This patch series modifies hand-written assembly files for Arm targets, conditionally enabling branch target identification as well as address return signature and verification based on Armv8.1-M Pointer Authentication [1] using ACLE feature test macros at compile-time [2]. Function prologues/epilogues reflect gcc compilation behaviour when gcc invoked with the following flags: "-march=armv8.1-m.main -mbranch-protection=pac-ret+leaf+bti -mthumb -mfloat-abi=soft -fasynchronous-unwind-tables -g -O2 -S" Regression tested on arm-none-eabi with and without MVE extension and for Newlib and Newlib-nano. [1] <https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/armv8-1-m-pointer-authentication-and-branch-target-identification-extension> [2] <https://developer.arm.com/documentation/101028/0012/5--Feature-test-macros> Victor Do Nascimento (8): newlib: libc: define M-profile PACBTI-enablement macros newlib: libc: strcmp M-profile PACBTI-enablement newlib: libc: strlen M-profile PACBTI-enablement newlib: libc: memchr M-profile PACBTI-enablement newlib: libc: memcpy M-profile PACBTI-enablement newlib: libc: setjmp/longjmp M-profile PACBTI-enablement newlib: libc: aeabi_memmove M-profile PACBTI-enablement newlib: libc: aeabi_memset M-profile PACBTI-enablement .../libc/machine/arm/aeabi_memmove-thumb2.S | 42 ++++++++++- newlib/libc/machine/arm/aeabi_memset-thumb2.S | 45 +++++++++++- newlib/libc/machine/arm/memchr.S | 49 +++++++++++-- newlib/libc/machine/arm/memcpy-armv7m.S | 73 +++++++++++++++++-- newlib/libc/machine/arm/pacbti.h | 58 +++++++++++++++ newlib/libc/machine/arm/setjmp.S | 32 +++++++- newlib/libc/machine/arm/strcmp-arm-tiny.S | 7 +- newlib/libc/machine/arm/strcmp-armv7.S | 45 +++++++++--- newlib/libc/machine/arm/strcmp-armv7m.S | 36 +++++++-- newlib/libc/machine/arm/strlen-armv7.S | 52 ++++++++++++- newlib/libc/machine/arm/strlen-stub.c | 9 +++ newlib/libc/machine/arm/strlen-thumb2-Os.S | 13 +++- 12 files changed, 417 insertions(+), 44 deletions(-) create mode 100644 newlib/libc/machine/arm/pacbti.h -- 2.36.1
Create an assembly header file that conditionally defines fuction prologues/epilogues depending on the compile-time mbranch-protection argument values. * newlib/libc/machine/arm/pacbti.h: New. --- newlib/libc/machine/arm/pacbti.h | 58 ++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 newlib/libc/machine/arm/pacbti.h diff --git a/newlib/libc/machine/arm/pacbti.h b/newlib/libc/machine/arm/pacbti.h new file mode 100644 index 000000000..9921af7bf --- /dev/null +++ b/newlib/libc/machine/arm/pacbti.h @@ -0,0 +1,58 @@ +/* + * Copyright (c) 2022 Arm Ltd + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the company may not be used to endorse or promote + * products derived from this software without specific prior written + * permission. + * + * THIS SOFTWARE IS PROVIDED BY ARM LTD ``AS IS'' AND ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. + * IN NO EVENT SHALL ARM LTD BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* Macro to handle function entry depending on branch-protection + schemes */ + .macro pacbti_prologue + +#if __ARM_FEATURE_PAC_DEFAULT +#if __ARM_FEATURE_BTI_DEFAULT + pacbti ip, lr, sp +#else + pac ip, lr, sp +#endif /* __ARM_FEATURE_BTI_DEFAULT */ + str ip, [sp, #-4]! + .save {ra_auth_code} + .cfi_def_cfa_offset 4 + .cfi_offset 143, -4 +#elif __ARM_FEATURE_BTI_DEFAULT + bti +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + .endm + +/* Macro to handle different branch exchange cases depending on + branch-protection schemes */ + .macro pacbti_epilogue +#if __ARM_FEATURE_PAC_DEFAULT + ldr ip, [sp], #4 + .cfi_restore 143 + .cfi_def_cfa_offset 0 + aut ip, lr, sp +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + bx lr + .endm -- 2.36.1
Add function prologue/epilogue to conditionally add BTI landing pads and/or PAC code generation & authentication instructions depending on compilation flags. This patch enables PACBTI for all relevant variants of strcmp: * Newlib for armv8.1-m.main+pacbti * Newlib for armv8.1-m.main+pacbti+mve * Newlib-nano --- newlib/libc/machine/arm/strcmp-arm-tiny.S | 7 +++- newlib/libc/machine/arm/strcmp-armv7.S | 45 +++++++++++++++++------ newlib/libc/machine/arm/strcmp-armv7m.S | 36 +++++++++++++++--- 3 files changed, 71 insertions(+), 17 deletions(-) diff --git a/newlib/libc/machine/arm/strcmp-arm-tiny.S b/newlib/libc/machine/arm/strcmp-arm-tiny.S index 607a41daf..8085eb4df 100644 --- a/newlib/libc/machine/arm/strcmp-arm-tiny.S +++ b/newlib/libc/machine/arm/strcmp-arm-tiny.S @@ -29,10 +29,14 @@ /* Tiny version of strcmp in ARM state. Used only when optimizing for size. Also supports Thumb-2. */ +#include "pacbti.h" + .syntax unified def_fn strcmp + .fnstart .cfi_sections .debug_frame .cfi_startproc + pacbti_prologue 1: ldrb r2, [r0], #1 ldrb r3, [r1], #1 @@ -42,6 +46,7 @@ def_fn strcmp beq 1b 2: subs r0, r2, r3 - bx lr + pacbti_epilogue .cfi_endproc + .fnend .size strcmp, . - strcmp diff --git a/newlib/libc/machine/arm/strcmp-armv7.S b/newlib/libc/machine/arm/strcmp-armv7.S index 2f93bfb73..466db3fc8 100644 --- a/newlib/libc/machine/arm/strcmp-armv7.S +++ b/newlib/libc/machine/arm/strcmp-armv7.S @@ -45,6 +45,8 @@ .thumb .syntax unified +#include "pacbti.h" + /* Parameters and result. */ #define src1 r0 #define src2 r1 @@ -91,8 +93,9 @@ ldrd r4, r5, [sp], #16 .cfi_restore 4 .cfi_restore 5 + .cfi_adjust_cfa_offset -16 sub result, result, r1, lsr #24 - bx lr + pacbti_epilogue #else /* To use the big-endian trick we'd have to reverse all three words. that's slower than this approach. */ @@ -112,22 +115,28 @@ ldrd r4, r5, [sp], #16 .cfi_restore 4 .cfi_restore 5 + .cfi_adjust_cfa_offset -16 sub result, result, r1 - bx lr + pacbti_epilogue #endif .endm + .text .p2align 5 + .fnstart + .cfi_sections .debug_frame + .cfi_startproc .Lstrcmp_start_addr: #ifndef STRCMP_NO_PRECHECK .Lfastpath_exit: sub r0, r2, r3 - bx lr + pacbti_epilogue nop #endif def_fn strcmp + pacbti_prologue #ifndef STRCMP_NO_PRECHECK ldrb r2, [src1] ldrb r3, [src2] @@ -136,16 +145,26 @@ def_fn strcmp cmpcs r2, r3 bne .Lfastpath_exit #endif - .cfi_sections .debug_frame - .cfi_startproc strd r4, r5, [sp, #-16]! - .cfi_def_cfa_offset 16 + .save {r4, r5} + .cfi_adjust_cfa_offset 16 +#ifdef __ARM_FEATURE_PAC_DEFAULT + .cfi_offset 4, -20 + .cfi_offset 5, -16 +#else .cfi_offset 4, -16 .cfi_offset 5, -12 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ orr tmp1, src1, src2 strd r6, r7, [sp, #8] + .save {r6, r7} +#ifdef __ARM_FEATURE_PAC_DEFAULT + .cfi_offset 6, -12 + .cfi_offset 7, -8 +#else .cfi_offset 6, -8 .cfi_offset 7, -4 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ mvn const_m1, #0 lsl r2, tmp1, #29 cbz r2, .Lloop_aligned8 @@ -270,7 +289,6 @@ def_fn strcmp ldr data1, [src1], #4 beq .Laligned_m2 bcs .Laligned_m1 - #ifdef STRCMP_NO_PRECHECK ldrb data2, [src2, #1] uxtb tmp1, data1, ror #BYTE1_OFFSET @@ -314,7 +332,8 @@ def_fn strcmp mov result, tmp1 ldr r4, [sp], #16 .cfi_restore 4 - bx lr + .cfi_adjust_cfa_offset -16 + pacbti_epilogue #ifndef STRCMP_NO_PRECHECK .Laligned_m1: @@ -364,8 +383,9 @@ def_fn strcmp /* R6/7 Not used in this sequence. */ .cfi_restore 6 .cfi_restore 7 + .cfi_adjust_cfa_offset -16 neg result, result - bx lr + pacbti_epilogue 6: .cfi_restore_state @@ -441,7 +461,8 @@ def_fn strcmp /* R6/7 not used in this sequence. */ .cfi_restore 6 .cfi_restore 7 - bx lr + .cfi_adjust_cfa_offset -16 + pacbti_epilogue .Lstrcmp_tail: .cfi_restore_state @@ -463,7 +484,9 @@ def_fn strcmp /* R6/7 not used in this sequence. */ .cfi_restore 6 .cfi_restore 7 + .cfi_adjust_cfa_offset -16 sub result, result, data2, lsr #24 - bx lr + pacbti_epilogue .cfi_endproc + .fnend .size strcmp, . - .Lstrcmp_start_addr diff --git a/newlib/libc/machine/arm/strcmp-armv7m.S b/newlib/libc/machine/arm/strcmp-armv7m.S index cdb4912df..4bbc63ba8 100644 --- a/newlib/libc/machine/arm/strcmp-armv7m.S +++ b/newlib/libc/machine/arm/strcmp-armv7m.S @@ -29,6 +29,8 @@ /* Very similar to the generic code, but uses Thumb2 as implemented in ARMv7-M. */ +#include "pacbti.h" + /* Parameters and result. */ #define src1 r0 #define src2 r1 @@ -44,8 +46,10 @@ .thumb .syntax unified def_fn strcmp + .fnstart .cfi_sections .debug_frame .cfi_startproc + pacbti_prologue eor tmp1, src1, src2 tst tmp1, #3 /* Strings not at same byte offset from a word boundary. */ @@ -106,7 +110,7 @@ def_fn strcmp lsrs result, result, #24 subs result, result, data2 #endif - bx lr + pacbti_epilogue #if 0 @@ -214,12 +218,18 @@ def_fn strcmp cmpcs data1, data2 beq .Lstrcmp_unaligned sub result, data1, data2 - bx lr + pacbti_epilogue 2: stmfd sp!, {r5} - .cfi_def_cfa_offset 4 + .save {r5} + .cfi_adjust_cfa_offset 4 +#ifdef __ARM_FEATURE_PAC_DEFAULT + .cfi_offset 5, -8 /* Account for ip register already on stack */ +#else .cfi_offset 5, -4 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + ldr data1, [src1], #4 and tmp2, src2, #3 @@ -353,10 +363,17 @@ def_fn strcmp .Lstrcmp_done_equal: mov result, #0 .cfi_remember_state +#ifdef __ARM_FEATURE_PAC_DEFAULT + pop {r5, ip} + .cfi_restore 5 + .cfi_restore 142 + aut ip, lr, sp +#else ldmfd sp!, {r5} .cfi_restore 5 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ .cfi_def_cfa_offset 0 - bx lr + bx lr .Lstrcmp_tail: .cfi_restore_state @@ -370,9 +387,18 @@ def_fn strcmp S2LOEQ data2, data2, #8 beq .Lstrcmp_tail sub result, r2, result +#ifdef __ARM_FEATURE_PAC_DEFAULT + pop {r5, ip} + .cfi_restore 5 + .cfi_restore 142 + .cfi_def_cfa_offset 0 + aut ip, lr, sp +#else ldmfd sp!, {r5} .cfi_restore 5 .cfi_def_cfa_offset 0 - bx lr +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + bx lr .cfi_endproc + .fnend .size strcmp, . - strcmp -- 2.36.1
