 +6726,7 @@
[(set (reg:DI R17_REGNUM)
(unspec:DI [(reg:DI R17_REGNUM) (reg:DI R16_REGNUM)] PAUTH_17_16))]
""
- "hint\t<pauth_hint_num_a> // <pauth_mnem_prefix>a1716";
+ "hint\t<pauth_hint_num> // <pauth_mnem_prefix>1716";
)
;; Stripping the signature in R30.
diff --git a/gcc/config/aarch64/iterators.md b/gcc/config/aarch64/iterators.md
index 6caeeac80867edda29b5438efdcee475ed609ff6..02a772bedb3af339e925d3348d1cd06744a8211a 100644
--- a/gcc/config/aarch64/iterators.md
+++ b/gcc/config/aarch64/iterators.md
@@ -1508,9 +1508,11 @@
(define_int_iterator FMAXMIN_UNS [UNSPEC_FMAX UNSPEC_FMIN
UNSPEC_FMAXNM UNSPEC_FMINNM])
-(define_int_iterator PAUTH_LR_SP [UNSPEC_PACISP UNSPEC_AUTISP])
+(define_int_iterator PAUTH_LR_SP [UNSPEC_PACIASP UNSPEC_AUTIASP
+ UNSPEC_PACIBSP UNSPEC_AUTIBSP])
-(define_int_iterator PAUTH_17_16 [UNSPEC_PACI1716 UNSPEC_AUTI1716])
+(define_int_iterator PAUTH_17_16 [UNSPEC_PACIA1716 UNSPEC_AUTIA1716
+ UNSPEC_PACIB1716 UNSPEC_AUTIB1716])
(define_int_iterator VQDMULH [UNSPEC_SQDMULH UNSPEC_SQRDMULH])
@@ -1789,16 +1791,34 @@
(UNSPEC_FCVTZU "fcvtzu")])
;; Pointer authentication mnemonic prefix.
-(define_int_attr pauth_mnem_prefix [(UNSPEC_PACISP "paci")
- (UNSPEC_AUTISP "auti")
- (UNSPEC_PACI1716 "paci")
- (UNSPEC_AUTI1716 "auti")])
-
-;; Pointer authentication HINT number for NOP space instructions using A Key.
-(define_int_attr pauth_hint_num_a [(UNSPEC_PACISP "25")
- (UNSPEC_AUTISP "29")
- (UNSPEC_PACI1716 "8")
- (UNSPEC_AUTI1716 "12")])
+(define_int_attr pauth_mnem_prefix [(UNSPEC_PACIASP "pacia")
+ (UNSPEC_PACIBSP "pacib")
+ (UNSPEC_PACIA1716 "pacia")
+ (UNSPEC_PACIB1716 "pacib")
+ (UNSPEC_AUTIASP "autia")
+ (UNSPEC_AUTIBSP "autib")
+ (UNSPEC_AUTIA1716 "autia")
+ (UNSPEC_AUTIB1716 "autib")])
+
+(define_int_attr pauth_key [(UNSPEC_PACIASP "AARCH64_KEY_A")
+ (UNSPEC_PACIBSP "AARCH64_KEY_B")
+ (UNSPEC_PACIA1716 "AARCH64_KEY_A")
+ (UNSPEC_PACIB1716 "AARCH64_KEY_B")
+ (UNSPEC_AUTIASP "AARCH64_KEY_A")
+ (UNSPEC_AUTIBSP "AARCH64_KEY_B")
+ (UNSPEC_AUTIA1716 "AARCH64_KEY_A")
+ (UNSPEC_AUTIB1716 "AARCH64_KEY_B")])
+
+;; Pointer authentication HINT number for NOP space instructions using A and
+;; B key.
