From: Andrea Corallo <andrea.corallo@arm.com>
To: Richard Earnshaw <Richard.Earnshaw@foss.arm.com>
Cc: Andrea Corallo via Gcc-patches <gcc-patches@gcc.gnu.org>,
"Richard Earnshaw" <Richard.Earnshaw@arm.com>, nd <nd@arm.com>
Subject: Re: [PATCH 10/15 V2] arm: Implement cortex-M return signing address codegen
Date: Wed, 26 Oct 2022 17:48:00 +0200 [thread overview]
Message-ID: <gkrfsfasi1b.fsf@arm.com> (raw)
In-Reply-To: <ba680c8d-a24f-477e-6a8a-24a1e94daf33@foss.arm.com> (Richard Earnshaw's message of "Fri, 21 Oct 2022 13:58:13 +0100")
Richard Earnshaw <Richard.Earnshaw@foss.arm.com> writes:
> On 14/09/2022 15:20, Andrea Corallo via Gcc-patches wrote:
>> Hi all,
>>
>> this patch enables address return signature and verification based on
>> Armv8.1-M Pointer Authentication [1].
>>
>> To sign the return address, we use the PAC R12, LR, SP instruction
>> upon function entry. This is signing LR using SP and storing the
>> result in R12. R12 will be pushed into the stack.
>>
>> During function epilogue R12 will be popped and AUT R12, LR, SP will
>> be used to verify that the content of LR is still valid before return.
>>
>> Here an example of PAC instrumented function prologue and epilogue:
>>
>> void foo (void);
>>
>> int main()
>> {
>> foo ();
>> return 0;
>> }
>>
>> Compiled with '-march=armv8.1-m.main -mbranch-protection=pac-ret
>> -mthumb' translates into:
>>
>> main:
>> pac ip, lr, sp
>> push {r3, r7, ip, lr}
>> add r7, sp, #0
>> bl foo
>> movs r3, #0
>> mov r0, r3
>> pop {r3, r7, ip, lr}
>> aut ip, lr, sp
>> bx lr
>>
>> The patch also takes care of generating a PACBTI instruction in place
>> of the sequence BTI+PAC when Branch Target Identification is enabled
>> contextually.
>>
>> Ex. the previous example compiled with '-march=armv8.1-m.main
>> -mbranch-protection=pac-ret+bti -mthumb' translates into:
>>
>> main:
>> pacbti ip, lr, sp
>> push {r3, r7, ip, lr}
>> add r7, sp, #0
>> bl foo
>> movs r3, #0
>> mov r0, r3
>> pop {r3, r7, ip, lr}
>> aut ip, lr, sp
>> bx lr
>>
>> As part of previous upstream suggestions a test for varargs has been
>> added and '-mtpcs-frame' is deemed being incompatible with this return
>> signing address feature being introduced.
>>
>> [1] <https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/armv8-1-m-pointer-authentication-and-branch-target-identification-extension>
>>
>> gcc/Changelog
>>
>> 2021-11-03 Andrea Corallo <andrea.corallo@arm.com>
>>
>> * config/arm/arm.c: (arm_compute_frame_layout)
>> (arm_expand_prologue, thumb2_expand_return, arm_expand_epilogue)
>> (arm_conditional_register_usage): Update for pac codegen.
>> (arm_current_function_pac_enabled_p): New function.
>> * config/arm/arm.md (pac_ip_lr_sp, pacbti_ip_lr_sp, aut_ip_lr_sp):
>> Add new patterns.
>> * config/arm/unspecs.md (UNSPEC_PAC_IP_LR_SP)
>> (UNSPEC_PACBTI_IP_LR_SP, UNSPEC_AUT_IP_LR_SP): Add unspecs.
>>
>> gcc/testsuite/Changelog
>>
>> 2021-11-03 Andrea Corallo <andrea.corallo@arm.com>
>>
>> * gcc.target/arm/pac.h : New file.
>> * gcc.target/arm/pac-1.c : New test case.
>> * gcc.target/arm/pac-2.c : Likewise.
>> * gcc.target/arm/pac-3.c : Likewise.
>> * gcc.target/arm/pac-4.c : Likewise.
