@@ -99,4 +99,10 @@ enum aarch64_function_type {
AARCH64_FUNCTION_ALL
};
+/* GCC standard stack protector (Canary insertion based) types for AArch64. */
+enum aarch64_stack_protector_type {
+ STACK_PROTECTOR_TRAD,
+ STACK_PROTECTOR_PAUTH
+};
+
#endif
@@ -982,4 +982,25 @@ enum aarch64_pauth_action_type
AARCH64_PAUTH_AUTH
};
+/* Pointer authentication accelerated -fstack-protector. */
+#define AARCH64_PAUTH_SSP_OPTION \
+ (TARGET_PAUTH && aarch64_stack_protector_dialect == STACK_PROTECTOR_PAUTH)
+
+#define AARCH64_PAUTH_SSP \
+ (crtl->stack_protect_guard && AARCH64_PAUTH_SSP_OPTION)
+
+#define AARCH64_PAUTH_SSP_OR_RA_SIGN \
+ (AARCH64_PAUTH_SSP || AARCH64_ENABLE_RETURN_ADDRESS_SIGN)
+
+#ifndef TARGET_LIBC_PROVIDES_SSP
+#define LINK_SSP_SPEC "%{!mstack-protector-dialect=pauth:\
+ %{fstack-protector|fstack-protector-all\
+ |fstack-protector-strong|fstack-protector-explicit:\
+ -lssp_nonshared -lssp}}"
+#endif
+
+/* Don't use GCC default SSP runtime if pointer authentication acceleration
+ enabled. */
+#define ENABLE_DEFAULT_SSP_RUNTIME !(AARCH64_PAUTH_SSP_OPTION)
+
#endif /* GCC_AARCH64_H */
@@ -2993,6 +2993,15 @@ aarch64_layout_frame (void)
= cfun->machine->frame.frame_size - cfun->machine->frame.initial_adjust;
}
+ if (AARCH64_PAUTH_SSP)
+ {
+ cfun->machine->frame.callee_adjust = varargs_and_saved_regs_size;
+ cfun->machine->frame.final_adjust
+ = cfun->machine->frame.frame_size - cfun->machine->frame.callee_adjust;
+ cfun->machine->frame.hard_fp_offset = cfun->machine->frame.callee_adjust;
+ cfun->machine->frame.locals_offset = cfun->machine->frame.hard_fp_offset;
+ }
+
cfun->machine->frame.laid_out = true;
}
@@ -3203,7 +3212,7 @@ aarch64_save_callee_saves (machine_mode mode, HOST_WIDE_INT start_offset,
RTX_FRAME_RELATED_P (insn) = 1;
- if (AARCH64_ENABLE_RETURN_ADDRESS_SIGN && lr_pair_reg != INVALID_REGNUM)
+ if (AARCH64_PAUTH_SSP_OR_RA_SIGN && lr_pair_reg != INVALID_REGNUM)
{
rtx cfi_ops = NULL_RTX;
@@ -3335,7 +3344,7 @@ aarch64_expand_prologue (void)
/* Do return address signing for all functions, even those for which LR is not
pushed onto stack. */
- if (AARCH64_ENABLE_RETURN_ADDRESS_SIGN)
+ if (AARCH64_PAUTH_SSP_OR_RA_SIGN)
{
insn = emit_insn (gen_sign_reg (gen_rtx_REG (Pmode, LR_REGNUM),
gen_rtx_REG (Pmode, LR_REGNUM),
@@ -3368,7 +3377,7 @@ aarch64_expand_prologue (void)
aarch64_push_regs (reg1, reg2, callee_adjust);
/* Generate return address signing dwarf annotation when
omit-frame-pointer. */
- if (AARCH64_ENABLE_RETURN_ADDRESS_SIGN
+ if (AARCH64_PAUTH_SSP_OR_RA_SIGN
&& (reg1 == LR_REGNUM || reg2 == LR_REGNUM))
{
rtx cfi_ops = NULL_RTX;
@@ -3503,7 +3512,7 @@ aarch64_expand_epilogue (bool for_sibcall)
rtx new_cfa = plus_constant (Pmode, stack_pointer_rtx, initial_adjust);
cfi_ops = alloc_reg_note (REG_CFA_DEF_CFA, new_cfa, cfi_ops);
- if (AARCH64_ENABLE_RETURN_ADDRESS_SIGN)
+ if (AARCH64_PAUTH_SSP_OR_RA_SIGN)
REG_NOTES (insn) = aarch64_attach_ra_auth_dwarf_note (cfi_ops, 0);
else
REG_NOTES (insn) = cfi_ops;
@@ -3528,7 +3537,7 @@ aarch64_expand_epilogue (bool for_sibcall)
authentication, as the following stack adjustment will update CFA to
handler's CFA while we want to use the CFA of the function which calls
__builtin_eh_return. */
- if (AARCH64_ENABLE_RETURN_ADDRESS_SIGN
+ if (AARCH64_PAUTH_SSP_OR_RA_SIGN
&& (for_sibcall || !TARGET_PAUTH || crtl->calls_eh_return))
{
insn = emit_insn (gen_auth_reg (gen_rtx_REG (Pmode, LR_REGNUM),
@@ -8737,6 +8746,14 @@ aarch64_override_options (void)
if (aarch64_ra_sign_scope != AARCH64_FUNCTION_NONE && TARGET_ILP32)
error ("Return address signing is only supported on LP64");
+ if (aarch64_stack_protector_dialect == STACK_PROTECTOR_PAUTH && TARGET_ILP32)
+ error ("Pointer authentication based -fstack-protector is only supported "
+ "on LP64.");
+
+ if (aarch64_stack_protector_dialect == STACK_PROTECTOR_PAUTH && !TARGET_PAUTH)
+ error ("Pointer authentication based -fstack-protector is only supported "
+ "on architecture with pointer authentication extension.");
+
/* Make sure we properly set up the explicit options. */
if ((aarch64_cpu_string && valid_cpu)
|| (aarch64_tune_string && valid_tune))
@@ -581,9 +581,7 @@
[(return)]
""
{
- if (AARCH64_ENABLE_RETURN_ADDRESS_SIGN
- && TARGET_PAUTH
- && !crtl->calls_eh_return)
+ if (AARCH64_PAUTH_SSP_OR_RA_SIGN && TARGET_PAUTH && !crtl->calls_eh_return)
{
if (aarch64_pauth_key == AARCH64_PAUTH_IKEY_A)
return "retaa";
@@ -198,3 +198,17 @@ Common Var(flag_mlow_precision_div) Optimization
Enable the division approximation. Enabling this reduces
precision of division results to about 16 bits for
single precision and to 32 bits for double precision.
