[RFC PATCH, binutils, ARM 8/11, ping2] Add support for ARMv8-M Secure Gateway veneer generation
Thomas Preudhomme
thomas.preudhomme@foss.arm.com
Tue Jul 26 11:07:00 GMT 2016
Hi Richard,
Ping?
Best regards,
Thomas
On Thursday 14 July 2016 10:14:57 Thomas Preudhomme wrote:
> Hi Richard,
>
> On Thursday 07 July 2016 16:27:27 Thomas Preudhomme wrote:
> > On Thursday 07 July 2016 11:52:56 Richard Earnshaw wrote:
> > > + As per "ARMv8-M Security Extensions: Requirements on Development
> > > Tools"
> > > + document, a secure gateway veneer is needed when there exists a
> > > non-local
> > > + function symbol called "normal" symbol (eg. foo) with the same value
> > > as a
> > > + symbol with the same type, binding a name save for a __acle_se_
> > > prefix,
> > > + called a "special" symbol (eg. __acle_se_foo). Entry functions
> > > handling + with secure state transition by themselves have these
> > > symbols with different
> > > + values.
> > >
> > >
> > > This is very unclear as to what is being/needs to be done. Can you try
> > > redrafting it?
> >
> > What do you think of the attached updated patch?
>
> Ping?
>
> > By the way, I realized I did not copy over the explanation for the changes
> > to elf32_arm_get_plt_info from the original patch submission. I'm adding
> > the full cover letter again here to have all the information in one email
> > in the archive.
> >
> >
> >
> > This patch is part of a patch series to add support for ARMv8-M security
> > extension[1] to GNU ld. This specific patch adds support for creating
> > ARMv8-M Secure Gateway veneers.
> >
> > ARM v8-M security extensions require [3] secure gateway veneers to be
> > generated for (secure) entry function in order for code to transition from
> > non-secure state to secure state when calling these entry function. Unlike
> > other veneers, these veneers are generated independently of relocations,
> > ie
> > a veneer can be generated in the absence of relocation. The condition for
> > the generation is that the normal symbol (the one whose name is the same
> > as
> > in C) of an entry function has the same value as the special symbol
> > (normal
> > symbol prefixed with "__acle_se_"). When that happens, the normal symbol
> > is
> > rebound to the veneer generated. When the two symbols have different value
> > it indicates that the entry function already contains an sg instruction to
> > do the secure state transition and the normal symbol points to the sg
> > instruction while the special symbol points after that.
> >
> > This patch also makes use of the infrastructure laid out in previous
> > patches to control the address of these veneers and to avoid the presence
> > of the bit pattern of the SG instruction in non secure callable memory,
> > as required [4] [5].
> >
> > Finally, the patch also contains a small change to elf32_arm_get_plt_info
> > () to return FALSE when there is no PLT, ensuring that a NULL splt is not
> > dereferenced in the block starting with "If the call goes through" in
> > elf32_arm_final_relocate (). This was not necessary before because
> > root_plt-
> >
> > >offset is set to -1 in elf32_arm_adjust_dynamic_symbol called by
> >
> > _bfd_elf_adjust_dynamic_symbol from bfd_elf_size_dynamic_sections when
> > dynobj is not NULL. However, dynobj is set in elf32_arm_check_relocs which
> > is not called when there is no relocation in the input section. Such a
> > situation is possible while still invoking elf32_arm_final_relocate () due
> > to SG veneers being created in the absence of relocation but needing
> > themselves relocation.
> >
> > [1] Software requirements for ARMv8-M security extension are described in
> > document ARM-ECM-0359818 [2]
> > [2] Available on http://infocenter.arm.com in Developer guides and
> > articles
> >
> > > Software development > ARM®v8-M Security Extensions: Requirements on
> >
> > Development Tools
> > [3] See section 3.4.3 and requirement 44 of ARM-ECM-0359818 [2]
> > [4] requirement 14 and following comment of ARM-ECM-0359818 [2]
> > [5] requirement 12 and 13 and following comment of ARM-ECM-0359818 [2]
> >
> >
> > ChangeLog entries remain unchanged:
> >
> > *** bfd/ChangeLog ***
> >
> > 2016-05-04 Thomas Preud'homme <thomas.preudhomme@arm.com>
> >
> > * elf32-arm.c (CMSE_PREFIX): Define macro.
> > (elf32_arm_stub_cmse_branch_thumb_only): Define stub sequence.
> > (cmse_branch_thumb_only): Declare stub.
> > (struct elf32_arm_link_hash_table): Define cmse_stub_sec field.
> > (elf32_arm_get_plt_info): Add globals parameter. Use it to return
> > FALSE if there is no PLT.
> > (arm_type_of_stub): Adapt to new elf32_arm_get_plt_info signature.
> > (elf32_arm_final_link_relocate): Likewise.
> > (elf32_arm_gc_sweep_hook): Likewise.
> > (elf32_arm_gc_mark_extra_sections): Mark sections holding ARMv8-M
> > secure entry functions.
> > (arm_stub_is_thumb): Add case for arm_stub_cmse_branch_thumb_only.
> > (arm_dedicated_stub_output_section_required): Change to a switch
> >
> > case and add a case for arm_stub_cmse_branch_thumb_only.
> >
> > (arm_dedicated_stub_output_section_required_alignment): Likewise.
> > (arm_stub_dedicated_output_section_name): Likewise.
> > (arm_stub_dedicated_input_section_ptr): Likewise and remove
> > ATTRIBUTE_UNUSED for htab parameter.
> > (arm_stub_required_alignment): Likewise.
> > (arm_stub_sym_claimed): Likewise.
> > (arm_dedicated_stub_section_padding): Likewise.
> > (cmse_scan): New function.
> > (elf32_arm_size_stubs): Call cmse_scan for ARM M profile targets.
> > Set stub_changed to TRUE if such veneers were created.
> > (elf32_arm_swap_symbol_in): Add detection code for CMSE special
> > symbols.
> >
> > *** include/elf/ChangeLog ***
> >
> > 2015-12-16 Thomas Preud'homme <thomas.preudhomme@arm.com>
> >
> > * arm.h (ARM_GET_SYM_CMSE_SPCL): Define macro.
> > (ARM_SET_SYM_CMSE_SPCL): Likewise.
> >
> > *** ld/ChangeLog ***
> >
> > 2016-02-17 Thomas Preud'homme <thomas.preudhomme@arm.com>
> >
> > * ld.texinfo (Placement of SG veneers): New concept entry.
> > * testsuite/ld-arm/arm-elf.exp
> > (Secure gateway veneers: no .gnu.sgstubs section): New test.
> > (Secure gateway veneers: wrong entry functions): Likewise.
> > (Secure gateway veneers (ARMv8-M Baseline)): Likewise.
> > (Secure gateway veneers (ARMv8-M Mainline)): Likewise.
> > * testsuite/ld-arm/cmse-veneers.s: New file.
> > * testsuite/ld-arm/cmse-veneers.d: Likewise.
> > * testsuite/ld-arm/cmse-veneers.rd: Likewise.
> > * testsuite/ld-arm/cmse-veneers.sd: Likewise.
> > * testsuite/ld-arm/cmse-veneers-no-gnu_sgstubs.out: Likewise.
> > * testsuite/ld-arm/cmse-veneers-wrong-entryfct.out: Likewise.
> >
> > Best regards,
> >
> > Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sg_veneers_support.patch
Type: text/x-patch
Size: 28720 bytes
Desc: not available
URL: <https://sourceware.org/pipermail/binutils/attachments/20160726/db8d1492/attachment.bin>
More information about the Binutils
mailing list