[meta-arm,8/9] gem5: Backport pointer authentication fixes

Submitted by Diego Sueiro on Sept. 3, 2020, 11:40 a.m. | Patch ID: 176006

Details

Message ID 841931e4c6482d21c1cad92088036699fcf72b6f.1599133172.git.diego.sueiro@arm.com
State New
Headers show

Commit Message

Diego Sueiro Sept. 3, 2020, 11:40 a.m.
Change-Id: I5152895f992e9bc85b24a9190e4affb3c74e44cd
Issue-ID: SCM-899
Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
---
 ...0002-arch-arm-Introduce-HavePACExt-helper.patch |  55 +++++++
 ...PAC-is-implemented-before-executing-insts.patch | 174 +++++++++++++++++++++
 .../gem5/gem5-aarch64-native_20.bb                 |   5 +-
 3 files changed, 233 insertions(+), 1 deletion(-)
 create mode 100644 meta-gem5/recipes-devtools/gem5/gem5-aarch64-native/0002-arch-arm-Introduce-HavePACExt-helper.patch
 create mode 100644 meta-gem5/recipes-devtools/gem5/gem5-aarch64-native/0003-arch-arm-Check-if-PAC-is-implemented-before-executing-insts.patch

Patch hide | download patch | download mbox

diff --git a/meta-gem5/recipes-devtools/gem5/gem5-aarch64-native/0002-arch-arm-Introduce-HavePACExt-helper.patch b/meta-gem5/recipes-devtools/gem5/gem5-aarch64-native/0002-arch-arm-Introduce-HavePACExt-helper.patch
new file mode 100644
index 0000000..9d46f8a
--- /dev/null
+++ b/meta-gem5/recipes-devtools/gem5/gem5-aarch64-native/0002-arch-arm-Introduce-HavePACExt-helper.patch
@@ -0,0 +1,55 @@ 
+Upstream-Status: Backport [https://gem5.googlesource.com/public/gem5/+/6d15745532df2dd306ecc15bd0e9f79914be1682]
+Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
+
+From 6d15745532df2dd306ecc15bd0e9f79914be1682 Mon Sep 17 00:00:00 2001
+From: Giacomo Travaglini <giacomo.travaglini@arm.com>
+Date: Tue, 25 Aug 2020 12:15:17 +0100
+Subject: [PATCH] arch-arm: Introduce HavePACExt helper
+
+This will check for presence of pointer authentication extension.
+According to the reference manual, Pointer authentication is
+implemented if the value of at least one of
+
+ID_AA64ISAR1_EL1.{APA, API, GPA, GPI}
+
+is not 0b0000.
+
+Change-Id: I4e98e65758e8edc953794e5b618d2c6c3f6000ae
+Signed-off-by: Giacomo Travaglini <giacomo.travaglini@arm.com>
+Reviewed-on: https://gem5-review.googlesource.com/c/public/gem5/+/33454
+Reviewed-by: Andreas Sandberg <andreas.sandberg@arm.com>
+Maintainer: Andreas Sandberg <andreas.sandberg@arm.com>
+Tested-by: kokoro <noreply+kokoro@google.com>
+---
+
+diff --git a/src/arch/arm/utility.cc b/src/arch/arm/utility.cc
+index ad0a3da..a189c4a 100644
+--- a/src/arch/arm/utility.cc
++++ b/src/arch/arm/utility.cc
+@@ -315,6 +315,14 @@
+ }
+ 
+ bool
++HavePACExt(ThreadContext *tc)
++{
++    AA64ISAR1 id_aa64isar1 = tc->readMiscReg(MISCREG_ID_AA64ISAR1_EL1);
++    return id_aa64isar1.api | id_aa64isar1.apa |
++        id_aa64isar1.gpi | id_aa64isar1.gpa;
++}
++
++bool
+ HaveVirtHostExt(ThreadContext *tc)
+ {
+     AA64MMFR1 id_aa64mmfr1 = tc->readMiscReg(MISCREG_ID_AA64MMFR1_EL1);
+diff --git a/src/arch/arm/utility.hh b/src/arch/arm/utility.hh
+index f00f606..f17ebc5 100644
+--- a/src/arch/arm/utility.hh
++++ b/src/arch/arm/utility.hh
+@@ -151,6 +151,7 @@
+     return opModeToEL((OperatingMode) (uint8_t)cpsr.mode);
+ }
+ 
