From: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>
To: Andrea Corallo <andrea.corallo@arm.com>
Cc: Andrea Corallo via Gcc-patches <gcc-patches@gcc.gnu.org>,
Richard Earnshaw <Richard.Earnshaw@arm.com>, nd <nd@arm.com>
Subject: Re: [PATCH 10/15 V5] arm: Implement cortex-M return signing address codegen
Date: Mon, 12 Dec 2022 10:53:08 +0000 [thread overview]
Message-ID: <9643aa03-b0d0-6c8b-c668-a1a6e5814c6e@foss.arm.com> (raw)
In-Reply-To: <gkr8rjgu0gv.fsf_-_@arm.com>
On 09/12/2022 14:16, Andrea Corallo via Gcc-patches wrote:
> Hi Richard,
>
> thanks for reviewing.
>
> Richard Earnshaw <Richard.Earnshaw@foss.arm.com> writes:
>
>> On 07/11/2022 08:57, Andrea Corallo via Gcc-patches wrote:
>>> Hi all,
>>> please find attached the lastest version of this patch incorporating
>>> some
>>> more improvents. Feel free to ignore V3.
>>> Best Regards
>>> Andrea
>>>
>>
>>> As part of previous upstream suggestions a test for varargs has been
>>> added and '-mtpcs-frame' is deemed being incompatible with this return
>>> signing address feature being introduced.
>>
>> I don't see any check for the tpcs-frame incompatibility? What
>> happens if a user does combine the options?
>
> Check added.
>
>> gcc/Changelog
>>
>> 2021-11-03 Andrea Corallo <andrea.corallo@arm.com>
>>
>> * config/arm/arm.h (arm_arch8m_main): Declare it.
>> * config/arm/arm.cc (arm_arch8m_main): Define it.
>> (arm_option_reconfigure_globals): Set arm_arch8m_main.
>> (arm_compute_frame_layout, arm_expand_prologue)
>> (thumb2_expand_return, arm_expand_epilogue)
>> (arm_conditional_register_usage): Update for pac codegen.
>> (arm_current_function_pac_enabled_p): New function.
>> * config/arm/arm.md (pac_ip_lr_sp, pacbti_ip_lr_sp, aut_ip_lr_sp):
>> Add new patterns.
>> * config/arm/unspecs.md (UNSPEC_PAC_IP_LR_SP)
>> (UNSPEC_PACBTI_IP_LR_SP, UNSPEC_AUT_IP_LR_SP): Add unspecs.
>>
>> You're missing an entry for aarch_bti_enabled () - yes I realize
>> that's just a placeholder at present and will be fully defined in
>> patch 12.
>
> Fixed
>
>> +static bool
>> +aarch_bti_enabled ()
>> +{
>> + return false;
>> +}
>> +
>>
>> No comment on this function (and in patch 12 it moves to a different
>> location). It would be best to have it in the right place at this
>> point in time.
>>
>> + clobber_ip = (IS_NESTED (func_type)
>> + && (((TARGET_APCS_FRAME && frame_pointer_needed &&
>> TARGET_ARM)
>> + || ((flag_stack_check == STATIC_BUILTIN_STACK_CHECK
>> + || flag_stack_clash_protection)
>> + && !df_regs_ever_live_p (LR_REGNUM)
>> + && arm_r3_live_at_start_p ()))
>> + || (arm_current_function_pac_enabled_p ())));
>>
>> Redundant parenthesis around arm_current_function_pac_enabled_p () call.
>
> Fixed
>
>> + gcc_assert(arm_compute_static_chain_stack_bytes() == 4
>> + || arm_current_function_pac_enabled_p ());
>>
>> I wonder if this assert is now really serving a useful purpose. I'd
>> consider removing it.