+
+Enum
+Name(stack_protector_type) Type(enum aarch64_stack_protector_type)
+The possible stack protector dialects:
+
+EnumValue
+Enum(stack_protector_type) String(trad) Value(STACK_PROTECTOR_TRAD)
+
+EnumValue
+Enum(stack_protector_type) String(pauth) Value(STACK_PROTECTOR_PAUTH)
+
+mstack-protector-dialect=
+Target RejectNegative Joined Enum(stack_protector_type) Var(aarch64_stack_protector_dialect) Init(STACK_PROTECTOR_TRAD) Save
+Specify stack protector dialect.
@@ -13357,6 +13357,12 @@ Select the key used for return address signing. Permissible values are
@samp{a_key} for A key and @samp{b_key} for B key. @samp{a_key} is the default
value.
+@item -mstack-protector-dialect=@var{dialect}
+@opindex mstack-protector-dialect
+Select the dialect for GCC -fstack-protector. @samp{trad} for GCC default
+implementation and @samp{pauth} for pointer authentication accelerated
+implementation for AArch64 LP64.
+
@end table
@subsubsection @option{-march} and @option{-mcpu} Feature Modifiers
This patch accelerates GCC's existed -fstack-protector using ARMv8.3-A pointer authentication instructions. Given AArch64 currently has the following stack layout: | caller's LR | .... |------------ | canary <- sentinel for -fstack-protector | locals (buffer located here) |------------ | | other callees | | callee's LR <- sentinel for -msign-return-address |------------ | we can switch locals and callees, | ... | vararg |------------ | other callee |------------ | LR |------------ | locals (buffer located here) We then sign LR and make it serve as canary value. There are several benefits of this approach: * It's evetually -msign-return-address + swap locals and callees areas. * Require nearly no modifications on prologue and epilogue, avoid making them complexer. * No need of any other runtime support, libssp is not required. The runtime overhead before and after this patch will be: o canary insert GCC default SSP runtime was loading from global variable "__stack_chk_guard" initilized in libssp: adrp x19, _GLOBAL_OFFSET_TABLE_ ldr x19, [x19, #:gotpage_lo15:__stack_chk_guard] ldr x2, [x19] str x2, [x29, 56] this patch accelerats into: sign lr o canary check GCC default SSP runtime was reloading from stack, then comparing with original value and branch to abort function: ldr x2, [x29, 56] ldr x1, [x19] eor x1, x2, x1 cbnz x1, .L5 ... ret .L5: bl __stack_chk_fail acclerated into: aut lr + ret or retaa the the canary value (signed LR) fails authentication, the return to invalid address will cause exception. NOTE, this approach however requires DWARF change as the original LR is signed, the binary needs new libgcc to make sure c++ eh works correctly. Given this acceleration already needs the user specify -mstack-protector-dialect=pauth which means the target platform largely should have install new libgcc, otherwise you can't utilize new pointer authentication features. gcc/ 2016-11-11 Jiong Wang <jiong.wang@arm.com> * config/aarch64/aarch64-opts.h (aarch64_stack_protector_type): New enum. (aarch64_layout_frame): Swap callees and locals when -mstack-protector-dialect=pauth specified. (aarch64_expand_prologue): Use AARCH64_PAUTH_SSP_OR_RA_SIGN instead of AARCH64_ENABLE_RETURN_ADDRESS_SIGN. (aarch64_expand_epilogue): Likewise. * config/aarch64/aarch64.md (*do_return): Likewise. (aarch64_override_options): Sanity check for ILP32 and TARGET_PAUTH. * config/aarch64/aarch64.h (AARCH64_PAUTH_SSP_OPTION, AARCH64_PAUTH_SSP, AARCH64_PAUTH_SSP_OR_RA_SIGN, LINK_SSP_SPEC): New defines. * config/aarch64/aarch64.opt (-mstack-protector-dialect=): New option. * doc/invoke.texi (AArch64 Options): Documents -mstack-protector-dialect=.