The AArch32 instruction sets prior to Armv7 do not define the ISB and
DSB instructions that are needed to form a speculation barrier. While
I do not know of any instances of cores based on those instruction
sets being vulnerable to speculative side channel attacks it is
possible to run code built for those ISAs on more recent hardware
where they would become vulnerable.
This patch works around this by using a library call added to libgcc.
That code can then take any platform-specific actions necessary to
ensure safety.
For the moment I've only handled two cases: the library code being
built for armv7 or later anyway and running on Linux.
On Linux we can handle this by calling the kernel function that will
flush a small amount of cache. Such a sequence ends with a ISB+DSB
sequence if running on an Armv7 or later CPU.
gcc:
PR target/86951
* config/arm/arm-protos.h (arm_emit_speculation_barrier): New
prototype.
* config/arm/arm.c (speculation_barrier_libfunc): New static
variable.
(arm_init_libfuncs): Initialize it.
(arm_emit_speculation_barrier): New function.
* config/arm/arm.md (speculation_barrier): Call
arm_emit_speculation_barrier for architectures that do not have
DSB or ISB.
(speculation_barrier_insn): Only match on Armv7 or later.
libgcc:
PR target/86951
* config/arm/lib1funcs.asm (speculation_barrier): New function.
* config/arm/t-arm (LIB1ASMFUNCS): Add it to list of functions
to build.
From-SVN: r263806
CET kernel has been changed to place a restore token on shadow stack for
signal handler to enhance security. It is usually transparent to user
programs since kernel will pop the restore token when signal handler
returns. But when an exception is thrown from a signal handler, now
we need to remove _Unwind_Frames_Increment to pop the the restore token
from shadow stack. Otherwise, we get
FAIL: g++.dg/torture/pr85334.C -O0 execution test
FAIL: g++.dg/torture/pr85334.C -O1 execution test
FAIL: g++.dg/torture/pr85334.C -O2 execution test
FAIL: g++.dg/torture/pr85334.C -O3 -g execution test
FAIL: g++.dg/torture/pr85334.C -Os execution test
FAIL: g++.dg/torture/pr85334.C -O2 -flto -fno-use-linker-plugin -flto-partition=none execution test
PR libgcc/85334
* config/i386/shadow-stack-unwind.h (_Unwind_Frames_Increment):
Removed.
From-SVN: r263030
[gcc]
2018-06-18 Michael Meissner <meissner@linux.ibm.com>
PR target/85358
* config/rs6000/rs6000-modes.def (toplevel): Rework the 128-bit
floating point modes, so that IFmode is numerically greater than
TFmode, which is greater than KFmode using FRACTIONAL_FLOAT_MODE
to declare the ordering. This prevents IFmode from being
converted to TFmode when long double is IEEE 128-bit on an ISA 3.0
machine. Include rs6000-modes.h to share the fractional values
between genmodes* and the rest of the compiler.
(IFmode): Likewise.
(KFmode): Likewise.
(TFmode): Likewise.
* config/rs6000/rs6000-modes.h: New file.
* config/rs6000/rs6000.c (rs6000_debug_reg_global): Change the
meaning of rs6000_long_double_size so that 126..128 selects an
appropriate 128-bit floating point type.
(rs6000_option_override_internal): Likewise.
* config/rs6000/rs6000.h (toplevel): Include rs6000-modes.h.
(TARGET_LONG_DOUBLE_128): Change the meaning of
rs6000_long_double_size so that 126..128 selects an appropriate
128-bit floating point type.
(LONG_DOUBLE_TYPE_SIZE): Update comment.
* config/rs6000/rs6000.md (trunciftf2): Correct the modes of the
source and destination to match the standard usage.
(truncifkf2): Likewise.
(copysign<mode>3, IEEE iterator): Rework copysign of float128 on
ISA 2.07 to use an explicit clobber, instead of passing in a
temporary.
(copysign<mode>3_soft): Likewise.
