[RFC PATCH, binutils, ARM 8/11, ping3] Add support for ARMv8-M Secure Gateway veneer generation

Thomas Preudhomme thomas.preudhomme@foss.arm.com
Wed Aug 3 08:52:00 GMT 2016 

Hi Richard,

How do you find the reworded comment for cmse_scan?

Best regards,

Thomas

On Tuesday 26 July 2016 12:07:26 Thomas Preudhomme wrote:
> Hi Richard,
> 
> Ping?
> 
> Best regards,
> 
> Thomas
> 
> On Thursday 14 July 2016 10:14:57 Thomas Preudhomme wrote:
> > Hi Richard,
> > 
> > On Thursday 07 July 2016 16:27:27 Thomas Preudhomme wrote:
> > > On Thursday 07 July 2016 11:52:56 Richard Earnshaw wrote:
> > > > +   As per "ARMv8-M Security Extensions: Requirements on Development
> > > > Tools"
> > > > +   document, a secure gateway veneer is needed when there exists a
> > > > non-local
> > > > +   function symbol called "normal" symbol (eg. foo) with the same
> > > > value
> > > > as a
> > > > +   symbol with the same type, binding a name save for a __acle_se_
> > > > prefix,
> > > > +   called a "special" symbol (eg. __acle_se_foo).  Entry functions
> > > > handling +   with secure state transition by themselves have these
> > > > symbols with different
> > > > +   values.
> > > > 
> > > > 
> > > > This is very unclear as to what is being/needs to be done.  Can you
> > > > try
> > > > redrafting it?
> > > 
> > > What do you think of the attached updated patch?
> > 
> > Ping?
> > 
> > > By the way, I realized I did not copy over the explanation for the
> > > changes
> > > to elf32_arm_get_plt_info from the original patch submission. I'm adding
> > > the full cover letter again here to have all the information in one
> > > email
> > > in the archive.
> > > 
> > > 
> > > 
> > > This patch is part of a patch series to add support for ARMv8-M security
> > > extension[1] to GNU ld. This specific patch adds support for creating
> > > ARMv8-M Secure Gateway veneers.
> > > 
> > > ARM v8-M security extensions require [3] secure gateway veneers to be
> > > generated for (secure) entry function in order for code to transition
> > > from
> > > non-secure state to secure state when calling these entry function.
> > > Unlike
> > > other veneers, these veneers are generated independently of relocations,
> > > ie
> > > a veneer can be generated in the absence of relocation. The condition
> > > for
> > > the generation is that the normal symbol (the one whose name is the same
> > > as
> > > in C) of an entry function has the same value as the special symbol
> > > (normal
> > > symbol prefixed with "__acle_se_"). When that happens, the normal symbol
> > > is
> > > rebound to the veneer generated. When the two symbols have different
> > > value
> > > it indicates that the entry function already contains an sg instruction
> > > to
> > > do the secure state transition and the normal symbol points to the sg
> > > instruction while the special symbol points after that.
> > > 
> > > This patch also makes use of the infrastructure laid out in previous
> > > patches to control the address of these veneers and to avoid the
> > > presence
> > > of the bit pattern of the SG instruction in non secure callable memory,
> > > as required [4] [5].
> > > 
> > > Finally, the patch also contains a small change to
> > > elf32_arm_get_plt_info
> > > () to return FALSE when there is no PLT, ensuring that a NULL splt is
> > > not
> > > dereferenced in the block starting with "If the call goes through" in
> > > elf32_arm_final_relocate (). This was not necessary before because
> > > root_plt-
> > > 
> > > >offset is set to -1 in elf32_arm_adjust_dynamic_symbol called by
> > > 
> > > _bfd_elf_adjust_dynamic_symbol from bfd_elf_size_dynamic_sections when
> > > dynobj is not NULL. However, dynobj is set in elf32_arm_check_relocs
> > > which
> > > is not called when there is no relocation in the input section. Such a
> > > situation is possible while still invoking elf32_arm_final_relocate ()
> > > due
> > > to SG veneers being created in the absence of relocation but needing