+(define_int_attr pauth_hint_num [(UNSPEC_PACIASP "25")
+ (UNSPEC_PACIBSP "27")
+ (UNSPEC_AUTIASP "29")
+ (UNSPEC_AUTIBSP "31")
+ (UNSPEC_PACIA1716 "8")
+ (UNSPEC_PACIB1716 "10")
+ (UNSPEC_AUTIA1716 "12")
+ (UNSPEC_AUTIB1716 "14")])
(define_int_attr perm_insn [(UNSPEC_ZIP1 "zip") (UNSPEC_ZIP2 "zip")
(UNSPEC_TRN1 "trn") (UNSPEC_TRN2 "trn")
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index a8efa1afd1151ca916b84fd13fceeddcbd0cd755..8ee04b6f0d80daf7f1ff4aa68aff8943b0ca8483 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -633,7 +633,8 @@ Objective-C and Objective-C++ Dialects}.
-mlow-precision-recip-sqrt -mlow-precision-sqrt -mlow-precision-div @gol
-mpc-relative-literal-loads @gol
-msign-return-address=@var{scope} @gol
--mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}] @gol
+-mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}
++@var{b-key}] @gol
-march=@var{name} -mcpu=@var{name} -mtune=@var{name} @gol
-moverride=@var{string} -mverbose-cost-dump @gol
-mstack-protector-guard=@var{guard} -mstack-protector-guard-reg=@var{sysreg} @gol
@@ -15874,7 +15875,8 @@ functions, and @samp{all}, which enables pointer signing for all functions. The
default value is @samp{none}. This option has been deprecated by
-mbranch-protection.
-@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}]
+@item -mbranch-protection=@var{none}|@var{standard}|@var{pac-ret}[+@var{leaf}
++@var{b-key}]
@opindex mbranch-protection
Select the branch protection features to use.
@samp{none} is the default and turns off all types of branch protection.
@@ -15885,7 +15887,8 @@ level.
level: signing functions that save the return address to memory (non-leaf
functions will practically always do this) using the a-key. The optional
argument @samp{leaf} can be used to extend the signing to include leaf
-functions.
+functions. The optional argument @samp{b-key} can be used to sign the functions
+with the B-key instead of the A-key.
@samp{bti} turns on branch target identification mechanism.
@item -msve-vector-bits=@var{bits}
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_ab_exception.cpp b/gcc/testsuite/gcc.target/aarch64/return_address_sign_ab_exception.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..e644333f4f569e96cc38a5e523c1008e63c5d642
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_ab_exception.cpp
@@ -0,0 +1,29 @@
+/* { dg-do run } */
+/* { dg-options "--save-temps" } */
+
+__attribute__((target("branch-protection=pac-ret+leaf")))
+int foo_a () {
+ throw 22;
+}
+
+__attribute__((target("branch-protection=pac-ret+leaf+b-key")))
+int foo_b () {
+ throw 22;
+}
+
+int main (int argc, char** argv) {
+ try {
+ foo_a ()
+ } catch (...) {
+ try {
+ foo_b ();
+ } catch (...) {
+ return 0;
+ }
+ }
+ return 1;
+}
+
+/* { dg-final { scan-assembler-times "paciasp" 1 } } */
+/* { dg-final { scan-assembler-times "pacibsp" 1 } } */
+/* { dg-final { scan-assembler-times "\t\t.cfi_b_key_frame" 1 } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_1.c b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_1.c
new file mode 100644
index 0000000000000000000000000000000000000000..32d788ddf3fb72545d7c4b9869d8e445bdaaab37