>> * gcc.target/arm/pac-5.c : Likewise.
>> * gcc.target/arm/pac-6.c : Likewise.
>> * gcc.target/arm/pac-7.c : Likewise.
>> * gcc.target/arm/pac-8.c : Likewise.
>>
>
> + if (arm_current_function_pac_enabled_p () && !(arm_arch7 &&
> arm_arch_cmse))
> + error ("This architecture does not support branch protection
> instructions");
>
> This test feels wrong. What does having cmse give us? I suspect you
> want a test that ensures we have at least v8-m.main so that the NOP
> instructions are correctly defined as NOPs (or, in this case, PACBTI
> instructions) rather than unpredictable; but if that's the case then I
> think you really want to write the test that way here (perhaps in a
> macro) and then move this test into that so that it becomes
> self-documenting - but don't we have a v8-m.main test anyway?
Yep
> + if (arm_current_function_pac_enabled_p ())
> + {
> + gcc_assert (!(saved_regs_mask & (1 << PC_REGNUM)));
> + arm_emit_multi_reg_pop (saved_regs_mask);
> + emit_insn (gen_aut_nop ());
> + emit_jump_insn (simple_return_rtx);
> + }
>
> The assert is using indents that are just spaces, but the other lines
> use tabs. Please use tabs everywhere rather than mixing like this.
Ack.
> +/* Return TRUE if return address signing mechanism is enabled. */
> +bool
> +arm_current_function_pac_enabled_p (void)
> +{
> + return aarch_ra_sign_scope == AARCH_FUNCTION_ALL
> + || (aarch_ra_sign_scope == AARCH_FUNCTION_NON_LEAF
> + && !crtl->is_leaf);
> +}
>
> This is a case where you should use parenthesis around the expression so
> that the continuation lines are correctly indented.
Ack.
> @@ -11518,7 +11518,7 @@ (define_expand "prologue"
> arm_expand_prologue ();
> else
> thumb1_expand_prologue ();
> - DONE;
> + DONE;
> "
> )
>
> Although this is a trivial cleanup, it has nothing to do with this
> patch. Please remove.
Okay.
> + "arm_arch7 && arm_arch_cmse"
>
> See my comments earlier about this test; the same applies here.
>
> + (unspec:SI [(reg:SI SP_REGNUM) (reg:SI LR_REGNUM)]
> + UNSPEC_PAC_NOP))]
> +
> Again you have a mix of lines indented with tabs and lines indented with
> just spaces. Similarly with pacbti_nop and aut_nop.
>
> Do you have a test for the nested functions case (I can't see it, but
> perhaps I've missed it somewhere)?
We have gcc/testsuite/gcc.target/arm/pac-7.c added by this patch.
> R.
Andrea
next prev parent reply other threads:[~2022-10-26 15:48 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-12 14:26 [PATCH 0/15] arm: Enables return address verification and branch target identification on Cortex-M Andrea Corallo
2022-08-12 15:14 ` [PATCH 1/15] arm: Make mbranch-protection opts parsing common to AArch32/64 Andrea Corallo
2022-12-22 17:04 ` [PATCH 1/15 V2] " Andrea Corallo
2023-01-11 10:48 ` Richard Earnshaw
2022-08-12 15:15 ` [PATCH 2/15] arm: Add Armv8.1-M Mainline target feature +pacbti Andrea Corallo
2022-08-12 15:21 ` [PATCH 3/15] arm: Add option -mbranch-protection Andrea Corallo
2022-08-12 15:22 ` [PATCH 4/15] arm: Add testsuite library support for PACBTI target Andrea Corallo
2022-08-12 15:26 ` [PATCH 5/15] arm: Implement target feature macros for PACBTI Andrea Corallo
