[v1,0/3,libgcc] store signing key and signing method in DWARF _Unwind_FrameState

Message ID	20240719145404.683815-1-matthieu.longo@arm.com
Headers	show Return-Path: <gcc-patches-bounces~incoming=patchwork.ozlabs.org@gcc.gnu.org> DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9E3F0384A4AF Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com; pr=C Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 40.67.248.234 as permitted sender) receiver=protection.outlook.com; client-ip=40.67.248.234; helo=nebula.arm.com; pr=C From: Matthieu Longo <matthieu.longo@arm.com> To: <gcc-patches@gcc.gnu.org> CC: Richard Earnshaw <richard.earnshaw@arm.com>, Szabolcs Nagy <szabolcs.nagy@arm.com>, Jakub Jelinek <jakub@redhat.com>, Matthieu Longo <matthieu.longo@arm.com> Subject: [PATCH v1 0/3][libgcc] store signing key and signing method in DWARF _Unwind_FrameState Date: Fri, 19 Jul 2024 15:54:01 +0100 Message-ID: <20240719145404.683815-1-matthieu.longo@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain NoDisclaimer: true Precedence: list Errors-To: gcc-patches-bounces~incoming=patchwork.ozlabs.org@gcc.gnu.org
Series	store signing key and signing method in DWARF _Unwind_FrameState \| expand [v1,0/3,libgcc] store signing key and signing method in DWARF _Unwind_FrameState [v1,1/3] aarch64: store signing key and signing method in DWARF _Unwind_FrameState [v1,2/3] libgcc: hide CIE and FDE data for DWARF architecture extensions behind a handler. [v1,3/3] libgcc: update configure (regenerated by autoreconf)