++bool HavePACExt(ThreadContext *tc);
+ bool HaveVirtHostExt(ThreadContext *tc);
+ bool HaveSecureEL2Ext(ThreadContext *tc);
+ bool IsSecureEL2Enabled(ThreadContext *tc);
diff --git a/meta-gem5/recipes-devtools/gem5/gem5-aarch64-native/0003-arch-arm-Check-if-PAC-is-implemented-before-executing-insts.patch b/meta-gem5/recipes-devtools/gem5/gem5-aarch64-native/0003-arch-arm-Check-if-PAC-is-implemented-before-executing-insts.patch
new file mode 100644
index 0000000..4410d97
--- /dev/null
+++ b/meta-gem5/recipes-devtools/gem5/gem5-aarch64-native/0003-arch-arm-Check-if-PAC-is-implemented-before-executing-insts.patch
@@ -0,0 +1,174 @@ 
+Upstream-Status: Backport [https://gem5.googlesource.com/public/gem5/+/b50d61fb9ff5d94f401af98bb0b7f8e25d21d012]
+Signed-off-by: Diego Sueiro <diego.sueiro@arm.com>
+
+From b50d61fb9ff5d94f401af98bb0b7f8e25d21d012 Mon Sep 17 00:00:00 2001
+From: Giacomo Travaglini <giacomo.travaglini@arm.com>
+Date: Tue, 25 Aug 2020 13:10:23 +0100
+Subject: [PATCH] arch-arm: Check if PAC is implemented before executing insts
+
+If Armv8.3-PAuth (PAC) extension is not supported, most instrucions
+will trigger an Undefined Instruction fault; except for a group of
+them living in the HINT space; those should be treated as NOP.
+
+Change-Id: Idec920ed15e0310ec9132a3cb3701cdb7e7cf9d1
+Signed-off-by: Giacomo Travaglini <giacomo.travaglini@arm.com>
+Reviewed-on: https://gem5-review.googlesource.com/c/public/gem5/+/33455
+Reviewed-by: Andreas Sandberg <andreas.sandberg@arm.com>
+Maintainer: Andreas Sandberg <andreas.sandberg@arm.com>
+Tested-by: kokoro <noreply+kokoro@google.com>
+---
+
+diff --git a/src/arch/arm/isa/insts/pauth.isa b/src/arch/arm/isa/insts/pauth.isa
+index 4c5b371..4806e6a 100644
+--- a/src/arch/arm/isa/insts/pauth.isa
++++ b/src/arch/arm/isa/insts/pauth.isa
+@@ -1,5 +1,6 @@
+ // -*- mode:c++ -*-
+ 
++// Copyright (c) 2020 ARM Limited
+ // Copyright (c) 2020 Metempsy Technology Consulting
+ // All rights reserved
+ //
+@@ -41,20 +42,39 @@
+     decoder_output = ""
+     exec_output = ""
+ 
++    def pacEnabledCode(hint):
++        if hint:
++            code = """
++                if (!HavePACExt(xc->tcBase())) {
++                    return NoFault;
++                }
++                """
++        else:
++            code = """
++                if (!HavePACExt(xc->tcBase())) {
++                    return std::make_shared<UndefinedInstruction>(
++                        machInst, true);
++                }
++                """
++        return code
+ 
+-    def buildPauthObject(mnem, templateBase, opcode, optArgs=[]):
++    def buildPauthObject(mnem, templateBase, opcode, hint, optArgs=[]):
+         global header_output, decoder_output, exec_output
+-        pac_code = '''//uint64_t val = 0;
+-                uint64_t res;
+-                fault = %(op)s(xc->tcBase(), %(op1)s, %(op2)s, &res);
+-                XDest = res;
+-                '''
++        pac_code = '''
++            %(enabled)s
++
++            uint64_t res;
++            fault = %(op)s(xc->tcBase(), %(op1)s, %(op2)s, &res);
++            XDest = res;
++            '''
+         if templateBase=='DataX2Reg':
+-            code = pac_code % {"op1": 'Op164',