Add function prologue/epilogue to conditionally add BTI landing pads and/or PAC code generation & authentication instructions depending on compilation flags. This patch enables PACBTI for all relevant variants of strlen: * Newlib for armv8.1-m.main+pacbti * Newlib for armv8.1-m.main+pacbti+mve * Newlib-nano --- newlib/libc/machine/arm/strlen-armv7.S | 52 ++++++++++++++++++++-- newlib/libc/machine/arm/strlen-stub.c | 9 ++++ newlib/libc/machine/arm/strlen-thumb2-Os.S | 13 ++++-- 3 files changed, 67 insertions(+), 7 deletions(-) diff --git a/newlib/libc/machine/arm/strlen-armv7.S b/newlib/libc/machine/arm/strlen-armv7.S index f3dda0d60..18c8226d0 100644 --- a/newlib/libc/machine/arm/strlen-armv7.S +++ b/newlib/libc/machine/arm/strlen-armv7.S @@ -59,6 +59,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "acle-compat.h" +#include "pacbti.h" .macro def_fn f p2align=0 .text @@ -77,7 +78,9 @@ #endif /* This code requires Thumb. */ -#if __ARM_ARCH_PROFILE == 'M' +#if __ARM_ARCH_8M_MAIN__ + /* keep config inherited from -march= */ +#elif __ARM_ARCH_PROFILE == 'M' .arch armv7e-m #else .arch armv6t2 @@ -100,8 +103,34 @@ #define tmp2 r5 def_fn strlen p2align=6 + .fnstart + .cfi_startproc + /* common pacbti_prologue macro from pacbti.h not used. + handwritten prologue saves one push instruction. */ +#if __ARM_FEATURE_PAC_DEFAULT +#if __ARM_FEATURE_BTI_DEFAULT + pacbti ip, lr, sp +#else + pac ip, lr, sp +#endif /* __ARM_FEATURE_BTI_DEFAULT */ + push {r4, r5, ip} + .save {r4, r5, ra_auth_code} + .cfi_def_cfa_offset 12 + .cfi_offset 143, -4 + .cfi_offset 5, -8 + .cfi_offset 4, -12 + +#else +#if __ARM_FEATURE_BTI_DEFAULT + bti +#endif /* __ARM_FEATURE_BTI_DEFAULT */ + push {r4, r5} + .save {r4, r5} + .cfi_def_cfa_offset 8 + .cfi_offset 5, -4 + .cfi_offset 4, -8 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ pld [srcin, #0] - strd r4, r5, [sp, #-8]! bic src, srcin, #7 mvn const_m1, #0 ands tmp1, srcin, #7 /* (8 - bytes) to alignment. */ @@ -159,9 +188,22 @@ def_fn strlen p2align=6 rev data1a, data1a #endif clz data1a, data1a - ldrd r4, r5, [sp], #8 add result, result, data1a, lsr #3 /* Bits -> Bytes. */ - bx lr +#if __ARM_FEATURE_PAC_DEFAULT + pop {r4, r5, ip} + .cfi_restore 4 + .cfi_restore 5 + .cfi_restore 143 + .cfi_def_cfa_offset 0 + aut ip, lr, sp +#else + ldrd r4, r5, [sp], #8 + .cfi_restore 4 + .cfi_restore 5 + .cfi_def_cfa_offset 0 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + bx lr + .Lmisaligned8: ldrd data1a, data1b, [src] @@ -177,4 +219,6 @@ def_fn strlen p2align=6 movne data1a, const_m1 mov const_0, #0 b .Lstart_realigned + .cfi_endproc + .fnend .size strlen, . - strlen diff --git a/newlib/libc/machine/arm/strlen-stub.c b/newlib/libc/machine/arm/strlen-stub.c index fc2daf16f..4a0bb8cbb 100644 --- a/newlib/libc/machine/arm/strlen-stub.c +++ b/newlib/libc/machine/arm/strlen-stub.c @@ -58,6 +58,11 @@ strlen (const char* str) "data .req r3\n\t" "addr .req r1\n\t" +#ifdef __ARM_FEATURE_PAC_DEFAULT + "pac ip, lr, sp\n\t" + "str ip, [sp, #-4]!\n\t" +#endif + #ifdef _ISA_ARM_7 "pld [r0]\n\t" #endif @@ -167,6 +172,10 @@ strlen (const char* str) "it ne\n\t" "addne len, len, #1\n\t" # endif +#endif +#ifdef __ARM_FEATURE_PAC_DEFAULT + "ldr ip, [sp], #4\n\t" + "aut ip, lr, sp\n\t" #endif "bx lr\n\t"); } diff --git a/newlib/libc/machine/arm/strlen-thumb2-Os.S b/newlib/libc/machine/arm/strlen-thumb2-Os.S index 961f41a0a..823b0310e 100644 --- a/newlib/libc/machine/arm/strlen-thumb2-Os.S +++ b/newlib/libc/machine/arm/strlen-thumb2-Os.S @@ -25,6 +25,7 @@ OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "acle-compat.h" +#include "pacbti.h" .macro def_fn f p2align=0 .text @@ -33,8 +34,9 @@ .type \f, %function \f: .endm - -#if __ARM_ARCH_ISA_THUMB >= 2 && __ARM_ARCH >= 7 +#if __ARM_ARCH_8M_MAIN__ + /* keep config inherited from -march= */ +#elif __ARM_ARCH_ISA_THUMB >= 2 && __ARM_ARCH >= 7 .arch armv7 #else .arch armv6t2 @@ -44,11 +46,16 @@ .syntax unified def_fn strlen p2align=1 + .fnstart + .cfi_startproc + pacbti_prologue mov r3, r0 1: ldrb.w r2, [r3], #1 cmp r2, #0 bne 1b subs r0, r3, r0 subs r0, #1 - bx lr + pacbti_epilogue + .cfi_endproc + .fnend .size strlen, . - strlen -- 2.36.1
Add function prologue/epilogue to conditionally add BTI landing pads and/or PAC code generation & authentication instructions depending on compilation flags. --- newlib/libc/machine/arm/memchr.S | 49 ++++++++++++++++++++++++++++---- 1 file changed, 44 insertions(+), 5 deletions(-) diff --git a/newlib/libc/machine/arm/memchr.S b/newlib/libc/machine/arm/memchr.S index 1a4c6512c..644cfda3f 100644 --- a/newlib/libc/machine/arm/memchr.S +++ b/newlib/libc/machine/arm/memchr.S @@ -76,6 +76,7 @@ .syntax unified #include "acle-compat.h" +#include "pacbti.h" @ NOTE: This ifdef MUST match the one in memchr-stub.c #if defined (__ARM_NEON__) || defined (__ARM_NEON) @@ -266,7 +267,9 @@ memchr: #elif __ARM_ARCH_ISA_THUMB >= 2 && defined (__ARM_FEATURE_DSP) -#if __ARM_ARCH_PROFILE == 'M' +#if __ARM_ARCH_8M_MAIN__ + /* keep config inherited from -march= */ +#elif __ARM_ARCH_PROFILE == 'M' .arch armv7e-m #else .arch armv6t2 @@ -287,11 +290,14 @@ memchr: .p2align 4,,15 .global memchr .type memchr,%function + .fnstart + .cfi_startproc memchr: @ r0 = start of memory to scan @ r1 = character to look for @ r2 = length @ returns r0 = pointer to character or NULL if not found + pacbti_prologue and r1,r1,#0xff @ Don't trust the caller to pass a char cmp r2,#16 @ If short don't bother with anything clever @@ -313,6 +319,19 @@ memchr: 10: @ We are aligned, we know we have at least 8 bytes to work with push {r4,r5,r6,r7} + .save {r4-r7} + .cfi_adjust_cfa_offset 16 +#ifdef __ARM_FEATURE_PAC_DEFAULT + .cfi_offset 4, -20 + .cfi_offset 5, -16 + .cfi_offset 6, -12 + .cfi_offset 7, -8 +#else + .cfi_offset 4, -16 + .cfi_offset 5, -12 + .cfi_offset 6, -8 + .cfi_offset 7, -4 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ orr r1, r1, r1, lsl #8 @ expand the match word across all bytes orr r1, r1, r1, lsl #16 bic r4, r2, #7 @ Number