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_1.c
@@ -0,0 +1,52 @@
+/* Testing return address signing where no combined instructions used. */
+/* { dg-do compile } */
+/* { dg-options "-O2 -mbranch-protection=pac-ret+leaf+b-key" } */
+/* { dg-require-effective-target lp64 } */
+
+int foo (int);
+
+/* sibcall only. */
+int __attribute__ ((target ("arch=armv8.3-a")))
+func1 (int a, int b)
+{
+ /* pacibsp */
+ return foo (a + b);
+ /* autibsp */
+}
+
+/* non-leaf function with sibcall. */
+int __attribute__ ((target ("arch=armv8.3-a")))
+func2 (int a, int b)
+{
+ /* pacibsp */
+ if (a < b)
+ return b;
+
+ a = foo (b);
+
+ return foo (a);
+ /* autibsp */
+}
+
+/* non-leaf function, legacy arch. */
+int __attribute__ ((target ("arch=armv8.2-a")))
+func3 (int a, int b, int c)
+{
+ /* pacibsp */
+ return a + foo (b) + c;
+ /* autibsp */
+}
+
+/* eh_return. */
+void __attribute__ ((target ("arch=armv8.3-a")))
+func4 (long offset, void *handler, int *ptr, int imm1, int imm2)
+{
+ /* pacibsp */
+ *ptr = imm1 + foo (imm1) + imm2;
+ __builtin_eh_return (offset, handler);
+ /* autibsp */
+ return;
+}
+
+/* { dg-final { scan-assembler-times "pacibsp" 4 } } */
+/* { dg-final { scan-assembler-times "autibsp" 4 } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_2.c b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_2.c
new file mode 100644
index 0000000000000000000000000000000000000000..9ed64ce05911475268e9ef95e88e873e21611085
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_2.c
@@ -0,0 +1,18 @@
+/* Testing return address signing where combined instructions used. */
+/* { dg-do compile } */
+/* { dg-options "-O2 -mbranch-protection=pac-ret+leaf+b-key" } */
+/* { dg-require-effective-target lp64 } */
+
+int foo (int);
+int bar (int, int);
+
+int __attribute__ ((target ("arch=armv8.3-a")))
+func1 (int a, int b, int c)
+{
+ /* pacibsp */
+ return a + foo (b) + c;
+ /* retab */
+}
+
+/* { dg-final { scan-assembler-times "pacibsp" 1 } } */
+/* { dg-final { scan-assembler-times "retab" 1 } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_3.c b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_3.c
new file mode 100644
index 0000000000000000000000000000000000000000..111a30e0bfd246ffa3c2765955cd6d3463a7a715
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_3.c
@@ -0,0 +1,22 @@
+/* Testing the disable of return address signing. */
+/* { dg-do compile } */
+/* { dg-options "-O2 -mbranch-protection=pac-ret+leaf+b-key" } */
+/* { dg-require-effective-target lp64 } */
+
+int bar (int, int);
+
+int __attribute__ ((target ("arch=armv8.3-a, branch-protection=pac-ret+b-key")))
+func1_leaf (int a, int b, int c, int d)
+{
+ return a + b + c + d;
+}
+
+int __attribute__ ((target ("arch=armv8.3-a, branch-protection=none")))
+func2_none (int a, int b, int c, int d)
+{
+ return c + bar (a, b) + d;
+}
+
+/* { dg-final { scan-assembler-not "pacibsp" } } */
+/* { dg-final { scan-assembler-not "autibsp" } } */
+/* { dg-final { scan-assembler-not "retab" } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_exception.cpp b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_exception.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..44dcfee245e05c832f72cc58cf00ee6e726ed5b0
