This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCHv2 6/7, GCC, ARM, V8M] ARMv8-M Security Extension's cmse_nonsecure_call: use __gnu_cmse_nonsecure_call

From: "Andre Vieira (lists)" <Andre dot SimoesDiasVieira at arm dot com>
To: gcc-patches at gcc dot gnu dot org
Date: Fri, 2 Dec 2016 13:36:42 +0000
Subject: Re: [PATCHv2 6/7, GCC, ARM, V8M] ARMv8-M Security Extension's cmse_nonsecure_call: use __gnu_cmse_nonsecure_call
Authentication-results: sourceware.org; auth=none
References: <5796116C.6010100@arm.com> <57961383.7090709@arm.com> <57BD7E9E.6090906@arm.com> <580F8889.6080602@arm.com> <5811D05D.4070909@arm.com> <58233880.4010002@arm.com> <5825B0E8.1020803@foss.arm.com> <5825EE96.5050402@arm.com> <5825EF71.8030307@foss.arm.com> <5825EF95.2090109@foss.arm.com> <58358351.2080900@arm.com>

On 23/11/16 11:53, Andre Vieira (lists) wrote:
> On 11/11/16 16:19, Kyrill Tkachov wrote:
>> And CC'ing Ramana and Richard this time...
>>
> 
> Hi,
> 
> After some extra testing I found that the sibcall optimization was not
> disabled for calls to function pointers with the cmse_nonsecure_call
> attribute, causing the clearing and call to the function wrapper to be
> skipped. This would result in an illegal branch into secure memory and
> would HardFault.
> 
> Added a test.
> 
> Is this OK?
> 
> Cheers,
> Andre
> 
> *** gcc/ChangeLog ***
> 2016-11-xx  Andre Vieira        <andre.simoesdiasvieira@arm.com>
>             Thomas Preud'homme  <thomas.preudhomme@arm.com>
> 
>         * config/arm/arm.c (detect_cmse_nonsecure_call): New.
>         (cmse_nonsecure_call_clear_caller_saved): New.
>         (arm_reorg): Use cmse_nonsecure_call_clear_caller_saved.
>         (arm_function_ok_for_sibcall): Disable sibcalls for
> cmse_nonsecure_call.
>         * config/arm/arm-protos.h (detect_cmse_nonsecure_call): New.
>         * config/arm/arm.md (call): Handle cmse_nonsecure_entry.
>         (call_value): Likewise.
>         (nonsecure_call_internal): New.
>         (nonsecure_call_value_internal): New.
>         * config/arm/thumb1.md (*nonsecure_call_reg_thumb1_v5): New.
>         (*nonsecure_call_value_reg_thumb1_v5): New.
>         * config/arm/thumb2.md (*nonsecure_call_reg_thumb2): New.
>         (*nonsecure_call_value_reg_thumb2): New.
>         * config/arm/unspecs.md (UNSPEC_NONSECURE_MEM): New.
> 
> *** libgcc/ChangeLog ***
> 2016-11-xx  Andre Vieira        <andre.simoesdiasvieira@arm.com>
>             Thomas Preud'homme  <thomas.preudhomme@arm.com>
> 
>         * config/arm/cmse_nonsecure_call.S: New.
> 	* config/arm/t-arm: Compile cmse_nonsecure_call.S
> 
> 
> *** gcc/testsuite/ChangeLog ***
> 2016-11-xx  Andre Vieira        <andre.simoesdiasvieira@arm.com>
>             Thomas Preud'homme  <thomas.preudhomme@arm.com>
> 
>         * gcc.target/arm/cmse/cmse.exp: Run tests in mainline dir.
>         * gcc.target/arm/cmse/cmse-9.c: Added some extra tests.
>         * gcc.target/arm/cmse/cmse-14.c: New.
>         * gcc.target/arm/cmse/baseline/bitfield-4.c: New.
>         * gcc.target/arm/cmse/baseline/bitfield-5.c: New.
>         * gcc.target/arm/cmse/baseline/bitfield-6.c: New.
>         * gcc.target/arm/cmse/baseline/bitfield-7.c: New.
>         * gcc.target/arm/cmse/baseline/bitfield-8.c: New.
>         * gcc.target/arm/cmse/baseline/bitfield-9.c: New.
>         * gcc.target/arm/cmse/baseline/bitfield-and-union-1.c: New.
>         * gcc.target/arm/cmse/baseline/cmse-11.c: New.
> 	* gcc.target/arm/cmse/baseline/cmse-13.c: New.
> 	* gcc.target/arm/cmse/baseline/cmse-6.c: New.
>         * gcc/testsuite/gcc.target/arm/cmse/baseline/union-1.c: New.
>         * gcc/testsuite/gcc.target/arm/cmse/baseline/union-2.c: New.
> 	* gcc.target/arm/cmse/mainline/hard-sp/cmse-13.c: New.
> 	* gcc.target/arm/cmse/mainline/hard-sp/cmse-7.c: New.
> 	* gcc.target/arm/cmse/mainline/hard-sp/cmse-8.c: New.
> 	* gcc.target/arm/cmse/mainline/hard/cmse-13.c: New.
> 	* gcc.target/arm/cmse/mainline/hard/cmse-7.c: New.
> 	* gcc.target/arm/cmse/mainline/hard/cmse-8.c: New.
> 	* gcc.target/arm/cmse/mainline/soft/cmse-13.c: New.
> 	* gcc.target/arm/cmse/mainline/soft/cmse-7.c: New.
> 	* gcc.target/arm/cmse/mainline/soft/cmse-8.c: New.
> 	* gcc.target/arm/cmse/mainline/softfp-sp/cmse-7.c: New.
> 	* gcc.target/arm/cmse/mainline/softfp-sp/cmse-8.c: New.
> 	* gcc.target/arm/cmse/mainline/softfp/cmse-13.c: New.
> 	* gcc.target/arm/cmse/mainline/softfp/cmse-7.c: New.
> 	* gcc.target/arm/cmse/mainline/softfp/cmse-8.c: New.
> 
Hi,

To make the clearing of registers consistent between single and double
precision I decided to clear all FP registers with 0. The callee-saved
registers, saved, cleared and restored in the library wrapper we can do
this without much penalty to performance. The caller-saved registers are
compiler generated and currently generate a 'vldr' instruction, per
cleared (sp or dp) register. This is far from optimal, but it works and
it is "safer". I have some ideas to improve this, for instance using
r0-r1 to clear the FP registers, since they will either contain the
address of the callback function or an argument value, either way they
will never contain secret information. I will address this at a later time.

Changed the tests to reflect these changes. No changes to the ChangeLog.

Is this OK?

Cheers,
Andre

Attachment: diff6
Description: Text document

Follow-Ups:
- Re: [PATCHv2 6/7, GCC, ARM, V8M] ARMv8-M Security Extension's cmse_nonsecure_call: use __gnu_cmse_nonsecure_call
  - From: Kyrill Tkachov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]