>
> Removed
>
>> @@ -27309,7 +27340,7 @@ thumb2_expand_return (bool simple_return)
>> to assert it for now to ensure that future code changes do not silently
>> change this behavior. */
>> gcc_assert (!IS_CMSE_ENTRY (arm_current_func_type ()));
>> - if (num_regs == 1)
>> + if (num_regs == 1 && !arm_current_function_pac_enabled_p ())
>> {
>> rtx par = gen_rtx_PARALLEL (VOIDmode, rtvec_alloc (2));
>> rtx reg = gen_rtx_REG (SImode, PC_REGNUM);
>> @@ -27324,10 +27355,20 @@ thumb2_expand_return (bool simple_return)
>> }
>> else
>> {
>> - saved_regs_mask &= ~ (1 << LR_REGNUM);
>> - saved_regs_mask |= (1 << PC_REGNUM);
>> - arm_emit_multi_reg_pop (saved_regs_mask);
>> - }
>> + if (arm_current_function_pac_enabled_p ())
>> + {
>> + gcc_assert (!(saved_regs_mask & (1 << PC_REGNUM)));
>> + arm_emit_multi_reg_pop (saved_regs_mask);
>> + emit_insn (gen_aut_nop ());
>> + emit_jump_insn (simple_return_rtx);
>> + }
>> + else
>> + {
>> + saved_regs_mask &= ~ (1 << LR_REGNUM);
>> + saved_regs_mask |= (1 << PC_REGNUM);
>> + arm_emit_multi_reg_pop (saved_regs_mask);
>> + }
>> + }
>> }
>> else
>>
>> The logic for these blocks would, I think, be better expressed as
>>
>> if (pac_enabled)
>> ...
>> else if (num_regs == 1)
>> ... // existing code
>> else
>> ... // existing code
>
> Done
>
>> Also, I think (out of an abundance of caution) we really need a
>> scheduling barrier placed before calls to gen_aut_nop() pattern is
>> emitted, to ensure that the scheduler never tries to move this
>> instruction away from the position we place it. Use gen_blockage()
>> for that (see TARGET_SCHED_PROLOG). Alternatively, we could make the
>> UNSPEC_PAC_NOP an unspec_volatile, which has the same effect (IIRC)
>> without needing an additional insn - if you use this approach, then
>> please make sure this is explained in a comment.
>>
>> +(define_insn "pacbti_nop"
>> + [(set (reg:SI IP_REGNUM)
>> + (unspec:SI [(reg:SI SP_REGNUM) (reg:SI LR_REGNUM)]
>> + UNSPEC_PACBTI_NOP))]
>> + "arm_arch8m_main"
>> + "pacbti\t%|ip, %|lr, %|sp"
>> + [(set_attr "conds" "unconditional")])
>>
>> The additional side-effect of this being a BTI landing pad means that
>> we mustn't move any other instruction before it. So I think this
>> needs to be an unspec_volatile as well.
>
> Done
>
>> On the tests, they are OK as they stand, but we lack anything that
>> will be tested when suitable hardware is unavailable (all tests are
>> "dg-do run"). Can we please have some compile-only tests as well?
>
> Added three compile only tests.
>
> Please find attached the latest version of the patch.
>
> BR
>
> Andrea
>
+ if (TARGET_TPCS_FRAME)
+ error ("Return address signing and %<-mtpcs-frame%> are
incompatible.");
So really this is 'not implemented' rather than not compatible - I don't
see why we couldn't implement this if we really wanted to. It's not
worth implementing it because tpcs-frames are very much legacy these days.
So the message should use sorry() and say 'is not supported' rather than
'are incompatible'.
+(define_insn "pacbti_nop"
+ [(set (reg:SI IP_REGNUM)
+ (unspec:SI [(reg:SI SP_REGNUM) (reg:SI LR_REGNUM)]
+ VUNSPEC_PACBTI_NOP))]
No, this needs to be unspec_volatile, not unspec.
+(define_insn "aut_nop"
+ [(unspec:SI [(reg:SI IP_REGNUM) (reg:SI SP_REGNUM) (reg:SI LR_REGNUM)]
+ VUNSPEC_AUT_NOP)]
Similarly.
R.