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_b_exception.cpp
@@ -0,0 +1,17 @@
+/* { dg-do run } */
+/* { dg-options "-mbranch-protection=pac-ret+leaf+b-key"} */
+
+int foo () {
+ throw 22;
+}
+
+int main (int argc, char** argv) {
+ try {
+ foo()
+ } catch (...) {
+ return 0;
+ }
+ return 1;
+}
+
+/* { dg-final { scan-assembler-times ".cfi_b_key_frame" 2 } } */
diff --git a/gcc/testsuite/gcc.target/aarch64/return_address_sign_builtin.c b/gcc/testsuite/gcc.target/aarch64/return_address_sign_builtin.c
new file mode 100644
index 0000000000000000000000000000000000000000..0a01bfc9da45589740f9939d780805c27379c650
--- /dev/null
+++ b/gcc/testsuite/gcc.target/aarch64/return_address_sign_builtin.c
@@ -0,0 +1,16 @@
+/* { dg-do compile } */
+/* { dg-options "-mbranch-protection=pac-ret+leaf+b-key" } */
+
+/* The correct pauth instruction should be generated no matter the return
+ address signing key/scope specified in the options. */
+
+int foo() {
+ /* { dg-final { scan-assembler-times "pacia1716" 1 } } */
+ __builtin_aarch64_pacia1716(0, 0);
+ /* { dg-final { scan-assembler-times "pacib1716" 1 } } */
+ __builtin_aarch64_pacib1716(0, 0);
+ /* { dg-final { scan-assembler-times "autia1716" 1 } } */
+ __builtin_aarch64_autia1716(0, 0);
+ /* { dg-final { scan-assembler-times "autib1716" 1 } } */
+ __builtin_aarch64_autib1716(0, 0);
+}
diff --git a/libgcc/config/aarch64/aarch64-unwind.h b/libgcc/config/aarch64/aarch64-unwind.h
index 223ac9157f1e33f711c93c54d8d9b7a4cce00206..13e6e4a6a01ad5228f15fbb40672d72d8fb4d30d 100644
--- a/libgcc/config/aarch64/aarch64-unwind.h
+++ b/libgcc/config/aarch64/aarch64-unwind.h
@@ -35,6 +35,23 @@ see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
#define MD_FROB_UPDATE_CONTEXT(context, fs) \
aarch64_frob_update_context (context, fs)
+static inline int
+aarch64_cie_signed_with_b_key (struct _Unwind_Context *context)
+{
+ const struct dwarf_fde *fde = _Unwind_Find_FDE (context->bases.func,
+ &context->bases);
+ if (fde != NULL)
+ {
+ const struct dwarf_cie *cie = get_cie (fde);
+ if (cie != NULL)
+ {
+ char *aug_str = cie->augmentation;
+ return strchr (aug_str, 'B') == NULL ? 0 : 1;
+ }
+ }
+ return 0;
+}
+
/* Do AArch64 private extraction on ADDR based on context info CONTEXT and
unwind frame info FS. If ADDR is signed, we do address authentication on it
using CFA of current frame. */
@@ -43,9 +60,11 @@ static inline void *
aarch64_post_extract_frame_addr (struct _Unwind_Context *context,
_Unwind_FrameState *fs, void *addr)
{
- if (fs->regs.reg[DWARF_REGNUM_AARCH64_RA_STATE].loc.offset & 0x1)
+ if (context->flags & RA_SIGNED_BIT)
{
_Unwind_Word salt = (_Unwind_Word) context->cfa;
+ if (aarch64_cie_signed_with_b_key (context) != 0)
+ return __builtin_aarch64_autib1716 (addr, salt);
return __builtin_aarch64_autia1716 (addr, salt);
}
else
@@ -62,9 +81,14 @@ aarch64_post_frob_eh_handler_addr (struct _Unwind_Context *current,
ATTRIBUTE_UNUSED,
void *handler_addr)
{
- if (current->flags & RA_A_SIGNED_BIT)
- return __builtin_aarch64_pacia1716 (handler_addr,
+ if (current->flags & RA_SIGNED_BIT)
