[PATCH][GCC][AArch64] Ensure that outgoing argument size is at least 8 bytes when alloca and stack-clash. [Patch (3/6)]
Jeff Law
law@redhat.com
Fri Aug 3 18:05:00 GMT 2018
On 07/25/2018 05:09 AM, Tamar Christina wrote:
> Hi All,
>
> Attached an updated patch which documents what the test cases are expecting as requested.
>
> Ok for trunk?
>
> Thanks,
> Tamar
>
> gcc/
> 2018-07-25 Tamar Christina <tamar.christina@arm.com>
>
> PR target/86486
> * config/aarch64/aarch64.h (STACK_CLASH_OUTGOING_ARGS,
> STACK_DYNAMIC_OFFSET): New.
> * config/aarch64/aarch64.c (aarch64_layout_frame):
> Update outgoing args size.
> (aarch64_stack_clash_protection_alloca_probe_range,
> TARGET_STACK_CLASH_PROTECTION_ALLOCA_PROBE_RANGE): New.
>
> gcc/testsuite/
> 2018-07-25 Tamar Christina <tamar.christina@arm.com>
>
> PR target/86486
> * gcc.target/aarch64/stack-check-alloca-1.c: New.
> * gcc.target/aarch64/stack-check-alloca-10.c: New.
> * gcc.target/aarch64/stack-check-alloca-2.c: New.
> * gcc.target/aarch64/stack-check-alloca-3.c: New.
> * gcc.target/aarch64/stack-check-alloca-4.c: New.
> * gcc.target/aarch64/stack-check-alloca-5.c: New.
> * gcc.target/aarch64/stack-check-alloca-6.c: New.
> * gcc.target/aarch64/stack-check-alloca-7.c: New.
> * gcc.target/aarch64/stack-check-alloca-8.c: New.
> * gcc.target/aarch64/stack-check-alloca-9.c: New.
> * gcc.target/aarch64/stack-check-alloca.h: New.
> * gcc.target/aarch64/stack-check-14.c: New.
> * gcc.target/aarch64/stack-check-15.c: New.
>
>> -----Original Message-----
>> From: Tamar Christina
>> Sent: Friday, July 13, 2018 17:36
>> To: Tamar Christina <Tamar.Christina@arm.com>; gcc-patches@gcc.gnu.org
>> Cc: nd <nd@arm.com>; James Greenhalgh <James.Greenhalgh@arm.com>;
>> Richard Earnshaw <Richard.Earnshaw@arm.com>; Marcus Shawcroft
>> <Marcus.Shawcroft@arm.com>
>> Subject: RE: [PATCH][GCC][AArch64] Ensure that outgoing argument size is at
>> least 8 bytes when alloca and stack-clash. [Patch (3/6)]
>>
>> Hi All,
>>
>> I'm sending an updated patch which updates a testcase that hits one of our
>> corner cases.
>> This is an assembler scan only update in a testcase.
>>
>> Regards,
>> Tamar
>>
>>> -----Original Message-----
>>> From: Tamar Christina <tamar.christina@arm.com>
>>> Sent: Wednesday, July 11, 2018 12:21
>>> To: gcc-patches@gcc.gnu.org
>>> Cc: nd <nd@arm.com>; James Greenhalgh <James.Greenhalgh@arm.com>;
>>> Richard Earnshaw <Richard.Earnshaw@arm.com>; Marcus Shawcroft
>>> <Marcus.Shawcroft@arm.com>
>>> Subject: [PATCH][GCC][AArch64] Ensure that outgoing argument size is
>>> at least 8 bytes when alloca and stack-clash. [Patch (3/6)]
>>>
>>> Hi All,
>>>
>>> This patch adds a requirement that the number of outgoing arguments
>>> for a function is at least 8 bytes when using stack-clash protection.
>>>
>>> By using this condition we can avoid a check in the alloca code and so
>>> have smaller and simpler code there.
>>>
>>> A simplified version of the AArch64 stack frames is:
>>>
>>> +-----------------------+
>>> | |
>>> | |
>>> | |
>>> +-----------------------+
>>> |LR |
>>> +-----------------------+
>>> |FP |
>>> +-----------------------+
>>> |dynamic allocations | ---- expanding area which will push the outgoing
>>> +-----------------------+ args down during each allocation.
>>> |padding |
>>> +-----------------------+
>>> |outgoing stack args | ---- safety buffer of 8 bytes (aligned)
>>> +-----------------------+
>>>
>>> By always defining an outgoing argument, alloca(0) effectively is safe
>>> to probe at $sp due to the reserved buffer being there. It will never
>>> corrupt the stack.
>>>
>>> This is also safe for alloca(x) where x is 0 or x % page_size == 0.
>>> In the former it is the same case as alloca(0) while the latter is
>>> safe because any allocation pushes the outgoing stack args down:
>>>
>>> |FP |
>>> +-----------------------+
>>> | |
>>> |dynamic allocations | ---- alloca (x)
>>> | |
>>> +-----------------------+
>>> |padding |
>>> +-----------------------+
>>> |outgoing stack args | ---- safety buffer of 8 bytes (aligned)
>>> +-----------------------+
>>>
>>> Which means when you probe for the residual, if it's 0 you'll again
>>> just probe in the outgoing stack args range, which we know is non-zero (at
>> least 8 bytes).
>>>
>>> Bootstrapped Regtested on aarch64-none-linux-gnu and no issues.
>>> Target was tested with stack clash on and off by default.
>>>
>>> Ok for trunk?
>>>
>>> Thanks,
>>> Tamar
>>>
>>> gcc/
>>> 2018-07-11 Tamar Christina <tamar.christina@arm.com>
>>>
>>> PR target/86486
>>> * config/aarch64/aarch64.h (STACK_CLASH_OUTGOING_ARGS,
>>> STACK_DYNAMIC_OFFSET): New.
>>> * config/aarch64/aarch64.c (aarch64_layout_frame):
>>> Update outgoing args size.
>>> (aarch64_stack_clash_protection_alloca_probe_range,
>>> TARGET_STACK_CLASH_PROTECTION_ALLOCA_PROBE_RANGE):
>>> New.
>>>
>>> gcc/testsuite/
>>> 2018-07-11 Tamar Christina <tamar.christina@arm.com>
>>>
>>> PR target/86486
>>> * gcc.target/aarch64/stack-check-alloca-1.c: New.
>>> * gcc.target/aarch64/stack-check-alloca-10.c: New.
>>> * gcc.target/aarch64/stack-check-alloca-2.c: New.
>>> * gcc.target/aarch64/stack-check-alloca-3.c: New.
>>> * gcc.target/aarch64/stack-check-alloca-4.c: New.
>>> * gcc.target/aarch64/stack-check-alloca-5.c: New.
>>> * gcc.target/aarch64/stack-check-alloca-6.c: New.
>>> * gcc.target/aarch64/stack-check-alloca-7.c: New.
>>> * gcc.target/aarch64/stack-check-alloca-8.c: New.
>>> * gcc.target/aarch64/stack-check-alloca-9.c: New.
>>> * gcc.target/aarch64/stack-check-alloca.h: New.
>>> * gcc.target/aarch64/stack-check-14.c: New.
>>> * gcc.target/aarch64/stack-check-15.c: New.
>>>
>>> --
Likewise -- no concerns on my end. AArch64 maintainers have the final say.
jeff
More information about the Gcc-patches
mailing list