next prev parent reply other threads:[~2022-12-12 10:53 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-12 14:26 [PATCH 0/15] arm: Enables return address verification and branch target identification on Cortex-M Andrea Corallo
2022-08-12 15:14 ` [PATCH 1/15] arm: Make mbranch-protection opts parsing common to AArch32/64 Andrea Corallo
2022-12-22 17:04 ` [PATCH 1/15 V2] " Andrea Corallo
2023-01-11 10:48 ` Richard Earnshaw
2022-08-12 15:15 ` [PATCH 2/15] arm: Add Armv8.1-M Mainline target feature +pacbti Andrea Corallo
2022-08-12 15:21 ` [PATCH 3/15] arm: Add option -mbranch-protection Andrea Corallo
2022-08-12 15:22 ` [PATCH 4/15] arm: Add testsuite library support for PACBTI target Andrea Corallo
2022-08-12 15:26 ` [PATCH 5/15] arm: Implement target feature macros for PACBTI Andrea Corallo
2022-08-12 15:29 ` [PATCH 6/15] arm: Add pointer authentication for stack-unwinding runtime Andrea Corallo
2022-08-12 15:30 ` [PATCH 7/15] arm: Emit build attributes for PACBTI target feature Andrea Corallo
2022-09-05 16:53 ` Andrea Corallo
2022-10-20 14:47 ` Kyrylo Tkachov
2022-10-20 15:15 ` Richard Earnshaw
2022-10-21 12:19 ` Richard Earnshaw
2022-08-12 15:33 ` [PATCH 8/15] arm: Introduce multilibs " Andrea Corallo
2022-08-12 15:34 ` [PATCH 9/15] arm: Set again stack pointer as CFA reg when popping if necessary Andrea Corallo
2022-09-05 16:52 ` Andrea Corallo
2022-09-27 9:03 ` Kyrylo Tkachov
2022-09-27 10:05 ` Andrea Corallo
2022-09-27 15:24 ` Kyrylo Tkachov
2022-10-21 12:30 ` Richard Earnshaw
2022-10-26 8:49 ` Andrea Corallo
2022-11-08 14:57 ` Richard Earnshaw
2023-01-09 14:58 ` Andrea Corallo
2023-01-09 15:57 ` Richard Earnshaw
2023-01-09 16:48 ` Richard Earnshaw
2023-01-09 17:22 ` Richard Earnshaw
2023-01-11 9:55 ` Andrea Corallo
2022-08-12 15:36 ` [PATCH 10/15] arm: Implement cortex-M return signing address codegen Andrea Corallo
2022-09-05 16:55 ` Andrea Corallo
2022-09-14 14:20 ` [PATCH 10/15 V2] " Andrea Corallo
2022-10-21 12:58 ` Richard Earnshaw
2022-10-26 15:48 ` Andrea Corallo
2022-10-28 16:34 ` [PATCH 10/15 V3] " Andrea Corallo
2022-11-07 8:57 ` [PATCH 10/15 V4] " Andrea Corallo
2022-12-05 16:38 ` Richard Earnshaw
2022-12-09 14:16 ` [PATCH 10/15 V5] " Andrea Corallo
2022-12-12 10:53 ` Richard Earnshaw [this message]
2022-12-14 16:35 ` [PATCH 10/15 V6] " Andrea Corallo
2022-12-14 16:45 ` Richard Earnshaw
2023-01-11 9:58 ` [PATCH 10/15 V7] " Andrea Corallo
2023-01-11 10:39 ` Richard Earnshaw
2022-08-12 15:40 ` [PATCH 11/15] aarch64: Make bti pass generic so it can be used by the arm backend Andrea Corallo
2022-09-05 16:56 ` Andrea Corallo
2022-09-27 9:10 ` Kyrylo Tkachov
2022-08-12 15:41 ` [PATCH 12/15] arm: implement bti injection Andrea Corallo
2022-09-05 16:56 ` Andrea Corallo
2022-09-27 9:18 ` Kyrylo Tkachov
2022-09-29 15:45 ` [PATCH 12/15 V2] " Andrea Corallo
2022-10-20 14:56 ` Kyrylo Tkachov
2022-10-28 16:40 ` [PATCH 12/15 V3] " Andrea Corallo
2022-12-05 17:02 ` Richard Earnshaw
2022-12-14 16:40 ` [PATCH 12/15 V4] " Andrea Corallo
2022-12-14 17:00 ` Richard Earnshaw
2022-12-14 17:03 ` Richard Earnshaw
2022-12-22 17:13 ` [PATCH 12/15 V5] " Andrea Corallo
2023-01-11 15:08 ` Richard Earnshaw
2022-08-12 16:44 ` [PATCH 0/15] arm: Enables return address verification and branch target identification on Cortex-M Andrea Corallo
2022-08-12 17:10 ` [PATCH 13/15] arm: Add pacbti related multilib support for armv8.1-m.main Srinath Parvathaneni
2022-10-21 13:00 ` Richard Earnshaw
2022-09-21 8:07 ` [PING][PATCH 0/15] arm: Enables return address verification and branch target identification on Cortex-M Andrea Corallo
2022-10-21 13:01 ` Richard Earnshaw
2022-10-21 13:32 ` Andrea Corallo
2022-12-05 14:10 ` Andrea Corallo
2022-12-05 14:19 ` Kyrylo Tkachov
2023-01-23 10:50 ` [PATCH " Andrea Corallo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9643aa03-b0d0-6c8b-c668-a1a6e5814c6e@foss.arm.com \
--to=richard.earnshaw@foss.arm.com \
--cc=Richard.Earnshaw@arm.com \
--cc=andrea.corallo@arm.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=nd@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).