Message ID

20240719145404.683815-1-matthieu.longo@arm.com

Headers

DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9E3F0384A4AF
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 63.35.35.123 as permitted sender) receiver=protection.outlook.com;
 client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
 pr=C
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates
 40.67.248.234 as permitted sender) receiver=protection.outlook.com;
 client-ip=40.67.248.234; helo=nebula.arm.com; pr=C
From: Matthieu Longo <matthieu.longo@arm.com>
To: <gcc-patches@gcc.gnu.org>
CC: Richard Earnshaw <richard.earnshaw@arm.com>, Szabolcs Nagy
 <szabolcs.nagy@arm.com>, Jakub Jelinek <jakub@redhat.com>, Matthieu Longo
 <matthieu.longo@arm.com>
Subject: [PATCH v1 0/3][libgcc] store signing key and signing method in DWARF
 _Unwind_FrameState
Date: Fri, 19 Jul 2024 15:54:01 +0100
Message-ID: <20240719145404.683815-1-matthieu.longo@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
NoDisclaimer: true
X-Microsoft-Antispam-Message-Info-Original: 
 QTOnODpB9gTlPlAuqs3dYotGhDmGn2ncn8nTWjgQxylUdWiuxEEMkHX5ZuL/T7ymc2Zh6IT4EOoyujXA4z0Tre+23VLVfGzU6PqU0YCop9EokFkVBlzEC5tr+Pqy18i/fcdftSYErPxI5bNsoebTFq+VLa7MxbX4Hgc8HccvMlNOt47ElFYKPtWMYl77uWeRu5UyJGOSTiirmlP3zt2dG0IAVYQxpDkcPOxrHy3PGLlzCFQdUZT2Etpiw9GfS1iEdLUOSMP+6usE14y5A4Tks6FGbNpiDP11GlMwAmhEbGc7k/u2qsmlyLgTIgytPkSTj3CsZ4ygYJsaOG56jsRE2FV/+sKhTKh+An/MACPMwvv8waxkbOFcKP9A+Xj0HB1aNPp3UhCzNkq2KsdMRRvuK5w+C0rhrPeET3SXzlV5LQlp5wTKoJGUEj+GzeblcZMyNCXg/2Rf6ctdsRdj917ibiVaWTNUkbqP8Rc+m9Qz9dHzeM/fv4bkdrNnlhJzjstn3rrTlWG8POs4k9v0ze003hKfLH663AP4gca2vpuiLsXCq9YQE2SDjIqzf2s81gehnl5OdBmmjFJ14PFND/7o3PEY7TU+5Cp7yq8BPgRGXmpPZscJa+WNRItv26RExtxks/OB3TIauoTRFb10wSfQmfP+fEYVx4bf8CBZ0kY+YprwboGIyrj3RaHnc/Nn4jdLeV7nrhwavr1mvnySrAR5GBgZ6BxzJioQlGiFDGUN3B8ghSVNBDCJsvZ3pzLdbnRmF9Sa4CeP+P5mcbfRFoo7ARmcRZHdaxvE8Gk56aszGMs/xr2xT9kcu4FGwdMAaTlFBmja76Xy+lFZFs8vRvL4e+d2yoi+EruJfHcSYyvxvqsPvOoS8XThMlKaAR7XDQMtlazt9JQUABs3PShIPfgJYF6JujYjFIIJD1ddSbElq8DW342EUxoAPrPcSpWxri6bcFbeEI811sb0J8c3rx876dfeXcoUaX/mwvkO9GEvEUaniKMCaiFJzzU95CV20gfgI83sjU5IAZeZLp3mXnIXZsfYn6xg877f8P9VeO5pkpirRvl2kHzqsJGsggMUfIFGPEZmhrvGUzZPmSCRV81pWReG9rV6PLUPiecZ0QVtJZaMPKdBqMtyQIeD48lJXbTig80v9v7gTeEP2nriMvbGOq2GkT4mdYGIF4nRidyYu79ITU/vRYRD2LD388gmme1jn2Bo9lyFrApEmQT9DkOyN+g138AZ2UwntM37vnB6T2QK9oZlUtG9xLbJfIskTybnhu4BiUbjH86ZTqLYDM6zmPRbtTh85kdiXSFbWrgiU8QLY+O5ZvTcxZjUusXBvTF5/FUjQ64XIcQAiAmbqHo4jMn0qA1X1cDo5IrVPCLdEJpebpqnzzJulXLnrL3hZxDa1DZwDkGgvaQbk5flSWF8tFHg6hSExaYH3wPcDnCPwIlics64HEZONLDQ7H02pONE
X-Forefront-Antispam-Report-Untrusted: CIP:40.67.248.234; CTRY:IE; LANG:en;
 SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:nebula.arm.com; PTR:InfoDomainNonexistent;
 CAT:NONE; SFS:(13230040)(1800799024)(82310400026)(36860700013)(376014);
 DIR:OUT; SFP:1101;
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU5PR08MB10550
X-MS-Exchange-SkipListedInternetSender: ip=[2603:10a6:10:4b9::26];
 domain=DUZPR01CA0280.eurprd01.prod.exchangelabs.com
X-MS-Exchange-Transport-CrossTenantHeadersStripped: 
 DB5PEPF00014B94.eurprd02.prod.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 
 18d2243f-5c88-4afb-3a8b-08dca802b5a9
X-Microsoft-Antispam: BCL:0;
 ARA:13230040|1800799024|36860700013|34020700016|35042699022|376014|82310400026;
X-Microsoft-Antispam-Message-Info: 
