From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2070.outbound.protection.outlook.com [40.107.21.70]) by sourceware.org (Postfix) with ESMTPS id 76113385843E for ; Tue, 10 Jan 2023 16:34:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 76113385843E Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f7MhPdjyX/M/RS24m9jrTmYS0JYFwAX7s42PDlE0tFk=; b=l/aTP4JEms3Go3dCoUDWJ/ESRWfBlodtEARgWyCDOTOQffA/1+KyKRAnV8j1xK8Qh4ILLDLU1IXZRmZcauWQ6RSccTLAC2FtEza9iOydl9nLfX1HCnKp1360xfb2dIPjSVl/UHM/QqdL5ry6FB+xQTjl13L+YCy5O0RyRHLxNlY= Received: from FR0P281CA0147.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:96::11) by AS2PR08MB9500.eurprd08.prod.outlook.com (2603:10a6:20b:60c::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.18; Tue, 10 Jan 2023 16:34:10 +0000 Received: from VI1EUR03FT008.eop-EUR03.prod.protection.outlook.com (2603:10a6:d10:96:cafe::4e) by FR0P281CA0147.outlook.office365.com (2603:10a6:d10:96::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.11 via Frontend Transport; Tue, 10 Jan 2023 16:34:09 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com; Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by VI1EUR03FT008.mail.protection.outlook.com (100.127.144.70) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.18 via Frontend Transport; Tue, 10 Jan 2023 16:34:09 +0000 Received: ("Tessian outbound 8038f0863a52:v132"); Tue, 10 Jan 2023 16:34:09 +0000 X-CheckRecipientChecked: true X-CR-MTA-CID: d9d1812932405903 X-CR-MTA-TID: 64aa7808 Received: from d2714c6cfdc0.2 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 5AD558AE-287C-4F29-8CEE-A2AF20BB898F.1; Tue, 10 Jan 2023 16:34:02 +0000 Received: from EUR03-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id d2714c6cfdc0.2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 10 Jan 2023 16:34:02 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z8ZvoSFRySSwQWaLMCp3/nlOXHE+rVEsl9N7GW8sxU3LvICv3tLV/Bv3b0tyiaaZv7u+l+gjKJv5MOfXVNkeMlVnWe5qYtOVxceDI8a1hBRLJCyg763GuiaHAjSWSz9YSfGLLsA0Sh9PE0omvMfLlZORhGfL1Z0jukyEJGa8yyl+OdxNvLr3zu9ugzIbkwLHVzJmGMd+pdKqMUhgAbkwtFnIyBCJLQU0pq2C29dqwpsNLjKJCwnuXc5DieA/mHCZPZL3Io8118I2Qq/3NegjVjJoi4t7nYGMzjAdg3ctc3r1csy1HloyWoylIv+7mRvJBFfKnZKPMX9W1eTENCO3tA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=f7MhPdjyX/M/RS24m9jrTmYS0JYFwAX7s42PDlE0tFk=; b=EJrjPKni15jrALd/EaUcsysSvxDafqT9sIL8W24eHeAd6G4Ecx1mTTRLMo/f37rRHM/9to8wFezw9G0eodenT3BLr0Mf0WOAykaeXvgC5P9G74xYIh5yX8SgsDys+IPyB6Yf0GBEkE9D92bECsv7BY+0Ioab0mkS+bQm0r5JHlKEjAVsUU/OqoDkLYjlX87XLrxZSdA+hs0cT7bsL3G8YkOtmAUGtlcIgByiFBg1xXtq3ZAItXpNTONpqz3xU+KFLtjAenAmQXWepk2YyXyLF9Edp9jt9weddm+5QL8TSdAmlEMwFaKb8ZatuEBdK8tzyscU2mMYx7JlThJpupu54g== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=f7MhPdjyX/M/RS24m9jrTmYS0JYFwAX7s42PDlE0tFk=; b=l/aTP4JEms3Go3dCoUDWJ/ESRWfBlodtEARgWyCDOTOQffA/1+KyKRAnV8j1xK8Qh4ILLDLU1IXZRmZcauWQ6RSccTLAC2FtEza9iOydl9nLfX1HCnKp1360xfb2dIPjSVl/UHM/QqdL5ry6FB+xQTjl13L+YCy5O0RyRHLxNlY= Received: from PAWPR08MB8982.eurprd08.prod.outlook.com (2603:10a6:102:33f::20) by GV1PR08MB8665.eurprd08.prod.outlook.com (2603:10a6:150:82::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5986.18; Tue, 10 Jan 2023 16:34:00 +0000 Received: from PAWPR08MB8982.eurprd08.prod.outlook.com ([fe80::66e4:4940:d096:4f7]) by PAWPR08MB8982.eurprd08.prod.outlook.com ([fe80::66e4:4940:d096:4f7%9]) with mapi id 15.20.5986.018; Tue, 