[libgcc]
2018-06-18 Michael Meissner <meissner@linux.ibm.com>
* config/rs6000/t-float128 (FP128_CFLAGS_SW): Compile float128
support modules with -mno-gnu-attribute.
* config/rs6000/t-float128-hw (FP128_CFLAGS_HW): Likewise.
From-SVN: r261712
2018-06-07 Olivier Hainque <hainque@adacore.com>
* config/t-vxworks (LIBGCC_INCLUDES): Add
-I$(MULTIBUILDTOP)../../gcc/include.
* config/t-vxworks7: Likewise. Reformat a bit to match
the t-vxworks layout.
From-SVN: r261273
The -march=armv5 and armv5e options have been deprecated in GCC 7 [1].
This patch removes support for them.
It's mostly mechanical stuff. The functionality that was previously
gated on arm_arch5 is now gated on arm_arch5t and the functionality
that was gated on arm_arch5e is now gated on arm_arch5te.
A path in TARGET_OS_CPP_BUILTINS for VxWorks is now unreachable and
therefore is deleted.
References to armv5 and armv5e are deleted/updated throughout the
source tree and testsuite.
Bootstrapped and tested on arm-none-linux-gnueabihf.
Also built a cc1 for arm-wrs-vxworks as a sanity check.
* config/arm/arm-cpus.in (armv5, armv5e): Delete features.
(armv5t, armv5te): New features.
(ARMv5, ARMv5e): Delete fgroups.
(ARMv5t, ARMv5te): Adjust for above changes.
(ARMv6m): Likewise.
(armv5, armv5e): Delete arches.
* config/arm/arm.md (*call_reg_armv5): Use arm_arch5t instead of
arm_arch5.
(*call_reg_arm): Likewise.
(*call_value_reg_armv5): Likewise.
(*call_value_reg_arm): Likewise.
(*call_symbol): Likewise.
(*call_value_symbol): Likewise.
(*sibcall_insn): Likewise.
(*sibcall_value_insn): Likewise.
(clzsi2): Likewise.
(prefetch): Likewise.
(define_split and define_peephole2 dependent on arm_arch5):
Likewise.
* config/arm/arm.h (TARGET_LDRD): Use arm_arch5te instead of
arm_arch5e.
(TARGET_ARM_QBIT): Likewise.
(TARGET_DSP_MULTIPLY): Likewise.
(enum base_architecture): Delete BASE_ARCH_5, BASE_ARCH_5E.
(arm_arch5, arm_arch5e): Delete.
(arm_arch5t, arm_arch5te): Declare.
* config/arm/arm.c (arm_arch5, arm_arch5e): Delete.
(arm_arch5t): Declare.
(arm_option_reconfigure_globals): Update for the above.
(arm_options_perform_arch_sanity_checks): Update comment, replace
use of arm_arch5 with arm_arch5t.
(use_return_insn): Likewise.
(arm_emit_call_insn): Likewise.
(output_return_instruction): Likewise.
(arm_final_prescan_insn): Likewise.
(arm_coproc_builtin_available): Likewise.
* config/arm/arm-c.c (arm_cpu_builtins): Replace arm_arch5 and
arm_arch5e with arm_arch5t and arm_arch5te.
* config/arm/arm-protos.h (arm_arch5, arm_arch5e): Delete.
(arm_arch5t, arm_arch5te): Declare.
* config/arm/arm-tables.opt: Regenerate.
* config/arm/t-arm-elf: Remove references to armv5, armv5e.
* config/arm/t-multilib: Likewise.
* config/arm/thumb1.md (*call_reg_thumb1_v5): Check arm_arch5t
instead of arm_arch5.
(*call_reg_thumb1): Likewise.
(*call_value_reg_thumb1_v5): Likewise.
(*call_value_reg_thumb1): Likewise.
* config/arm/vxworks.h (TARGET_OS_CPP_BUILTINS): Remove now
unreachable path.
* doc/invoke.texi (ARM Options): Remove references to armv5, armv5e.
* gcc.target/arm/pr40887.c: Update comment.
* lib/target-supports.exp: Don't generate effective target checks
and related helpers for armv5. Update comment.