of double words to work with * 8 @@ -334,6 +353,11 @@ memchr: bne 15b @ (Flags from the subs above) pop {r4,r5,r6,r7} + .cfi_restore 7 + .cfi_restore 6 + .cfi_restore 5 + .cfi_restore 4 + .cfi_adjust_cfa_offset -16 and r1,r1,#0xff @ r1 back to a single character and r2,r2,#7 @ Leave the count remaining as the number @ after the double words have been done @@ -350,11 +374,11 @@ memchr: 40: movs r0,#0 @ not found - bx lr + pacbti_epilogue 50: subs r0,r0,#1 @ found - bx lr + pacbti_epilogue 60: @ We're here because the fast path found a hit @ now we have to track down exactly which word it was @@ -378,9 +402,24 @@ memchr: addeq r0,r0,#1 61: - pop {r4,r5,r6,r7} subs r0,r0,#1 - bx lr +#if __ARM_FEATURE_PAC_DEFAULT + pop {r4,r5,r6,r7,ip} + .cfi_restore 143 +#else + pop {r4,r5,r6,r7} +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + .cfi_restore 7 + .cfi_restore 6 + .cfi_restore 5 + .cfi_restore 4 + .cfi_def_cfa_offset 0 +#if __ARM_FEATURE_PAC_DEFAULT + aut ip, lr, sp +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + bx lr + .cfi_endproc + .fnend #else /* Defined in memchr-stub.c. */ #endif -- 2.36.1
Add function prologue/epilogue to conditionally add BTI landing pads and/or PAC code generation & authentication instructions depending on compilation flags. --- newlib/libc/machine/arm/memcpy-armv7m.S | 73 ++++++++++++++++++++++--- 1 file changed, 65 insertions(+), 8 deletions(-) diff --git a/newlib/libc/machine/arm/memcpy-armv7m.S b/newlib/libc/machine/arm/memcpy-armv7m.S index c8bff36f6..cdcca7c9e 100644 --- a/newlib/libc/machine/arm/memcpy-armv7m.S +++ b/newlib/libc/machine/arm/memcpy-armv7m.S @@ -46,6 +46,8 @@ __OPT_BIG_BLOCK_SIZE: Size of big block in words. Default to 64. __OPT_MID_BLOCK_SIZE: Size of big block in words. Default to 16. */ +#include "pacbti.h" + #ifndef __OPT_BIG_BLOCK_SIZE #define __OPT_BIG_BLOCK_SIZE (4 * 16) #endif @@ -85,6 +87,8 @@ .global memcpy .thumb .thumb_func + .fnstart + .cfi_startproc .type memcpy, %function memcpy: @ r0: dst @@ -93,10 +97,30 @@ memcpy: #ifdef __ARM_FEATURE_UNALIGNED /* In case of UNALIGNED access supported, ip is not used in function body. */ + pacbti_prologue mov ip, r0 #else +#if __ARM_FEATURE_PAC_DEFAULT +#if __ARM_FEATURE_BTI_DEFAULT + pacbti ip, lr, sp +#else + pac ip, lr, sp +#endif /* __ARM_FEATURE_BTI_DEFAULT */ + push {r0, ip} + .save {r0, ra_auth_code} + .cfi_def_cfa_offset 8 + .cfi_offset 0, -8 + .cfi_offset 143, -4 +#else +#if __ARM_FEATURE_BTI_DEFAULT + bti +#endif /* __ARM_FEATURE_BTI_DEFAULT */ push {r0} -#endif + .save {r0} + .cfi_adjust_cfa_offset 4 + .cfi_offset 0, -4 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ +#endif /* __ARM_FEATURE_UNALIGNED */ orr r3, r1, r0 ands r3, r3, #3 bne .Lmisaligned_copy @@ -135,13 +159,13 @@ memcpy: ldr r3, [r1], #4 str r3, [r0], #4 END_UNROLL -#else /* __ARM_ARCH_7M__ */ +#else ldr r3, [r1, \offset] str r3, [r0, \offset] END_UNROLL adds r0, __OPT_MID_BLOCK_SIZE adds r1, __OPT_MID_BLOCK_SIZE -#endif +#endif /* __ARM_ARCH_7M__ */ subs r2, __OPT_MID_BLOCK_SIZE bhs .Lmid_block_loop @@ -180,10 +204,21 @@ memcpy: .Ldone: #ifdef __ARM_FEATURE_UNALIGNED mov r0, ip + pacbti_epilogue +#else +#if __ARM_FEATURE_PAC_DEFAULT + pop {r0, ra_auth_code} + .cfi_restore 0 + .cfi_restore 143 + .cfi_def_cfa_offset 0 + aut ip, lr, sp #else pop {r0} -#endif - bx lr + .cfi_restore 0 + .cfi_def_cfa_offset 0 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + bx lr +#endif /* __ARM_FEATURE_UNALIGNED */ .align 2 .Lmisaligned_copy: @@ -247,6 +282,15 @@ memcpy: /* dst is aligned, but src isn't. Misaligned copy. */ push {r4, r5} + .save {r4, r5} + .cfi_adjust_cfa_offset 8 +#ifdef __ARM_FEATURE_PAC_DEFAULT /* we pushed just the pac code */ + .cfi_offset 4, -12 + .cfi_offset 5, -8 +#else /* we haven't pushed anything to stack */ + .cfi_offset 4, -8 + .cfi_offset 5, -4 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ subs r2, #4 /* Backward r1 by misaligned bytes, to make r1 aligned. @@ -299,6 +343,7 @@ memcpy: adds r2, #4 subs r1, ip pop {r4, r5} + .cfi_adjust_cfa_offset -8 #endif /* __ARM_FEATURE_UNALIGNED */ @@ -321,9 +366,21 @@ memcpy: #ifdef __ARM_FEATURE_UNALIGNED mov r0, ip + pacbti_epilogue +#else +#if __ARM_FEATURE_PAC_DEFAULT + pop {r0, ra_auth_code} + .cfi_restore 0 + .cfi_restore 143 + .cfi_def_cfa_offset 0 + aut ip, lr, sp #else pop {r0} -#endif - bx lr - + .cfi_restore 0 + .cfi_def_cfa_offset 0 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + bx lr +#endif /* __ARM_FEATURE_UNALIGNED */ + .cfi_endproc + .fnend .size memcpy, .-memcpy -- 2.36.1