++            code = pac_code % {"enabled": pacEnabledCode(hint),
++                               "op1": 'Op164',
+                                "op2": 'Op264',
+                                "op":  opcode }
+         else:
+-            code = pac_code % {"op1": 'XDest',
++            code = pac_code % {"enabled": pacEnabledCode(hint),
++                               "op1": 'XDest',
+                                "op2": 'Op164',
+                                "op":  opcode }
+ 
+@@ -63,13 +83,15 @@
+         decoder_output += eval(templateBase + "Constructor").subst(iop)
+         exec_output += BasicExecute.subst(iop)
+ 
+-    def buildXPauthObject(mnem, optArgs=[]):
++    def buildXPauthObject(mnem, hint, optArgs=[]):
+         global header_output, decoder_output, exec_output
+         templateBase = "XPauthOpRegReg"
+ 
+-        code =  'uint64_t res;\n'\
+-                'fault = stripPAC(xc->tcBase(), XDest, data, &res);\n'
+-        code += 'XDest = res;'
++        code = pacEnabledCode(hint) + """
++            uint64_t res;
++            fault = stripPAC(xc->tcBase(), XDest, data, &res);
++            XDest = res;
++            """
+         regoptype = 'RegOp'
+ 
+         iop = InstObjParams(mnem, mnem, regoptype, code, optArgs)
+@@ -78,42 +100,42 @@
+         exec_output += BasicExecute.subst(iop)
+ 
+ 
+-    buildPauthObject("Pacda",  "DataX1Reg", 'addPACDA')
+-    buildPauthObject("Pacdza", "DataX1Reg", 'addPACDA')
+-    buildPauthObject("Pacdb",  "DataX1Reg", 'addPACDB')
+-    buildPauthObject("Pacdzb", "DataX1Reg", 'addPACDB')
+-    buildPauthObject("Pacga",  "DataX2Reg", 'addPACGA')
++    buildPauthObject("Pacda",  "DataX1Reg", 'addPACDA', hint=False)
++    buildPauthObject("Pacdza", "DataX1Reg", 'addPACDA', hint=False)
++    buildPauthObject("Pacdb",  "DataX1Reg", 'addPACDB', hint=False)
++    buildPauthObject("Pacdzb", "DataX1Reg", 'addPACDB', hint=False)
++    buildPauthObject("Pacga",  "DataX2Reg", 'addPACGA', hint=False)
+ 
+-    buildPauthObject("Pacia",     "DataX1Reg", 'addPACIA')
+-    buildPauthObject("Pacia1716", "DataX1Reg", 'addPACIA')
+-    buildPauthObject("Paciasp",   "DataX1Reg", 'addPACIA')
+-    buildPauthObject("Paciaz",    "DataX1Reg", 'addPACIA')
+-    buildPauthObject("Paciza",    "DataX1Reg", 'addPACIA')
++    buildPauthObject("Pacia",     "DataX1Reg", 'addPACIA', hint=False)
++    buildPauthObject("Pacia1716", "DataX1Reg", 'addPACIA', hint=True)
++    buildPauthObject("Paciasp",   "DataX1Reg", 'addPACIA', hint=True)
++    buildPauthObject("Paciaz",    "DataX1Reg", 'addPACIA', hint=True)
++    buildPauthObject("Paciza",    "DataX1Reg", 'addPACIA', hint=False)
+ 
+-    buildPauthObject("Pacib",     "DataX1Reg", 'addPACIB')
+-    buildPauthObject("Pacib1716", "DataX1Reg", 'addPACIB')
+-    buildPauthObject("Pacibsp",   "DataX1Reg", 'addPACIB')
+-    buildPauthObject("Pacibz",    "DataX1Reg", 'addPACIB')
+-    buildPauthObject("Pacizb",    "DataX1Reg", 'addPACIB')
++    buildPauthObject("Pacib",     "DataX1Reg", 'addPACIB', hint=False)
++    buildPauthObject("Pacib1716", "DataX1Reg", 'addPACIB', hint=True)
++    buildPauthObject("Pacibsp",   "DataX1Reg", 'addPACIB', hint=True)