* gcc.target/arm/armv5_thumb_isa.c: Delete.
* gcc.target/arm/di-longlong64-sync-withhelpers.c: Update effective
target check and options.
* config/arm/libunwind.S: Update comment relating to armv5.
From-SVN: r260362
[libgcc]
2018-04-20 Michael Meissner <meissner@linux.ibm.com>
PR target/85456
* config/rs6000/_powikf2.c: New file. Add support for the
__builtin_powil function when long double is IEEE 128-bit floating
point.
* config/rs6000/float128-ifunc.c (__powikf2_resolve): Add
__powikf2 support.
(__powikf2): Likewise.
* config/rs6000/quad-float128.h (__powikf2_sw): Likewise.
(__powikf2_hw): Likewise.
(__powikf2): Likewise.
* config/rs6000/t-float128 (fp128_ppc_funcs): Likewise.
* config/rs6000/t-float128-hw (fp128_hw_func): Likewise.
(_powikf2-hw.c): Likewise.
[gcc]
2018-04-20 Michael Meissner <meissner@linux.ibm.com>
PR target/85456
* config/rs6000/rs6000.c (init_float128_ieee): Add support to call
__powikf2 when long double is IEEE 128-bit.
[gcc/testsuite]
2018-04-20 Michael Meissner <meissner@linux.ibm.com>
PR target/85456
* gcc.target/powerpc/pr85456.c: New test.
From-SVN: r259533
When -fcf-protection -mcet is used, I got
FAIL: g++.dg/eh/sighandle.C
(gdb) bt
#0 _Unwind_RaiseException (exc=exc@entry=0x416ed0)
at /export/gnu/import/git/sources/gcc/libgcc/unwind.inc:140
#1 0x00007ffff7d9936b in __cxxabiv1::__cxa_throw (obj=<optimized out>,
tinfo=0x403dd0 <typeinfo for int@@CXXABI_1.3>, dest=0x0)
at /export/gnu/import/git/sources/gcc/libstdc++-v3/libsupc++/eh_throw.cc:90
#2 0x0000000000401255 in sighandler (signo=11, si=0x7fffffffd6f8,
uc=0x7fffffffd5c0)
at /export/gnu/import/git/sources/gcc/gcc/testsuite/g++.dg/eh/sighandle.C:9
#3 <signal handler called> <<<< Signal frame which isn't on shadow stack
#4 dosegv ()
at /export/gnu/import/git/sources/gcc/gcc/testsuite/g++.dg/eh/sighandle.C:14
#5 0x00000000004012e3 in main ()
at /export/gnu/import/git/sources/gcc/gcc/testsuite/g++.dg/eh/sighandle.C:30
(gdb) p frames
$6 = 5
(gdb)
frame count should be 4, not 5. This patch skips signal frames when
unwinding shadow stack.
gcc/testsuite/
PR libgcc/85334
* g++.dg/torture/pr85334.C: New test.
libgcc/
PR libgcc/85334
* unwind-generic.h (_Unwind_Frames_Increment): New.
* config/i386/shadow-stack-unwind.h (_Unwind_Frames_Increment):
Likewise.
* unwind.inc (_Unwind_RaiseException_Phase2): Increment frame
count with _Unwind_Frames_Increment.
(_Unwind_ForcedUnwind_Phase2): Likewise.
From-SVN: r259502
Program received signal SIGSEGV, Segmentation fault.
__stack_split_initialize ()
at /export/gnu/import/git/sources/gcc/libgcc/config/i386/morestack.S:751
751 leaq -16000(%rsp),%rax # We should have at least 16K.
Missing separate debuginfos, use: dnf debuginfo-install libgcc-8.0.1-0.21.0.fc28.x86_64
(gdb) disass
Dump of assembler code for function __stack_split_initialize:
=> 0x0000000000402858 <+0>: lea -0x3e80(%rsp),%rax
0x0000000000402860 <+8>: mov %rax,%fs:0x70
0x0000000000402869 <+17>: sub $0x8,%rsp
0x000000000040286d <+21>: mov %rsp,%rdi
0x0000000000402870 <+24>: mov $0x3e80,%esi
0x0000000000402875 <+29>: callq 0x401810 <__generic_morestack_set_initial_sp>
0x000000000040287a <+34>: add $0x8,%rsp
0x000000000040287e <+38>: retq
End of assembler dump.