> > > themselves relocation.
> > > 
> > > [1] Software requirements for ARMv8-M security extension are described
> > > in
> > > document ARM-ECM-0359818 [2]
> > > [2] Available on http://infocenter.arm.com in Developer guides and
> > > articles
> > > 
> > > > Software development > ARM®v8-M Security Extensions: Requirements on
> > > 
> > > Development Tools
> > > [3] See section 3.4.3 and requirement 44 of ARM-ECM-0359818 [2]
> > > [4] requirement 14 and following comment of ARM-ECM-0359818 [2]
> > > [5] requirement 12 and 13 and following comment of ARM-ECM-0359818 [2]
> > > 
> > > 
> > > ChangeLog entries remain unchanged:
> > > 
> > > *** bfd/ChangeLog ***
> > > 
> > > 2016-05-04  Thomas Preud'homme  <thomas.preudhomme@arm.com>
> > > 
> > >         * elf32-arm.c (CMSE_PREFIX): Define macro.
> > >         (elf32_arm_stub_cmse_branch_thumb_only): Define stub sequence.
> > >         (cmse_branch_thumb_only): Declare stub.
> > >         (struct elf32_arm_link_hash_table): Define cmse_stub_sec field.
> > >         (elf32_arm_get_plt_info): Add globals parameter.  Use it to
> > >         return
> > >         FALSE if there is no PLT.
> > >         (arm_type_of_stub): Adapt to new elf32_arm_get_plt_info
> > >         signature.
> > >         (elf32_arm_final_link_relocate): Likewise.
> > >         (elf32_arm_gc_sweep_hook): Likewise.
> > >         (elf32_arm_gc_mark_extra_sections): Mark sections holding
> > >         ARMv8-M
> > >         secure entry functions.
> > >         (arm_stub_is_thumb): Add case for
> > >         arm_stub_cmse_branch_thumb_only.
> > >         (arm_dedicated_stub_output_section_required): Change to a switch
> > > 
> > > case and add a case for arm_stub_cmse_branch_thumb_only.
> > > 
> > >         (arm_dedicated_stub_output_section_required_alignment):
> > >         Likewise.
> > >         (arm_stub_dedicated_output_section_name): Likewise.
> > >         (arm_stub_dedicated_input_section_ptr): Likewise and remove
> > >         ATTRIBUTE_UNUSED for htab parameter.
> > >         (arm_stub_required_alignment): Likewise.
> > >         (arm_stub_sym_claimed): Likewise.
> > >         (arm_dedicated_stub_section_padding): Likewise.
> > >         (cmse_scan): New function.
> > >         (elf32_arm_size_stubs): Call cmse_scan for ARM M profile
> > >         targets.
> > >         Set stub_changed to TRUE if such veneers were created.
> > >         (elf32_arm_swap_symbol_in): Add detection code for CMSE special
> > >         symbols.
> > > 
> > > *** include/elf/ChangeLog ***
> > > 
> > > 2015-12-16  Thomas Preud'homme  <thomas.preudhomme@arm.com>
> > > 
> > >         * arm.h (ARM_GET_SYM_CMSE_SPCL): Define macro.
> > >         (ARM_SET_SYM_CMSE_SPCL): Likewise.
> > > 
> > > *** ld/ChangeLog ***
> > > 
> > > 2016-02-17  Thomas Preud'homme  <thomas.preudhomme@arm.com>
> > > 
> > >         * ld.texinfo (Placement of SG veneers): New concept entry.
> > >         * testsuite/ld-arm/arm-elf.exp
> > >         (Secure gateway veneers: no .gnu.sgstubs section): New test.
> > >         (Secure gateway veneers: wrong entry functions): Likewise.
> > >         (Secure gateway veneers (ARMv8-M Baseline)): Likewise.
> > >         (Secure gateway veneers (ARMv8-M Mainline)): Likewise.
> > >         * testsuite/ld-arm/cmse-veneers.s: New file.
> > >         * testsuite/ld-arm/cmse-veneers.d: Likewise.
> > >         * testsuite/ld-arm/cmse-veneers.rd: Likewise.
> > >         * testsuite/ld-arm/cmse-veneers.sd: Likewise.
> > >         * testsuite/ld-arm/cmse-veneers-no-gnu_sgstubs.out: Likewise.
> > >         * testsuite/ld-arm/cmse-veneers-wrong-entryfct.out: Likewise.
> > > 
> > > Best regards,
> > > 
> > > Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sg_veneers_support.patch
Type: text/x-patch
Size: 28720 bytes
Desc: not available
URL: <https://sourceware.org/pipermail/binutils/attachments/20160803/6361a18f/attachment.bin>

More information about the Binutils mailing list