From: Sandra Loosemore <sandra@codesourcery.com>
To: "Tsimbalist, Igor V" <igor.v.tsimbalist@intel.com>,
"gcc-patches@gcc.gnu.org" <gcc-patches@gcc.gnu.org>
Cc: Uros Bizjak <ubizjak@gmail.com>
Subject: Re: PR84239, Reimplement CET intrinsics for rdssp/incssp insn
Date: Fri, 09 Feb 2018 18:42:00 -0000 [thread overview]
Message-ID: <8f880caf-b053-781a-f5e3-aa6df33ae61d@codesourcery.com> (raw)
In-Reply-To: <D511F25789BA7F4EBA64C8A63891A00291FB27C0@IRSMSX102.ger.corp.intel.com>
On 02/09/2018 05:50 AM, Tsimbalist, Igor V wrote:
> Introduce a couple of new CET intrinsics for reading and updating a shadow stack
> pointer (_get_ssp and _inc_ssp), which are more user friendly. They replace the existing
> _rdssp[d|q] and _incssp[d|q] instrinsics. The _get_ssp intrinsic has more deterministic
> semantic: it returns a value of the shadow stack pointer if HW is CET capable and
> 0 otherwise.
>
> Ok for trunk?
Just reviewing the documentation part:
> diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
> index cb9df97..9f25dd9 100644
> --- a/gcc/doc/extend.texi
> +++ b/gcc/doc/extend.texi
> @@ -12461,6 +12461,7 @@ instructions, but allow the compiler to schedule those calls.
> * TILEPro Built-in Functions::
> * x86 Built-in Functions::
> * x86 transactional memory intrinsics::
> +* x86 control-flow protection intrinsics::
> @end menu
>
> @node AArch64 Built-in Functions
> @@ -21772,13 +21773,17 @@ void __builtin_ia32_wrpkru (unsigned int)
> unsigned int __builtin_ia32_rdpkru ()
> @end smallexample
>
> -The following built-in functions are available when @option{-mcet} is used.
> -They are used to support Intel Control-flow Enforcment Technology (CET).
> -Each built-in function generates the machine instruction that is part of the
> -function's name.
> +The following built-in functions are available when @option{-mcet} or
> +@option{-mshstk} option is used. They support shadow stack
> +machine instructions from Intel Control-flow Enforcment Technology (CET).
s/Enforcment/Enforcement/
> +Each built-in function generates the machine instruction that is part
> +of the function's name. These are the internal low level functions.
s/low level/low-level/
> +Normally the functions in @ref{x86 control-flow protection intrinsics}
> +should be used instead.
> +
> @smallexample
> -unsigned int __builtin_ia32_rdsspd (unsigned int)
> -unsigned long long __builtin_ia32_rdsspq (unsigned long long)
> +unsigned int __builtin_ia32_rdsspd (void)
> +unsigned long long __builtin_ia32_rdsspq (void)
> void __builtin_ia32_incsspd (unsigned int)
> void __builtin_ia32_incsspq (unsigned long long)
> void __builtin_ia32_saveprevssp(void);
> @@ -21885,6 +21890,51 @@ else
> Note that, in most cases, the transactional and non-transactional code
> must synchronize together to ensure consistency.
>
> +@node x86 control-flow protection intrinsics
> +@subsection x86 Control-Flow Protection Intrinsics
> +
> +@deftypefn {CET Function} {ret_type} _get_ssp (void)
> +The @code{ret_type} is @code{unsigned long long} for x86-64 platform
> +and @code{unsigned int} for x86 pltform.
I'd prefer the sentence about the return type be placed after the
description of what the function does. And please fix typos:
s/x86-64 platform/64-bit targets/
s/x86 pltform/32-bit targets/
> +Get the current value of shadow stack pointer if shadow stack support
> +from Intel CET is enabled in the HW or @code{0} otherwise.
s/HW/hardware,/
> +@end deftypefn
> +
> +@deftypefn {CET Function} void _inc_ssp (unsigned int)
> +Increment the current shadow stack pointer by the size specified by the
> +function argument. For security reason only unsigned byte value is used
> +from the argument. Therefore for the size greater than @code{255} the
> +function should be called several times.
How about rephrasing the last two sentences:
The argument is masked to a byte value for security reasons, so to
increment by more than 255 bytes you must call the function multiple times.
> +@end deftypefn
> +
> +The shadow stack unwind code looks like:
> +
> +@smallexample
> +#include <immintrin.h>
> +
> +/* Unwind the shadow stack for EH. */
> +#define _Unwind_Frames_Extra(x) \
> + do \
> + @{ \
> + _Unwind_Word ssp = _get_ssp (); \
> + if (ssp != 0) \
> + @{ \
> + _Unwind_Word tmp = (x); \
> + while (tmp > 255) \
> + @{ \
> + _inc_ssp (tmp); \
> + tmp -= 255; \
> + @} \
> + _inc_ssp (tmp); \
> + @} \
> + @} \
> + while (0)
> +@end smallexample
Tabs in Texinfo input don't work well. Please use spaces to format code
environments.
> +
> +@noindent
> +This code runs unconditionally on all x86-64 processors and all x86
> +processors that support multi-byte NOP instructions.
s/x86-64 and all x86/32-bit and 64-bit/
> +
> @node Target Format Checks
> @section Format Checks Specific to Particular Target Machines
>
-Sandra
next prev parent reply other threads:[~2018-02-09 18:42 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-02-09 12:51 Tsimbalist, Igor V
2018-02-09 18:42 ` Sandra Loosemore [this message]
2018-02-12 14:16 ` Tsimbalist, Igor V
2018-02-14 7:07 ` Jeff Law
2018-02-15 0:24 ` Joseph Myers
2018-02-15 16:36 ` Tsimbalist, Igor V
2018-02-15 21:20 ` Joseph Myers
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8f880caf-b053-781a-f5e3-aa6df33ae61d@codesourcery.com \
--to=sandra@codesourcery.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=igor.v.tsimbalist@intel.com \
--cc=ubizjak@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).