(gdb)
This patch adds the missing ENDBR to __stack_split_initialize.
PR libgcc/85379
* config/i386/morestack.S (__stack_split_initialize): Add
_CET_ENDBR.
From-SVN: r259497
PR target/84945
* config/i386/cpuinfo.c (set_feature): Wrap into do while (0) to avoid
-Wdangling-else warnings. Mask shift counts to avoid
-Wshift-count-negative and -Wshift-count-overflow false positives.
From-SVN: r259398
Enable AVX and AVX512 features only if their states are supported by
OSXSAVE.
PR target/85100
* config/i386/cpuinfo.c (XCR_XFEATURE_ENABLED_MASK): New.
(XSTATE_FP): Likewise.
(XSTATE_SSE): Likewise.
(XSTATE_YMM): Likewise.
(XSTATE_OPMASK): Likewise.
(XSTATE_ZMM): Likewise.
(XSTATE_HI_ZMM): Likewise.
(XCR_AVX_ENABLED_MASK): Likewise.
(XCR_AVX512F_ENABLED_MASK): Likewise.
(get_available_features): Enable AVX and AVX512 features only
if their states are supported by OSXSAVE.
From-SVN: r258954
PR target/84945
* config/i386/i386.c (fold_builtin_cpu): For features above 31
use __cpu_features2 variable instead of __cpu_model.__cpu_features[0].
Use 1U instead of 1. Formatting fixes.
* gcc.target/i386/pr84945.c: New test.
* config/i386/cpuinfo.h (__cpu_features2): Declare.
* config/i386/cpuinfo.c (__cpu_features2): New variable for
ifndef SHARED only.
(set_feature): Define.
(get_available_features): Use set_feature macro. Set __cpu_features2
to the second word of features ifndef SHARED.
From-SVN: r258673
PR debug/83917
* configure.ac (AS_HIDDEN_DIRECTIVE): AC_DEFINE_UNQUOTED this to
$asm_hidden_op if visibility ("hidden") attribute works.
(HAVE_AS_CFI_SECTIONS): New AC_DEFINE.
* config/i386/i386-asm.h: Don't include auto-host.h.
(PACKAGE_VERSION, PACKAGE_NAME, PACKAGE_STRING, PACKAGE_TARNAME,
PACKAGE_URL): Don't undefine.
(USE_GAS_CFI_DIRECTIVES): Don't use nor define this macro, instead
guard cfi_startproc only on ifdef __GCC_HAVE_DWARF2_CFI_ASM.
(FN_HIDDEN): Change guard from #ifdef HAVE_GAS_HIDDEN to
#ifdef AS_HIDDEN_DIRECTIVE, use AS_HIDDEN_DIRECTIVE macro in the
definition instead of hardcoded .hidden.
* config/i386/cygwin.S: Include i386-asm.h first before .cfi_sections
directive. Use #ifdef HAVE_AS_CFI_SECTIONS rather than
#ifdef HAVE_GAS_CFI_SECTIONS_DIRECTIVE to guard .cfi_sections.
(USE_GAS_CFI_DIRECTIVES): Don't define.
* configure: Regenerated.
* config.in: Likewise.
From-SVN: r258057
PR debug/83917
* config/i386/i386-asm.h (PACKAGE_VERSION, PACKAGE_NAME,
PACKAGE_STRING, PACKAGE_TARNAME, PACKAGE_URL): Undefine between
inclusion of auto-target.h and auto-host.h.
(USE_GAS_CFI_DIRECTIVES): Define if not defined already based on
__GCC_HAVE_DWARF2_CFI_ASM.
(cfi_startproc, cfi_endproc, cfi_adjust_cfa_offset,
cfi_def_cfa_register, cfi_def_cfa, cfi_register, cfi_offset, cfi_push,
cfi_pop): Define.
