f0efd92502
At present it is possible to call the CMSE functions for checking
addresses (such as cmse_check_address_range) and forget to check/use
the return value. This patch makes the interfaces more robust against
programmer error by marking these functions with the warn_unused_result
attribute. With this set, any use of these functions that does not use
the result will produce a warning.
This produces a warning on default warn levels when the result of the
cmse functions is not used.
For the following function:
void foo()
{
int *data;
cmse_check_address_range((int*)data, 0, 0);
}
The following warning is emitted:
warning: ignoring return value of 'cmse_check_address_range' declared
with attribute 'warn_unused_result' [-Wunused-result]
6 | cmse_check_address_range((int*)data, 0, 0);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gcc/ChangeLog:
2019-07-31 Joel Hutton <Joel.Hutton@arm.com>
* config/arm/arm_cmse.h (cmse_nonsecure_caller): Add
warn_unused_result attribute.
(cmse_check_address_range): Add warn_unused_result attribute.
libgcc/ChangeLog:
2019-07-31 Joel Hutton <Joel.Hutton@arm.com>
* config/arm/cmse.c (cmse_check_address_range): Add
warn_unused_result attribute.
2019-07-31 Joel Hutton <Joel.Hutton@arm.com>
* gcc.target/arm/cmse/cmse-17.c: New test.
From-SVN: r273924
111 lines
3.5 KiB
C
111 lines
3.5 KiB
C
/* ARMv8-M Security Extensions routines.
|
|
Copyright (C) 2015-2019 Free Software Foundation, Inc.
|
|
Contributed by ARM Ltd.
|
|
|
|
This file is free software; you can redistribute it and/or modify it
|
|
under the terms of the GNU General Public License as published by the
|
|
Free Software Foundation; either version 3, or (at your option) any
|
|
later version.
|
|
|
|
This file is distributed in the hope that it will be useful, but
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
Under Section 7 of GPL version 3, you are granted additional
|
|
permissions described in the GCC Runtime Library Exception, version
|
|
3.1, as published by the Free Software Foundation.
|
|
|
|
You should have received a copy of the GNU General Public License and
|
|
a copy of the GCC Runtime Library Exception along with this program;
|
|
see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
|
|
<http://www.gnu.org/licenses/>. */
|
|
|
|
|
|
#if __ARM_FEATURE_CMSE & 1
|
|
|
|
#include <arm_cmse.h>
|
|
|
|
/* ARM intrinsic function to perform a permission check on a given
|
|
address range. See ACLE changes for ARMv8-M. */
|
|
|
|
void *
|
|
__attribute__ ((warn_unused_result))
|
|
cmse_check_address_range (void *p, size_t size, int flags)
|
|
{
|
|
cmse_address_info_t permb, perme;
|
|
char *pb = (char *) p, *pe;
|
|
|
|
/* Check if the range wraps around. */
|
|
if (__UINTPTR_MAX__ - (__UINTPTR_TYPE__) p < size)
|
|
return NULL;
|
|
|
|
/* Check if an unknown flag is present. */
|
|
int known = CMSE_MPU_UNPRIV | CMSE_MPU_READWRITE | CMSE_MPU_READ;
|
|
int known_secure_level = CMSE_MPU_UNPRIV;
|
|
#if __ARM_FEATURE_CMSE & 2
|
|
known |= CMSE_AU_NONSECURE | CMSE_MPU_NONSECURE;
|
|
known_secure_level |= CMSE_MPU_NONSECURE;
|
|
#endif
|
|
if (flags & (~known))
|
|
return NULL;
|
|
|
|
/* Execute the right variant of the TT instructions. */
|
|
pe = pb + size - 1;
|
|
const int singleCheck
|
|
= (((__UINTPTR_TYPE__) pb ^ (__UINTPTR_TYPE__) pe) < 32);
|
|
switch (flags & known_secure_level)
|
|
{
|
|
case 0:
|
|
permb = cmse_TT (pb);
|
|
perme = singleCheck ? permb : cmse_TT (pe);
|
|
break;
|
|
case CMSE_MPU_UNPRIV:
|
|
permb = cmse_TTT (pb);
|
|
perme = singleCheck ? permb : cmse_TTT (pe);
|
|
break;
|
|
#if __ARM_FEATURE_CMSE & 2
|
|
case CMSE_MPU_NONSECURE:
|
|
permb = cmse_TTA (pb);
|
|
perme = singleCheck ? permb : cmse_TTA (pe);
|
|
break;
|
|
case CMSE_MPU_UNPRIV | CMSE_MPU_NONSECURE:
|
|
permb = cmse_TTAT (pb);
|
|
perme = singleCheck ? permb : cmse_TTAT (pe);
|
|
break;
|
|
#endif
|
|
default:
|
|
/* Invalid flag, eg. CMSE_MPU_NONSECURE specified but
|
|
__ARM_FEATURE_CMSE & 2 == 0. */
|
|
return NULL;
|
|
}
|
|
|
|
/* Check that the range does not cross MPU, SAU, or IDAU boundaries. */
|
|
if (permb.value != perme.value)
|
|
return NULL;
|
|
|
|
/* Check the permissions on the range. */
|
|
switch (flags & (~known_secure_level))
|
|
{
|
|
#if __ARM_FEATURE_CMSE & 2
|
|
case CMSE_MPU_READ | CMSE_MPU_READWRITE | CMSE_AU_NONSECURE:
|
|
case CMSE_MPU_READWRITE | CMSE_AU_NONSECURE:
|
|
return permb.flags.nonsecure_readwrite_ok ? p : NULL;
|
|
case CMSE_MPU_READ | CMSE_AU_NONSECURE:
|
|
return permb.flags.nonsecure_read_ok ? p : NULL;
|
|
case CMSE_AU_NONSECURE:
|
|
return permb.flags.secure ? NULL : p;
|
|
#endif
|
|
case CMSE_MPU_READ | CMSE_MPU_READWRITE:
|
|
case CMSE_MPU_READWRITE:
|
|
return permb.flags.readwrite_ok ? p : NULL;
|
|
case CMSE_MPU_READ:
|
|
return permb.flags.read_ok ? p : NULL;
|
|
default:
|
|
return NULL;
|
|
}
|
|
}
|
|
|
|
|
|
#endif /* __ARM_FEATURE_CMSE & 1. */
|