Add function prologue/epilogue to conditionally add BTI landing pads and/or PAC code generation & authentication instructions depending on compilation flags. --- newlib/libc/machine/arm/setjmp.S | 32 ++++++++++++++++++++++++++++++-- 1 file changed, 30 insertions(+), 2 deletions(-) diff --git a/newlib/libc/machine/arm/setjmp.S b/newlib/libc/machine/arm/setjmp.S index 21d6ff9e7..d48e1a69b 100644 --- a/newlib/libc/machine/arm/setjmp.S +++ b/newlib/libc/machine/arm/setjmp.S @@ -157,11 +157,15 @@ SYM (.arm_start_of.\name): .globl SYM (\name) TYPE (\name) SYM (\name): + .fnstart + .cfi_startproc PROLOGUE \name .endm .macro FUNC_END name RET + .cfi_endproc + .fnend SIZE (\name) .endm @@ -173,11 +177,25 @@ SYM (\name): /* Save all the callee-preserved registers into the jump buffer. */ #ifdef __thumb2__ +#if __ARM_FEATURE_PAC_DEFAULT +#if __ARM_FEATURE_BTI_DEFAULT + pacbti ip, lr, sp +#else + pac ip, lr, sp +#endif /* __ARM_FEATURE_BTI_DEFAULT */ + mov a4, ip + mov ip, sp + stmea a1!, { a4, v1-v7, fp, ip, lr } +#else +#if __ARM_FEATURE_BTI_DEFAULT + bti +#endif /* __ARM_FEATURE_BTI_DEFAULT */ mov ip, sp stmea a1!, { v1-v7, fp, ip, lr } +#endif /* __ARM_FEATURE_PAC_DEFAULT */ #else stmea a1!, { v1-v7, fp, ip, sp, lr } -#endif +#endif /* __thumb2__ */ #if 0 /* Simulator does not cope with FP instructions yet. */ #ifndef __SOFTFP__ @@ -200,11 +218,17 @@ SYM (\name): /* Restore the registers, retrieving the state when setjmp() was called. */ #ifdef __thumb2__ +#if __ARM_FEATURE_PAC_DEFAULT + ldmfd a1!, { a4, v1-v7, fp, ip, lr } + mov sp, ip + mov ip, a4 +#else ldmfd a1!, { v1-v7, fp, ip, lr } mov sp, ip +#endif /* __ARM_FEATURE_PAC_DEFAULT */ #else ldmfd a1!, { v1-v7, fp, ip, sp, lr } -#endif +#endif /* __thumb2__ */ #if 0 /* Simulator does not cope with FP instructions yet. */ #ifndef __SOFTFP__ @@ -220,5 +244,9 @@ SYM (\name): #endif moveq a1, #1 +#if __ARM_FEATURE_PAC_DEFAULT + aut ip, lr, sp +#endif + FUNC_END longjmp #endif -- 2.36.1
Add function prologue/epilogue to conditionally add BTI landing pads and/or PAC code generation & authentication instructions depending on compilation flags. --- .../libc/machine/arm/aeabi_memmove-thumb2.S | 42 +++++++++++++++++-- 1 file changed, 38 insertions(+), 4 deletions(-) diff --git a/newlib/libc/machine/arm/aeabi_memmove-thumb2.S b/newlib/libc/machine/arm/aeabi_memmove-thumb2.S index e9504437b..237e63cc0 100644 --- a/newlib/libc/machine/arm/aeabi_memmove-thumb2.S +++ b/newlib/libc/machine/arm/aeabi_memmove-thumb2.S @@ -26,6 +26,8 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ + #include "pacbti.h" + .thumb .syntax unified .global __aeabi_memmove @@ -33,8 +35,18 @@ ASM_ALIAS __aeabi_memmove4 __aeabi_memmove ASM_ALIAS __aeabi_memmove8 __aeabi_memmove __aeabi_memmove: + .fnstart + .cfi_startproc + pacbti_prologue cmp r0, r1 push {r4} + .save {r4} + .cfi_adjust_cfa_offset 4 +#if __ARM_FEATURE_PAC_DEFAULT + .cfi_offset 4, -8 +#else + .cfi_offset 4, -4 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ bls 3f adds r3, r1, r2 cmp r0, r3 @@ -48,8 +60,18 @@ __aeabi_memmove: strb r4, [r1, #-1]! bne 1b 2: - pop {r4} - bx lr +#if __ARM_FEATURE_PAC_DEFAULT + pop {r4, ip} + .cfi_restore 4 + .cfi_restore 143 + .cfi_def_cfa_offset 0 + aut ip, lr, sp +#else + pop {r4} + .cfi_restore 4 + .cfi_def_cfa_offset 0 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + bx lr 3: cmp r2, #0 beq 2b @@ -60,6 +82,18 @@ __aeabi_memmove: cmp r2, r1 strb r4, [r3, #1]! bne 4b - pop {r4} - bx lr +#if __ARM_FEATURE_PAC_DEFAULT + pop {r4, ip} + .cfi_restore 4 + .cfi_restore 143 + .cfi_def_cfa_offset 0 + aut ip, lr, sp +#else + pop {r4} + .cfi_restore 4 + .cfi_def_cfa_offset 0 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + bx lr + .cfi_endproc + .fnend .size __aeabi_memmove, . - __aeabi_memmove -- 2.36.1
Add function prologue/epilogue to conditionally add BTI landing pads and/or PAC code generation & authentication instructions depending on compilation flags. --- newlib/libc/machine/arm/aeabi_memset-thumb2.S | 45 ++++++++++++++++++- 1 file changed, 44 insertions(+), 1 deletion(-) diff --git a/newlib/libc/machine/arm/aeabi_memset-thumb2.S b/newlib/libc/machine/arm/aeabi_memset-thumb2.S index eaca1d8d7..a22d4314a 100644 --- a/newlib/libc/machine/arm/aeabi_memset-thumb2.S +++ b/newlib/libc/machine/arm/aeabi_memset-thumb2.S @@ -26,14 +26,42 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "pacbti.h" + .thumb .syntax unified .global __aeabi_memset .type __aeabi_memset, %function + .fnstart + .cfi_startproc ASM_ALIAS __aeabi_memset4 __aeabi_memset ASM_ALIAS __aeabi_memset8 __aeabi_memset __aeabi_memset: +#if __ARM_FEATURE_PAC_DEFAULT +#if __ARM_FEATURE_BTI_DEFAULT + pacbti ip, lr, sp +#else + pac ip, lr, sp +#endif /* __ARM_FEATURE_BTI_DEFAULT */ + push {r4, r5, r6, ip} + .save {r4, r5, r6, ra_auth_code} + .cfi_def_cfa_offset 16 + .cfi_offset 4, -16 + .cfi_offset 5, -12 + .cfi_offset 6, -8 + .cfi_offset 143, -4 +#else +#if __ARM_FEATURE_BTI_DEFAULT + bti +#endif /* __ARM_FEATURE_BTI_DEFAULT */ push {r4, r5, r6} + .save {r4, r5, r6} + .cfi_def_cfa_offset 12 + .cfi_offset 4, -12 + .cfi_offset 5, -8 + .cfi_offset 6, -4 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ + lsls r4, r0, #30 beq 10f subs r4, r1, #1 @@ -98,10 +126,25 @@ __aeabi_memset: cmp r3, r4 bne 8b 9: +#if __ARM_FEATURE_PAC_DEFAULT + pop {r4, r5, r6, ip} + .cfi_restore 143 + .cfi_restore 6 + .cfi_restore 5 + .cfi_restore 4 + .cfi_def_cfa_offset 0 + aut ip, lr, sp +#else pop {r4, r5, r6} - bx lr + .cfi_restore 6 + .cfi_restore 5 + .cfi_restore 4 + .cfi_def_cfa_offset 0 +#endif /* __ARM_FEATURE_PAC_DEFAULT */ 10: mov r4, r1 mov r3, r0 b 3b + .cfi_endproc + .fnend .size __aeabi_memset, . - __aeabi_memset -- 2.36.1