++    buildPauthObject("Pacibz",    "DataX1Reg", 'addPACIB', hint=True)
++    buildPauthObject("Pacizb",    "DataX1Reg", 'addPACIB', hint=False)
+ 
+-    buildPauthObject("Autda",     "DataX1Reg", 'authDA')
+-    buildPauthObject("Autdza",    "DataX1Reg", 'authDA')
+-    buildPauthObject("Autdb",     "DataX1Reg", 'authDB')
+-    buildPauthObject("Autdzb",    "DataX1Reg", 'authDB')
++    buildPauthObject("Autda",     "DataX1Reg", 'authDA', hint=False)
++    buildPauthObject("Autdza",    "DataX1Reg", 'authDA', hint=False)
++    buildPauthObject("Autdb",     "DataX1Reg", 'authDB', hint=False)
++    buildPauthObject("Autdzb",    "DataX1Reg", 'authDB', hint=False)
+ 
+-    buildPauthObject("Autia",     "DataX1Reg", 'authIA')
+-    buildPauthObject("Autia1716", "DataX1Reg", 'authIA')
+-    buildPauthObject("Autiasp",   "DataX1Reg", 'authIA')
+-    buildPauthObject("Autiaz",    "DataX1Reg", 'authIA')
+-    buildPauthObject("Autiza",    "DataX1Reg", 'authIA')
++    buildPauthObject("Autia",     "DataX1Reg", 'authIA', hint=False)
++    buildPauthObject("Autia1716", "DataX1Reg", 'authIA', hint=True)
++    buildPauthObject("Autiasp",   "DataX1Reg", 'authIA', hint=True)
++    buildPauthObject("Autiaz",    "DataX1Reg", 'authIA', hint=True)
++    buildPauthObject("Autiza",    "DataX1Reg", 'authIA', hint=False)
+ 
+-    buildPauthObject("Autib",     "DataX1Reg", 'authIB')
+-    buildPauthObject("Autib1716", "DataX1Reg", 'authIB')
+-    buildPauthObject("Autibsp",   "DataX1Reg", 'authIB')
+-    buildPauthObject("Autibz",    "DataX1Reg", 'authIB')
+-    buildPauthObject("Autizb",    "DataX1Reg", 'authIB')
++    buildPauthObject("Autib",     "DataX1Reg", 'authIB', hint=False)
++    buildPauthObject("Autib1716", "DataX1Reg", 'authIB', hint=True)
++    buildPauthObject("Autibsp",   "DataX1Reg", 'authIB', hint=True)
++    buildPauthObject("Autibz",    "DataX1Reg", 'authIB', hint=True)
++    buildPauthObject("Autizb",    "DataX1Reg", 'authIB', hint=False)
+ 
+-    buildXPauthObject("Xpacd")
+-    buildXPauthObject("Xpaci")
+-    buildXPauthObject("Xpaclri")
++    buildXPauthObject("Xpacd", hint=False)
++    buildXPauthObject("Xpaci", hint=False)
++    buildXPauthObject("Xpaclri", hint=True)
+ }};
diff --git a/meta-gem5/recipes-devtools/gem5/gem5-aarch64-native_20.bb b/meta-gem5/recipes-devtools/gem5/gem5-aarch64-native_20.bb
index 638baf3..101e6ef 100644
--- a/meta-gem5/recipes-devtools/gem5/gem5-aarch64-native_20.bb
+++ b/meta-gem5/recipes-devtools/gem5/gem5-aarch64-native_20.bb
@@ -4,7 +4,10 @@  LIC_FILES_CHKSUM = "file://COPYING;md5=2d9514d69d8abf88b6e9125e759bf0ab \
                     file://LICENSE;md5=a585e2893cee63d16a1d8bc16c6297ec"
 
 SRC_URI = "git://gem5.googlesource.com/public/gem5;protocol=https;nobranch=1 \
-           file://0001-scons-Add-MARSHAL_XXFLAGS_EXTRA-for-the-marshal-object.patch"
+           file://0001-scons-Add-MARSHAL_XXFLAGS_EXTRA-for-the-marshal-object.patch \
+           file://0002-arch-arm-Introduce-HavePACExt-helper.patch \
+           file://0003-arch-arm-Check-if-PAC-is-implemented-before-executing-insts.patch \
+          "
 RELEASE_TAG = "v20.0.0.1"
 SRCREV = "332a9de33db603e0aefedae1e05134db4257ea3e"