+ {
+ if (aarch64_cie_signed_with_b_key (current))
+ return __builtin_aarch64_pacib1716 (handler_addr,
+ (_Unwind_Word) current->cfa);
+ return __builtin_aarch64_pacia1716 (handler_addr,
(_Unwind_Word) current->cfa);
+ }
else
return handler_addr;
}
@@ -79,7 +103,7 @@ aarch64_frob_update_context (struct _Unwind_Context *context,
{
if (fs->regs.reg[DWARF_REGNUM_AARCH64_RA_STATE].loc.offset & 0x1)
/* The flag is used for re-authenticating EH handler's address. */
- context->flags |= RA_A_SIGNED_BIT;
+ context->flags |= RA_SIGNED_BIT;
return;
}
diff --git a/libgcc/unwind-dw2-fde.c b/libgcc/unwind-dw2-fde.c
index 24b4ecee68c17e1701c4482580e449b03a4e6fe9..40ebf85a93ec840917fc4feb48a9e0f843e42324 100644
--- a/libgcc/unwind-dw2-fde.c
+++ b/libgcc/unwind-dw2-fde.c
@@ -334,6 +334,9 @@ get_cie_encoding (const struct dwarf_cie *cie)
/* LSDA encoding. */
else if (*aug == 'L')
p++;
+ /* aarch64 b-key pointer authentication. */
+ else if (*aug == 'B')
+ p++;
/* Otherwise end of string, or unknown augmentation. */
else
return DW_EH_PE_absptr;
diff --git a/libgcc/unwind-dw2.c b/libgcc/unwind-dw2.c
index e6130af2fb54d1abca80baba1af5cd1e48ee7410..e76a1cbc4620a5d2eb734e5071e60e58acf74743 100644
--- a/libgcc/unwind-dw2.c
+++ b/libgcc/unwind-dw2.c
@@ -136,8 +136,9 @@ struct _Unwind_Context
#define SIGNAL_FRAME_BIT ((~(_Unwind_Word) 0 >> 1) + 1)
/* Context which has version/args_size/by_value fields. */
#define EXTENDED_CONTEXT_BIT ((~(_Unwind_Word) 0 >> 2) + 1)
- /* Bit reserved on AArch64, return address has been signed with A key. */
-#define RA_A_SIGNED_BIT ((~(_Unwind_Word) 0 >> 3) + 1)
+ /* Bit reserved on AArch64, return address has been signed with A or B
+ key. */
+#define RA_SIGNED_BIT ((~(_Unwind_Word) 0 >> 3) + 1)
_Unwind_Word flags;
/* 0 for now, can be increased when further fields are added to
struct _Unwind_Context. */
@@ -502,6 +503,11 @@ extract_cie_info (const struct dwarf_cie *cie, struct _Unwind_Context *context,
fs->signal_frame = 1;
aug += 1;
}
+ /* aarch64 B-key pointer authentication. */
+ else if (aug[0] == 'B')
+ {
+ aug += 1;
+ }
/* Otherwise we have an unknown augmentation string.
Bail unless we saw a 'z' prefix. */
next prev parent reply other threads:[~2019-03-01 14:12 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-02 17:35 Sam Tebbs
2018-11-02 18:02 ` Sam Tebbs
2018-11-09 11:05 ` Sam Tebbs
2018-12-21 15:04 ` Sam Tebbs
2019-01-04 16:56 ` Sam Tebbs
2019-01-07 18:28 ` James Greenhalgh
2019-01-08 11:38 ` Sam Tebbs
2019-01-14 10:44 ` Kyrill Tkachov
2019-01-23 10:43 ` Sam Tebbs
2019-01-31 14:56 ` Sam Tebbs
2019-03-01 14:12 ` Sam Tebbs [this message]
2019-05-29 9:29 ` Sam Tebbs
2019-05-29 11:53 ` Christophe Lyon
2019-05-29 14:24 ` Sam Tebbs
2019-05-30 12:29 ` Sam Tebbs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=642d019c-ce63-9a3f-dcae-60795e6b20eb@arm.com \
--to=sam.tebbs@arm.com \
--cc=James.Greenhalgh@arm.com \
--cc=Marcus.Shawcroft@arm.com \
--cc=Richard.Earnshaw@arm.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=ian@airs.com \
--cc=kyrylo.tkachov@foss.arm.com \
--cc=law@redhat.com \
--cc=nd@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).