On 05/07/2022 14:58, Victor Do Nascimento wrote: > Add function prologue/epilogue to conditionally add BTI landing pads > and/or PAC code generation & authentication instructions depending on > compilation flags. > > This patch enables PACBTI for all relevant variants of strlen: > * Newlib for armv8.1-m.main+pacbti > * Newlib for armv8.1-m.main+pacbti+mve > * Newlib-nano > --- > newlib/libc/machine/arm/strlen-armv7.S | 52 ++++++++++++++++++++-- > newlib/libc/machine/arm/strlen-stub.c | 9 ++++ > newlib/libc/machine/arm/strlen-thumb2-Os.S | 13 ++++-- > 3 files changed, 67 insertions(+), 7 deletions(-) > > diff --git a/newlib/libc/machine/arm/strlen-armv7.S b/newlib/libc/machine/arm/strlen-armv7.S > index f3dda0d60..18c8226d0 100644 > --- a/newlib/libc/machine/arm/strlen-armv7.S > +++ b/newlib/libc/machine/arm/strlen-armv7.S > @@ -59,6 +59,7 @@ > OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ > > #include "acle-compat.h" > +#include "pacbti.h" > > .macro def_fn f p2align=0 > .text > @@ -77,7 +78,9 @@ > #endif > > /* This code requires Thumb. */ > -#if __ARM_ARCH_PROFILE == 'M' > +#if __ARM_ARCH_8M_MAIN__ These GCC architecture macros (those that end with '__') aren't portable and are essentially deprecated. What exactly are you trying to achieve here? > + /* keep config inherited from -march= */ > +#elif __ARM_ARCH_PROFILE == 'M' > .arch armv7e-m > #else > .arch armv6t2 > @@ -100,8 +103,34 @@ > #define tmp2 r5 > > def_fn strlen p2align=6 > + .fnstart > + .cfi_startproc > + /* common pacbti_prologue macro from pacbti.h not used. > + handwritten prologue saves one push instruction. */ > +#if __ARM_FEATURE_PAC_DEFAULT > +#if __ARM_FEATURE_BTI_DEFAULT > + pacbti ip, lr, sp > +#else > + pac ip, lr, sp > +#endif /* __ARM_FEATURE_BTI_DEFAULT */ > + push {r4, r5, ip} > + .save {r4, r5, ra_auth_code} > + .cfi_def_cfa_offset 12 > + .cfi_offset 143, -4 > + .cfi_offset 5, -8 > + .cfi_offset 4, -12 > + > +#else > +#if __ARM_FEATURE_BTI_DEFAULT > + bti > +#endif /* __ARM_FEATURE_BTI_DEFAULT */ > + push {r4, r5} > + .save {r4, r5} > + .cfi_def_cfa_offset 8 > + .cfi_offset 5, -4 > + .cfi_offset 4, -8 > +#endif /* __ARM_FEATURE_PAC_DEFAULT */ > pld [srcin, #0] > - strd r4, r5, [sp, #-8]! > bic src, srcin, #7 > mvn const_m1, #0 > ands tmp1, srcin, #7 /* (8 - bytes) to alignment. */ > @@ -159,9 +188,22 @@ def_fn strlen p2align=6 > rev data1a, data1a > #endif > clz data1a, data1a > - ldrd r4, r5, [sp], #8 > add result, result, data1a, lsr #3 /* Bits -> Bytes. */ > - bx lr > +#if __ARM_FEATURE_PAC_DEFAULT > + pop {r4, r5, ip} > + .cfi_restore 4 > + .cfi_restore 5 > + .cfi_restore 143 > + .cfi_def_cfa_offset 0 > + aut ip, lr, sp > +#else > + ldrd r4, r5, [sp], #8 > + .cfi_restore 4 > + .cfi_restore 5 > + .cfi_def_cfa_offset 0 > +#endif /* __ARM_FEATURE_PAC_DEFAULT */ > + bx lr > + > > .Lmisaligned8: > ldrd data1a, data1b, [src] > @@ -177,4 +219,6 @@ def_fn strlen p2align=6 > movne data1a, const_m1 > mov const_0, #0 > b .Lstart_realigned > + .cfi_endproc > + .fnend > .size strlen, . - strlen > diff --git a/newlib/libc/machine/arm/strlen-stub.c b/newlib/libc/machine/arm/strlen-stub.c > index fc2daf16f..4a0bb8cbb 100644 > --- a/newlib/libc/machine/arm/strlen-stub.c > +++ b/newlib/libc/machine/arm/strlen-stub.c > @@ -58,6 +58,11 @@ strlen (const char* str) > "data .req r3\n\t" > "addr .req r1\n\t" > > +#ifdef __ARM_FEATURE_PAC_DEFAULT > + "pac ip, lr, sp\n\t" > + "str ip, [sp, #-4]!\n\t" > +#endif > + > #ifdef _ISA_ARM_7 > "pld [r0]\n\t" > #endif > @@ -167,6 +172,10 @@ strlen (const char* str) > "it ne\n\t" > "addne len, len, #1\n\t" > # endif > +#endif > +#ifdef __ARM_FEATURE_PAC_DEFAULT > + "ldr ip, [sp], #4\n\t" > + "aut ip, lr, sp\n\t" > #endif > "bx lr\n\t"); > } > diff --git a/newlib/libc/machine/arm/strlen-thumb2-Os.S b/newlib/libc/machine/arm/strlen-thumb2-Os.S > index 961f41a0a..823b0310e 100644 > --- a/newlib/libc/machine/arm/strlen-thumb2-Os.S > +++ b/newlib/libc/machine/arm/strlen-thumb2-Os.S > @@ -25,6 +25,7 @@ > OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ > > #include "acle-compat.h" > +#include "pacbti.h" > > .macro def_fn f p2align=0 > .text > @@ -33,8 +34,9 @@ > .type \f, %function > \f: > .endm > - > -#if __ARM_ARCH_ISA_THUMB >= 2 && __ARM_ARCH >= 7 > +#if __ARM_ARCH_8M_MAIN__ > + /* keep config inherited from -march= */ > +#elif __ARM_ARCH_ISA_THUMB >= 2 && __ARM_ARCH >= 7 > .arch armv7 > #else > .arch armv6t2 > @@ -44,11 +46,16 @@ > .syntax unified > > def_fn strlen p2align=1 > + .fnstart > + .cfi_startproc > + pacbti_prologue > mov r3, r0 > 1: ldrb.w r2, [r3], #1 > cmp r2, #0 > bne 1b > subs r0, r3, r0 > subs r0, #1 > - bx lr > + pacbti_epilogue > + .cfi_endproc > + .fnend > .size strlen, . - strlen