10 Jan 2023 16:33:59 +0000 From: Wilco Dijkstra To: Szabolcs Nagy CC: Richard Sandiford , GCC Patches Subject: Re: [PATCH] libgcc: Fix uninitialized RA signing on AArch64 [PR107678] Thread-Topic: [PATCH] libgcc: Fix uninitialized RA signing on AArch64 [PR107678] Thread-Index: AQHZBaV7QJXP5PsIOEaE2xn0UPfNoK5fraD4gC1vVrSAAwPdgIAH9Zp0 Date: Tue, 10 Jan 2023 16:33:59 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: msip_labels: Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; x-ms-traffictypediagnostic: PAWPR08MB8982:EE_|GV1PR08MB8665:EE_|VI1EUR03FT008:EE_|AS2PR08MB9500:EE_ X-MS-Office365-Filtering-Correlation-Id: fcdf823d-0934-4526-a178-08daf3288004 x-checkrecipientrouted: true nodisclaimer: true X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam-Untrusted: BCL:0; X-Microsoft-Antispam-Message-Info-Original: WDnYruiD5+GqfBFwEpR9gLs+fVteNoSaqOU+v9ROq7F/F3VJdPvXNdsqWfg6Ck07eNxqRBlZzm4wHnTJEK/cKJb1q1Qu6YJhsLfynWSO6DC1SYz6lhl80ElHwhPdf2red9E+8NeB7JhXI3BHsmyY4n6Gazy7iAIxxLmPx9u4/YMBjkgl2zmy07/VZpVTwi8LZRnZzP2yvrBQBooIUuVkBMLsJ/VPy37ohz3Y9raRms2+FOtFgiDpppchZz+NpeKy4KrbbCIukXSXfUMiuWH0bvgJVstBNOhhnZFOxGjfen1F79qXr1FxIo4M3yvsdW2KuMNZvnj2bgqpu8o4JMGfsGWQazlXN7Ip8K7qY7nlfwdhnsv6nWp6K8UxZiqCaE0yyPtjAa+AARkkyyuTrnY+Wf5N8GOk60WGjQJm6T3YnP0GACdw2WfNQqIKIn7WWaJd93chRWHrcs0ynR3ZVYAhzKF3qaT5BUiyrZZl2zWk75Nunt+OWXzqh7q1550cMD5tM+cfv7P0SmdQKJQ0odO0lHUZC72lCfwXuc9e7+e5rLCvunvcBZ3vP1SYzVyVpXVpAnHiPBY9dqzn5dn2GBDqbE4NsyrSe5e5tqdQmt8jQGlflsr9fvc2RCsVGSRLMTJalVyFQScuXCulQ0kIEhVnReVUEh/w+Ec3RTJOS8u24wUTm5lwThZzOeXy0zMdaQ33Iz095/5NeXpZdbKs2mc3TQ== X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PAWPR08MB8982.eurprd08.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(396003)(376002)(39860400002)(366004)(136003)(346002)(451199015)(2906002)(5660300002)(8676002)(41300700001)(7696005)(52536014)(8936002)(6862004)(64756008)(33656002)(66946007)(66476007)(91956017)(76116006)(66556008)(66446008)(83380400001)(4326008)(86362001)(71200400001)(186003)(316002)(55016003)(38070700005)(478600001)(9686003)(26005)(122000001)(54906003)(6636002)(38100700002)(6506007);DIR:OUT;SFP:1101; Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-Transport-CrossTenantHeadersStamped: GV1PR08MB8665 Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com; X-EOPAttributedMessage: 0 X-MS-Exchange-Transport-CrossTenantHeadersStripped: VI1EUR03FT008.eop-EUR03.prod.protection.outlook.com X-MS-PublicTrafficType: Email X-MS-Office365-Filtering-Correlation-Id-Prvs: 76ec1296-a9f0-4844-a422-08daf32879c7 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: YQHOoe29WRQOzIs0XBavjTdnW3SMqqFqztAGUrCg9WJQgtzTT2MiBbemUpLqiNxUFUMtHPcY5sJbEMVnGDfcZHoKz46CSsGMcXlMgE72hYUV0RutXAKsQFlER83dNXg1e0CMvP1IIUykSI/PAptbCHI1ldtjYWnA0jHWK6gUupdY1UXqIQUizqDq0IDYjMWL+axD5iwcWQexMwaCQ5zL+lFLjJvT0NHRTW0JQAPl5Mbg9fOTuC4CQzFL6JX0/FBAVeA4AQOgl6U0YzUDgYf4JJjohE2FxfqLSP8aAKVETTLsCe7CV5cuAXuH0pCDMaohPQ39/Iou7JyBX6MpznVw0NN9fGgAqHBzsF4vMn6ZPYnLRIKVAV9cMFYAgYL1gtQ2hCpUdkIyS859QAnhYreRs64lM27IzUNzoC8cnEa+PQjinmqK16FTZsGn+3GN2zHGgcqxSM5o+yCQMa1oaVXCqVMDkfanhj4rUjeEjzI3Rg/KUEnsOHgkuze/hBDU0ahKmJ5aLLm3FnwWEy4NliZho1NVtT4PlfLrQEqGsaP+8hpMMT48cAIgogfmsG1eupxvu3nO5bwksYKlcu1UQg7JZufmIVThtlehixiAnVp8VP0vU/7e907h+CC3it/fizrKAVQj9KyKJtt1CLgETs1u/cE9MrUysMnKsqJqgCWnUqCKIyaqqOGo5vYHaX04eqrer8yaCZ+Pd5zBWENvsKmvCQ== X-Forefront-Antispam-Report: CIP:63.35.35.123;CTRY:IE;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:64aa7808-outbound-1.mta.getcheckrecipient.com;PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com;CAT:NONE;SFS:(13230022)(4636009)(376002)(136003)(396003)(346002)(39860400002)(451199015)(46966006)(40470700004)(36840700001)(2906002)(82310400005)(47076005)(83380400001)(336012)(36860700001)(81166007)(7696005)(9686003)(55016003)(5660300002)(40480700001)(33656002)(52536014)(8936002)(26005)(186003)(6636002)(6862004)(6506007)(478600001)(70586007)(70206006)(54906003)(8676002)(41300700001)(356005)(86362001)(316002)(40460700003)(4326008)(82740400003);DIR:OUT;SFP:1101; X-OriginatorOrg: arm.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Jan 2023 16:34:09.6968 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: fcdf823d-0934-4526-a178-08daf3288004 X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d;Ip=[63.35.35.123];Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com] X-MS-Exchange-CrossTenant-AuthSource: VI1EUR03FT008.eop-EUR03.prod.protection.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS2PR08MB9500 X-Spam-Status: No, score=-11.0 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,FORGED_SPF_HELO,GIT_PATCH_0,KAM_DMARC_NONE,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,TXREP,UNPARSEABLE_RELAY autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hi Szabolcs,=0A= =0A= > i would keep the assert: how[reg] must be either UNSAVED or UNDEFINED=0A= > here, other how[reg] means the toggle cfi instruction is mixed with=0A= > incompatible instructions for the pseudo reg.=0A= >=0A= > and i would add a comment about this e.g. saying that UNSAVED/UNDEFINED= =0A= > how[reg] is used for tracking the return address signing status and=0A= > other how[reg] is not allowed here.=0A= =0A= I've added the assert back and updated the comment.=0A= =0A= Cheers,=0A= Wilco=0A= =0A= v3: Improve comments, add assert.=0A= =0A= A recent change only initializes the regs.how[] during Dwarf unwinding=0A= which resulted in an uninitialized offset used in return address signing=0A= and random failures during unwinding. The fix is to encode the return=0A= address signing state in REG_UNSAVED and REG_UNDEFINED.=0A= =0A= Passes bootstrap & regress, OK for commit?=0A= =0A= libgcc/=0A= PR target/107678=0A= * unwind-dw2.c (execute_cfa_program): Use REG_UNSAVED/UNDEFINED=0A= to encode return address signing state.=0A= * config/aarch64/aarch64-unwind.h (aarch64_demangle_return_addr)=0A= Check current return address signing state.=0A= (aarch64_frob_update_contex): Remove.=0A= =0A= ---=0A= =0A= diff --git a/libgcc/config/aarch64/aarch64-unwind.h b/libgcc/config/aarch64= /aarch64-unwind.h=0A= index 26db9cbd9e5c526e0c410a4fc6be2bedb7d261cf..1afc3f9d308b95bc787398263e6= 29bab226ff1ba 100644=0A= --- a/libgcc/config/aarch64/aarch64-unwind.h=0A= +++ b/libgcc/config/aarch64/aarch64-unwind.h=0A= @@ -29,8 +29,6 @@ see the files COPYING3 and COPYING.RUNTIME respectively. = If not, see=0A= =0A= #define MD_DEMANGLE_RETURN_ADDR(context, fs, addr) \=0A= aarch64_demangle_return_addr (context, fs, addr)=0A= -#define MD_FROB_UPDATE_CONTEXT(context, fs) \=0A= - aarch64_frob_update_context (context, fs)=0A= =0A= static inline int=0A= aarch64_cie_signed_with_b_key (struct _Unwind_Context *context)=0A= @@ -55,42 +53,27 @@ aarch64_cie_signed_with_b_key (struct _Unwind_Context *= context)=0A= =0A= static inline void *=0A= aarch64_demangle_return_addr (struct _Unwind_Context *context,=0A= - _Unwind_FrameState *fs ATTRIBUTE_UNUSED,=0A= + _Unwind_FrameState *fs,=0A= _Unwind_Word addr_word)=0A= {=0A= void *addr =3D (void *)addr_word;=0A= - if (context->flags & RA_SIGNED_BIT)=0A= + const int reg =3D DWARF_REGNUM_AARCH64_RA_STATE;=0A= +=0A= + if (fs->regs.how[reg] =3D=3D REG_UNSAVED)=0A= + return addr;=0A= +=0A= + /* Return-address signing state is toggled by DW_CFA_GNU_window_save (wh= ere=0A= + REG_UNDEFINED means enabled), or set by a DW_CFA_expression. */=0A= + if (fs->regs.how[reg] =3D=3D REG_UNDEFINED=0A= + || (_Unwind_GetGR (context, reg) & 0x1) !=3D 0)=0A= {=0A= _Unwind_Word salt =3D (_Unwind_Word) context->cfa;=0A= if (aarch64_cie_signed_with_b_key (context) !=3D 0)=0A= return __builtin_aarch64_autib1716 (addr, salt);=0A= return __builtin_aarch64_autia1716 (addr, salt);=0A= }=0A= - else=0A= - return addr;=0A= -}=0A= -=0A= -/* Do AArch64 private initialization on CONTEXT based on frame info FS. M= ark=0A= - CONTEXT as return address signed if bit 0 of DWARF_REGNUM_AARCH64_RA_ST= ATE is=0A= - set. */=0A= -=0A= -static inline void=0A= -aarch64_frob_update_context (struct _Unwind_Context *context,=0A= - _Unwind_FrameState *fs)=0A= -{=0A= - const int reg =3D DWARF_REGNUM_AARCH64_RA_STATE;=0A= - int ra_signed;=0A= - if (fs->regs.how[reg] =3D=3D REG_UNSAVED)=0A= - ra_signed =3D fs->regs.reg[reg].loc.offset & 0x1;=0A= - else=0A= - ra_signed =3D _Unwind_GetGR (context, reg) & 0x1;=0A= - if (ra_signed)=0A= - /* The flag is used for re-authenticating EH handler's address. */=0A= - context->flags |=3D RA_SIGNED_BIT;=0A= - else=0A= - context->flags &=3D ~RA_SIGNED_BIT;=0A= =0A= - return;=0A= + return addr;=0A= }=0A= =0A= #endif /* defined AARCH64_UNWIND_H && defined __ILP32__ */=0A= diff --git a/libgcc/unwind-dw2.c b/libgcc/unwind-dw2.c=0A= index eaceace20298b9b13344aff9d1fe9ee5f9c7bd73..55fe35520106e848c5d4aea4e71= 04bf4a0c14891 100644=0A= --- a/libgcc/unwind-dw2.c=0A= +++ b/libgcc/unwind-dw2.c=0A= @@ -139,7 +139,6 @@ struct _Unwind_Context=0A= #define EXTENDED_CONTEXT_BIT ((~(_Unwind_Word) 0 >> 2) + 1)=0A= /* Bit reserved on AArch64, return address has been signed with A or B= =0A= key. */=0A= -#define RA_SIGNED_BIT ((~(_Unwind_Word) 0 >> 3) + 1)=0A= _Unwind_Word flags;=0A= /* 0 for now, can be increased when further fields are added to=0A= struct _Unwind_Context. */=0A= @@ -1204,10 +1203,15 @@ execute_cfa_program (const unsigned char *insn_ptr,= =0A= case DW_CFA_GNU_window_save:=0A= #if defined (__aarch64__) && !defined (__ILP32__)=0A= /* This CFA is multiplexed with Sparc. On AArch64 it's used to toggle= =0A= - return address signing status. */=0A= + return address signing status. The REG_UNDEFINED/UNSAVED states=0A= + mean RA signing is enabled/disabled. */=0A= reg =3D DWARF_REGNUM_AARCH64_RA_STATE;=0A= - gcc_assert (fs->regs.how[reg] =3D=3D REG_UNSAVED);=0A= - fs->regs.reg[reg].loc.offset ^=3D 1;=0A= + gcc_assert (fs->regs.how[reg] =3D=3D REG_UNSAVED=0A= + || fs->regs.how[reg] =3D=3D REG_UNDEFINED);=0A= + if (fs->regs.how[reg] =3D=3D REG_UNSAVED)=0A= + fs->regs.how[reg] =3D REG_UNDEFINED;=0A= + else=0A= + fs->regs.how[reg] =3D REG_UNSAVED;=0A= #else=0A= /* ??? Hardcoded for SPARC register window configuration. */=0A= if (__LIBGCC_DWARF_FRAME_REGISTERS__ >=3D 32)=0A= =0A=