2022-08-12 15:29 ` [PATCH 6/15] arm: Add pointer authentication for stack-unwinding runtime Andrea Corallo
2022-08-12 15:30 ` [PATCH 7/15] arm: Emit build attributes for PACBTI target feature Andrea Corallo
2022-09-05 16:53 ` Andrea Corallo
2022-10-20 14:47 ` Kyrylo Tkachov
2022-10-20 15:15 ` Richard Earnshaw
2022-10-21 12:19 ` Richard Earnshaw
2022-08-12 15:33 ` [PATCH 8/15] arm: Introduce multilibs " Andrea Corallo
2022-08-12 15:34 ` [PATCH 9/15] arm: Set again stack pointer as CFA reg when popping if necessary Andrea Corallo
2022-09-05 16:52 ` Andrea Corallo
2022-09-27 9:03 ` Kyrylo Tkachov
2022-09-27 10:05 ` Andrea Corallo
2022-09-27 15:24 ` Kyrylo Tkachov
2022-10-21 12:30 ` Richard Earnshaw
2022-10-26 8:49 ` Andrea Corallo
2022-11-08 14:57 ` Richard Earnshaw
2023-01-09 14:58 ` Andrea Corallo
2023-01-09 15:57 ` Richard Earnshaw
2023-01-09 16:48 ` Richard Earnshaw
2023-01-09 17:22 ` Richard Earnshaw
2023-01-11 9:55 ` Andrea Corallo
2022-08-12 15:36 ` [PATCH 10/15] arm: Implement cortex-M return signing address codegen Andrea Corallo
2022-09-05 16:55 ` Andrea Corallo
2022-09-14 14:20 ` [PATCH 10/15 V2] " Andrea Corallo
2022-10-21 12:58 ` Richard Earnshaw
2022-10-26 15:48 ` Andrea Corallo [this message]
2022-10-28 16:34 ` [PATCH 10/15 V3] " Andrea Corallo
2022-11-07 8:57 ` [PATCH 10/15 V4] " Andrea Corallo
2022-12-05 16:38 ` Richard Earnshaw
2022-12-09 14:16 ` [PATCH 10/15 V5] " Andrea Corallo
2022-12-12 10:53 ` Richard Earnshaw
2022-12-14 16:35 ` [PATCH 10/15 V6] " Andrea Corallo
2022-12-14 16:45 ` Richard Earnshaw
2023-01-11 9:58 ` [PATCH 10/15 V7] " Andrea Corallo
2023-01-11 10:39 ` Richard Earnshaw
2022-08-12 15:40 ` [PATCH 11/15] aarch64: Make bti pass generic so it can be used by the arm backend Andrea Corallo
2022-09-05 16:56 ` Andrea Corallo
2022-09-27 9:10 ` Kyrylo Tkachov
2022-08-12 15:41 ` [PATCH 12/15] arm: implement bti injection Andrea Corallo
2022-09-05 16:56 ` Andrea Corallo
2022-09-27 9:18 ` Kyrylo Tkachov
2022-09-29 15:45 ` [PATCH 12/15 V2] " Andrea Corallo
2022-10-20 14:56 ` Kyrylo Tkachov
2022-10-28 16:40 ` [PATCH 12/15 V3] " Andrea Corallo
2022-12-05 17:02 ` Richard Earnshaw
2022-12-14 16:40 ` [PATCH 12/15 V4] " Andrea Corallo
2022-12-14 17:00 ` Richard Earnshaw
2022-12-14 17:03 ` Richard Earnshaw
2022-12-22 17:13 ` [PATCH 12/15 V5] " Andrea Corallo
2023-01-11 15:08 ` Richard Earnshaw
2022-08-12 16:44 ` [PATCH 0/15] arm: Enables return address verification and branch target identification on Cortex-M Andrea Corallo
2022-08-12 17:10 ` [PATCH 13/15] arm: Add pacbti related multilib support for armv8.1-m.main Srinath Parvathaneni
2022-10-21 13:00 ` Richard Earnshaw
2022-09-21 8:07 ` [PING][PATCH 0/15] arm: Enables return address verification and branch target identification on Cortex-M Andrea Corallo
2022-10-21 13:01 ` Richard Earnshaw
2022-10-21 13:32 ` Andrea Corallo
2022-12-05 14:10 ` Andrea Corallo
2022-12-05 14:19 ` Kyrylo Tkachov
2023-01-23 10:50 ` [PATCH " Andrea Corallo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=gkrfsfasi1b.fsf@arm.com \
--to=andrea.corallo@arm.com \
--cc=Richard.Earnshaw@arm.com \
--cc=Richard.Earnshaw@foss.arm.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=nd@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).