Richard Earnshaw <Richard.Earnshaw@foss.arm.com> writes: > On 05/07/2022 14:58, Victor Do Nascimento wrote: >> Add function prologue/epilogue to conditionally add BTI landing pads >> and/or PAC code generation & authentication instructions depending on >> compilation flags. >> This patch enables PACBTI for all relevant variants of strlen: >> * Newlib for armv8.1-m.main+pacbti >> * Newlib for armv8.1-m.main+pacbti+mve >> * Newlib-nano >> --- >> newlib/libc/machine/arm/strlen-armv7.S | 52 ++++++++++++++++++++-- >> newlib/libc/machine/arm/strlen-stub.c | 9 ++++ >> newlib/libc/machine/arm/strlen-thumb2-Os.S | 13 ++++-- >> 3 files changed, 67 insertions(+), 7 deletions(-) >> diff --git a/newlib/libc/machine/arm/strlen-armv7.S >> b/newlib/libc/machine/arm/strlen-armv7.S >> index f3dda0d60..18c8226d0 100644 >> --- a/newlib/libc/machine/arm/strlen-armv7.S >> +++ b/newlib/libc/machine/arm/strlen-armv7.S >> @@ -59,6 +59,7 @@ >> OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ >> #include "acle-compat.h" >> +#include "pacbti.h" >> .macro def_fn f p2align=0 >> .text >> @@ -77,7 +78,9 @@ >> #endif >> /* This code requires Thumb. */ >> -#if __ARM_ARCH_PROFILE == 'M' >> +#if __ARM_ARCH_8M_MAIN__ > > These GCC architecture macros (those that end with '__') aren't portable and are > essentially deprecated. What exactly are you trying to achieve here? It was my attempt at circumventing the .arch directives below. As these older architecture lack the support for PACBTI instructions, if we don't prevent the selection of the wrong target architecture, when said instructions are encountered they cause Newlib compilation to fail. In particular, I needed to distinguish between armv7e-m and armv8.1-m.main and chose the __ARM_ARCH_8M_MAIN__ macro out of the output from using the -dM GCC preprocessor flag. Will fix. >> + /* keep config inherited from -march= */ >> +#elif __ARM_ARCH_PROFILE == 'M' >> .arch armv7e-m >> #else >> .arch armv6t2 >> @@ -100,8 +103,34 @@ >> #define tmp2 r5 >> def_fn strlen p2align=6 >> + .fnstart >> + .cfi_startproc >> + /* common pacbti_prologue macro from pacbti.h not used. >> + handwritten prologue saves one push instruction. */ >> +#if __ARM_FEATURE_PAC_DEFAULT >> +#if __ARM_FEATURE_BTI_DEFAULT >> + pacbti ip, lr, sp >> +#else >> + pac ip, lr, sp >> +#endif /* __ARM_FEATURE_BTI_DEFAULT */ >> + push {r4, r5, ip} >> + .save {r4, r5, ra_auth_code} >> + .cfi_def_cfa_offset 12 >> + .cfi_offset 143, -4 >> + .cfi_offset 5, -8 >> + .cfi_offset 4, -12 >> + >> +#else >> +#if __ARM_FEATURE_BTI_DEFAULT >> + bti >> +#endif /* __ARM_FEATURE_BTI_DEFAULT */ >> + push {r4, r5} >> + .save {r4, r5} >> + .cfi_def_cfa_offset 8 >> + .cfi_offset 5, -4 >> + .cfi_offset 4, -8 >> +#endif /* __ARM_FEATURE_PAC_DEFAULT */ >> pld [srcin, #0] >> - strd r4, r5, [sp, #-8]! >> bic src, srcin, #7 >> mvn const_m1, #0 >> ands tmp1, srcin, #7 /* (8 - bytes) to alignment. */ >> @@ -159,9 +188,22 @@ def_fn strlen p2align=6 >> rev data1a, data1a >> #endif >> clz data1a, data1a >> - ldrd r4, r5, [sp], #8 >> add result, result, data1a, lsr #3 /* Bits -> Bytes. */ >> - bx lr >> +#if __ARM_FEATURE_PAC_DEFAULT >> + pop {r4, r5, ip} >> + .cfi_restore 4 >> + .cfi_restore 5 >> + .cfi_restore 143 >> + .cfi_def_cfa_offset 0 >> + aut ip, lr, sp >> +#else >> + ldrd r4, r5, [sp], #8 >> + .cfi_restore 4 >> + .cfi_restore 5 >> + .cfi_def_cfa_offset 0 >> +#endif /* __ARM_FEATURE_PAC_DEFAULT */ >> + bx lr >> + >> .Lmisaligned8: >> ldrd data1a, data1b, [src] >> @@ -177,4 +219,6 @@ def_fn strlen p2align=6 >> movne data1a, const_m1 >> mov const_0, #0 >> b .Lstart_realigned >> + .cfi_endproc >> + .fnend >> .size strlen, . - strlen >> diff --git a/newlib/libc/machine/arm/strlen-stub.c b/newlib/libc/machine/arm/strlen-stub.c >> index fc2daf16f..4a0bb8cbb 100644 >> --- a/newlib/libc/machine/arm/strlen-stub.c >> +++ b/newlib/libc/machine/arm/strlen-stub.c >> @@ -58,6 +58,11 @@ strlen (const char* str) >> "data .req r3\n\t" >> "addr .req r1\n\t" >> +#ifdef __ARM_FEATURE_PAC_DEFAULT >> + "pac ip, lr, sp\n\t" >> + "str ip, [sp, #-4]!\n\t" >> +#endif >> + >> #ifdef _ISA_ARM_7 >> "pld [r0]\n\t" >> #endif >> @@ -167,6 +172,10 @@ strlen (const char* str) >> "it ne\n\t" >> "addne len, len, #1\n\t" >> # endif >> +#endif >> +#ifdef __ARM_FEATURE_PAC_DEFAULT >> + "ldr ip, [sp], #4\n\t" >> + "aut ip, lr, sp\n\t" >> #endif >> "bx lr\n\t"); >> } >> diff --git a/newlib/libc/machine/arm/strlen-thumb2-Os.S b/newlib/libc/machine/arm/strlen-thumb2-Os.S >> index 961f41a0a..823b0310e 100644 >> --- a/newlib/libc/machine/arm/strlen-thumb2-Os.S >> +++ b/newlib/libc/machine/arm/strlen-thumb2-Os.S >> @@ -25,6 +25,7 @@ >> OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ >> #include "acle-compat.h" >> +#include "pacbti.h" >> .macro def_fn f p2align=0 >> .text >> @@ -33,8 +34,9 @@ >> .type \f, %function >> \f: >> .endm >> - >> -#if __ARM_ARCH_ISA_THUMB >= 2 && __ARM_ARCH >= 7 >> +#if __ARM_ARCH_8M_MAIN__ >> + /* keep config inherited from -march= */ >> +#elif __ARM_ARCH_ISA_THUMB >= 2 && __ARM_ARCH >= 7 >> .arch armv7 >> #else >> .arch armv6t2 >> @@ -44,11 +46,16 @@ >> .syntax unified >> def_fn strlen p2align=1 >> + .fnstart >> + .cfi_startproc >> + pacbti_prologue >> mov r3, r0 >> 1: ldrb.w r2, [r3], #1 >> cmp r2, #0 >> bne 1b >> subs r0, r3, r0 >> subs r0, #1 >> - bx lr >> + pacbti_epilogue >> + .cfi_endproc >> + .fnend >> .size strlen, . - strlen