* config/i386/cygwin.S: Don't include auto-host.h here, just
define USE_GAS_CFI_DIRECTIVES to 1 or 0 and include i386-asm.h.
(cfi_startproc, cfi_endproc, cfi_adjust_cfa_offset,
cfi_def_cfa_register, cfi_register, cfi_push, cfi_pop): Remove.
* config/i386/resms64fx.h: Add cfi_* directives.
* config/i386/resms64x.h: Likewise.
From-SVN: r258010
Introduce a couple of new CET intrinsics for reading and updating a
shadow stack pointer (_get_ssp and _inc_ssp). They replace the existing
_rdssp[d|q] and _incssp[d|q] instrinsics.
PR target/84239
* gcc/config/i386/cetintrin.h: Remove _rdssp[d|q] and
add _get_ssp intrinsics. Remove argument from
__builtin_ia32_rdssp[d|q].
* gcc/config/i386/i386-builtin-types.def: Add UINT_FTYPE_VOID.
* gcc/config/i386/i386-builtin.def: Remove argument from
__builtin_ia32_rdssp[d|q].
* gcc/config/i386/i386.c: Use UINT_FTYPE_VOID. Use
ix86_expand_special_args_builtin for _rdssp[d|q].
* gcc/config/i386/i386.md: Remove argument from rdssp[si|di] insn.
Clear register before usage.
* doc/extend.texi: Remove argument from __builtin_ia32_rdssp[d|q].
Add documentation for new _get_ssp and _inc_ssp intrinsics.
* testsuite/gcc.target/i386/cet-intrin-3.c: Use new _get_ssp and
_inc_ssp intrinsics.
* testsuite/gcc.target/i386/cet-intrin-4.c: Likewise.
* testsuite/gcc.target/i386/cet-rdssp-1.c: Remove argument from
__builtin_ia32_rdssp[d|q].
* libgcc/config/i386/shadow-stack-unwind.hi (_Unwind_Frames_Extra):
Use new _get_ssp and _inc_ssp intrinsics.
From-SVN: r257660
libgcc/
2018-01-23 Max Filippov <jcmvbkbc@gmail.com>
* config/xtensa/ieee754-df.S (__addsf3, __subsf3, __mulsf3)
(__divsf3): Make NaN return value quiet.
* config/xtensa/ieee754-sf.S (__adddf3, __subdf3, __muldf3)
(__divdf3): Make NaN return value quiet.
From-SVN: r257002
This patch adds support for unwinding frames that use the SVE
pseudo VG register. We want this register to act like a normal
register if the CFI explicitly sets it, but want to provide a
default value otherwise. Computing the default value requires
an SVE target, so we only want to compute it on demand.
aarch64_vg uses a hard-coded .inst in order to avoid a build
dependency on binutils 2.28 or later.
2018-01-13 Richard Sandiford <richard.sandiford@linaro.org>
gcc/
* doc/tm.texi.in (DWARF_LAZY_REGISTER_VALUE): Document.
* doc/tm.texi: Regenerate.
libgcc/
* config/aarch64/value-unwind.h (aarch64_vg): New function.
(DWARF_LAZY_REGISTER_VALUE): Define.
* unwind-dw2.c (_Unwind_GetGR): Use DWARF_LAZY_REGISTER_VALUE
to provide a fallback register value.
gcc/testsuite/
* g++.target/aarch64/sve/aarch64-sve.exp: New harness.
* g++.target/aarch64/sve/catch_1.C: New test.
* g++.target/aarch64/sve/catch_2.C: Likewise.
* g++.target/aarch64/sve/catch_3.C: Likewise.
* g++.target/aarch64/sve/catch_4.C: Likewise.
* g++.target/aarch64/sve/catch_5.C: Likewise.
* g++.target/aarch64/sve/catch_6.C: Likewise.
Reviewed-by: James Greenhalgh <james.greenhalgh@arm.com>
From-SVN: r256615