On 05/07/2022 17:30, Victor L. Do Nascimento wrote: > Richard Earnshaw <Richard.Earnshaw@foss.arm.com> writes: > >> On 05/07/2022 14:58, Victor Do Nascimento wrote: >>> Add function prologue/epilogue to conditionally add BTI landing pads >>> and/or PAC code generation & authentication instructions depending on >>> compilation flags. >>> This patch enables PACBTI for all relevant variants of strlen: >>> * Newlib for armv8.1-m.main+pacbti >>> * Newlib for armv8.1-m.main+pacbti+mve >>> * Newlib-nano >>> --- >>> newlib/libc/machine/arm/strlen-armv7.S | 52 ++++++++++++++++++++-- >>> newlib/libc/machine/arm/strlen-stub.c | 9 ++++ >>> newlib/libc/machine/arm/strlen-thumb2-Os.S | 13 ++++-- >>> 3 files changed, 67 insertions(+), 7 deletions(-) >>> diff --git a/newlib/libc/machine/arm/strlen-armv7.S >>> b/newlib/libc/machine/arm/strlen-armv7.S >>> index f3dda0d60..18c8226d0 100644 >>> --- a/newlib/libc/machine/arm/strlen-armv7.S >>> +++ b/newlib/libc/machine/arm/strlen-armv7.S >>> @@ -59,6 +59,7 @@ >>> OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ >>> #include "acle-compat.h" >>> +#include "pacbti.h" >>> .macro def_fn f p2align=0 >>> .text >>> @@ -77,7 +78,9 @@ >>> #endif >>> /* This code requires Thumb. */ >>> -#if __ARM_ARCH_PROFILE == 'M' >>> +#if __ARM_ARCH_8M_MAIN__ >> >> These GCC architecture macros (those that end with '__') aren't portable and are >> essentially deprecated. What exactly are you trying to achieve here? > > It was my attempt at circumventing the .arch directives below. > As these older architecture lack the support for PACBTI instructions, if > we don't prevent the selection of the wrong target architecture, when > said instructions are encountered they cause Newlib compilation to fail. > > In particular, I needed to distinguish between armv7e-m and > armv8.1-m.main and chose the __ARM_ARCH_8M_MAIN__ macro out of the > output from using the -dM GCC preprocessor flag. > > Will fix. I'd suggest you use __ARM_ARCH >= 8, which should be enough (technically, of course, it should be >= 800, but GCC is broken on this). R. > >>> + /* keep config inherited from -march= */ >>> +#elif __ARM_ARCH_PROFILE == 'M' >>> .arch armv7e-m >>> #else >>> .arch armv6t2 >>> @@ -100,8 +103,34 @@ >>> #define tmp2 r5 >>> def_fn strlen p2align=6 >>> + .fnstart >>> + .cfi_startproc >>> + /* common pacbti_prologue macro from pacbti.h not used. >>> + handwritten prologue saves one push instruction. */ >>> +#if __ARM_FEATURE_PAC_DEFAULT >>> +#if __ARM_FEATURE_BTI_DEFAULT >>> + pacbti ip, lr, sp >>> +#else >>> + pac ip, lr, sp >>> +#endif /* __ARM_FEATURE_BTI_DEFAULT */ >>> + push {r4, r5, ip} >>> + .save {r4, r5, ra_auth_code} >>> + .cfi_def_cfa_offset 12 >>> + .cfi_offset 143, -4 >>> + .cfi_offset 5, -8 >>> + .cfi_offset 4, -12 >>> + >>> +#else >>> +#if __ARM_FEATURE_BTI_DEFAULT >>> + bti >>> +#endif /* __ARM_FEATURE_BTI_DEFAULT */ >>> + push {r4, r5} >>> + .save {r4, r5} >>> + .cfi_def_cfa_offset 8 >>> + .cfi_offset 5, -4 >>> + .cfi_offset 4, -8 >>> +#endif /* __ARM_FEATURE_PAC_DEFAULT */ >>> pld [srcin, #0] >>> - strd r4, r5, [sp, #-8]! >>> bic src, srcin, #7 >>> mvn const_m1, #0 >>> ands tmp1, srcin, #7 /* (8 - bytes) to alignment. */ >>> @@ -159,9 +188,22 @@ def_fn strlen p2align=6 >>> rev data1a, data1a >>> #endif >>> clz data1a, data1a >>> - ldrd r4, r5, [sp], #8 >>> add result, result, data1a, lsr #3 /* Bits -> Bytes. */ >>> - bx lr >>> +#if __ARM_FEATURE_PAC_DEFAULT >>> + pop {r4, r5, ip} >>> + .cfi_restore 4 >>> + .cfi_restore 5 >>> + .cfi_restore 143 >>> + .cfi_def_cfa_offset 0 >>> + aut ip, lr, sp >>> +#else >>> + ldrd r4, r5, [sp], #8 >>> + .cfi_restore 4 >>> + .cfi_restore 5 >>> + .cfi_def_cfa_offset 0 >>> +#endif /* __ARM_FEATURE_PAC_DEFAULT */ >>> + bx lr >>> + >>> .Lmisaligned8: >>> ldrd data1a, data1b, [src] >>> @@ -177,4 +219,6 @@ def_fn strlen p2align=6 >>> movne data1a, const_m1 >>> mov const_0, #0 >>> b .Lstart_realigned >>> + .cfi_endproc >>> + .fnend >>> .size strlen, . - strlen >>> diff --git a/newlib/libc/machine/arm/strlen-stub.c b/newlib/libc/machine/arm/strlen-stub.c >>> index fc2daf16f..4a0bb8cbb 100644 >>> --- a/newlib/libc/machine/arm/strlen-stub.c >>> +++ b/newlib/libc/machine/arm/strlen-stub.c >>> @@ -58,6 +58,11 @@ strlen (const char* str) >>> "data .req r3\n\t" >>> "addr .req r1\n\t" >>> +#ifdef __ARM_FEATURE_PAC_DEFAULT >>> + "pac ip, lr, sp\n\t" >>> + "str ip, [sp, #-4]!\n\t" >>> +#endif >>> + >>> #ifdef _ISA_ARM_7 >>> "pld [r0]\n\t" >>> #endif >>> @@ -167,6 +172,10 @@ strlen (const char* str) >>> "it ne\n\t" >>> "addne len, len, #1\n\t" >>> # endif >>> +#endif >>> +#ifdef __ARM_FEATURE_PAC_DEFAULT >>> + "ldr ip, [sp], #4\n\t" >>> + "aut ip, lr, sp\n\t" >>> #endif >>> "bx lr\n\t"); >>> } >>> diff --git a/newlib/libc/machine/arm/strlen-thumb2-Os.S b/newlib/libc/machine/arm/strlen-thumb2-Os.S >>> index 961f41a0a..823b0310e 100644 >>> --- a/newlib/libc/machine/arm/strlen-thumb2-Os.S >>> +++ b/newlib/libc/machine/arm/strlen-thumb2-Os.S >>> @@ -25,6 +25,7 @@ >>> OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ >>> #include "acle-compat.h" >>> +#include "pacbti.h" >>> .macro def_fn f p2align=0 >>> .text >>> @@ -33,8 +34,9 @@ >>> .type \f, %function >>> \f: >>> .endm >>> - >>> -#if __ARM_ARCH_ISA_THUMB >= 2 && __ARM_ARCH >= 7 >>> +#if __ARM_ARCH_8M_MAIN__ >>> + /* keep config inherited from -march= */ >>> +#elif __ARM_ARCH_ISA_THUMB >= 2 && __ARM_ARCH >= 7 >>> .arch armv7 >>> #else >>> .arch armv6t2 >>> @@ -44,11 +46,16 @@ >>> .syntax unified >>> def_fn strlen p2align=1 >>> + .fnstart >>> + .cfi_startproc >>> + pacbti_prologue >>> mov r3, r0 >>> 1: ldrb.w r2, [r3], #1 >>> cmp r2, #0 >>> bne 1b >>> subs r0, r3, r0 >>> subs r0, #1 >>> - bx lr >>> + pacbti_epilogue >>> + .cfi_endproc >>> + .fnend >>> .size strlen, . - strlen