 4usTKxUUpZM6nj1S0AyQS7PqtC4YU2hntT8CYWRg9hsqkMdLFJiNIvRRn7hZhaGaPpjVPcxg7ac7NNLwgzSgPHWK6HtR+3HTxaeP0q5zm4LYWdqI9jVymtNKRKMUg9QFWL3Ft73/GqFowyV8gKb0NHwJQUcviuEgWrjl6eWbF53zGKvS3v00Rhg/PsLr3dc+QztsilknJQJUlvmHciYUAhWGWo5+a1jeektfGodEcg+592Gx4OyUE1oizmFx8FUWwcC+KFUn+c0SqHP9UwHeXx7F4SXRWG6I69H6otE4BEqee00fw50KZn3Y04lM7T/RZgzgWBkOzqJaP+940u88KZ7rSJHFXT8+qxvZi6iKIlDjOctGeniaIu3zTzyCVQdK+PHTfTj498rG9h8/0FUnucaeZHwX/o1awbVGmrKtSuiWiiAehrN+4OwPh4cefK65iTAMZ2fh3DCPoA6LqOcChy2Ps1pGvpbW22DBuxQvkP6+s/8Eu7G+iYL/Sw/SCDot7u5jt61cixHGpBlYs0x6WttYpQci3eQtzUH2HovxZ8IssFuCC4HAJOWtDk0fRc/nBSu5KaNj+wA0BUPYxvy+qsg3PujCfeH9t+lQoieGbqbHobGLyVEQJPJdKEcTCB18tkZ7rccCb9OTkQf+4Io19dBLVbKYY2tOAyL73hLc/rgpWjWwNartqxg8TwReNafWsCDIEjHaZZ3rlm8/WQysu/f+KIGvRZ8D5+5sFVC8SiDOHyb+A57uJM7cAML6dYfO6ed6A2af+VDDnryI24+hmG4rSEotU4x5h/vPWfGdrllSOQzkwUS1VmdH0HZ9AoBC8Y4zPIP4HWiNZoi6yLem+CJZCN0k/Xd9x9v6RwJkOoRJrhQboUdeAuwb2gw0tS25XcOZoXxwTEG41LQNCRIQijAETjgR++u/8CdOJR+NfjYVMwS3xTRCLkgo+2OEk/o8ZL+gdUlq2gQ4ggW+hUSFhLdWnjsCiiAdUO3xvqcKTL4fYRGzQcpSwkaZ1Zr7ZoPvQ+nPljp0cCXtQ9OZRfHCHzdV99jJqOk4CP1shmUpe+fSokN1U4xvWz0i2NdiCVQXEs/RhgWMSKlSfvMTq7fenvXLLFgfkBihJ8k0K35IqRte7kYCbiPYPqJ+Ggyjy7i7VgsSwnieNbysaxzy1752MvyMyqn+U4k288QpacAF8e6F3s/l0SDFlwwrg3OHZ8dtFDUUjb0p9I0Fofq3Q38V2AYfNqKcQL1DOdMzOigjnGWzFTB3HH1c50ah53D0BLb4BK/7GFoMTpMgT4YBIqDzd/2sqP9vcS0p8xkDSjVvZIYUSqSQIkfU35DF60Z0BV3gWa/QNZSHc3ou0KRlRi/MhimFxfg4kmTuOPzq3unNMBRepYzbtiOL+rQgdJHvduJ6J5U6bsgPoCStWR9XlyP6irKNFdDnw5CYMPKPIxQpz46JF0a2jkYBP8wR9ZB057kx
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:;
 IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com;
 PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE;
 SFS:(13230040)(1800799024)(36860700013)(34020700016)(35042699022)(376014)(82310400026);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 19 Jul 2024 14:54:50.7239 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 24eb5817-4c9f-49c3-7373-08dca802bdcb
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123];
 Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 DB5PEPF00014B94.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA6PR08MB10814
X-Spam-Status: No, score=-5.8 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FORGED_SPF_HELO, KAM_SHORT,
 SPF_HELO_PASS, SPF_NONE, TXREP,
 UNPARSEABLE_RELAY autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.30
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
Errors-To: gcc-patches-bounces~incoming=patchwork.ozlabs.org@gcc.gnu.org

Series

store signing key and signing method in DWARF _Unwind_FrameState | expand

Message

Matthieu Longo July 19, 2024, 2:54 p.m. UTC

This patch series is only a refactoring of the existing implementation of PAuth and returned-address signing. The existing behavior is preserved.

1. aarch64: store signing key and signing method in DWARF _Unwind_FrameState

_Unwind_FrameState already contains several CIE and FDE information (see the attributes below the comment "The information we care about from the CIE/FDE" in libgcc/unwind-dw2.h).
The patch aims at moving the information from DWARF CIE (signing key stored in the augmentation string) and FDE (the used signing method) into _Unwind_FrameState along the already-stored CIE and FDE information.
Note: those information have to be saved in frame_state_reg_info instead of _Unwind_FrameState as they need to be savable by DW_CFA_remember_state and restorable by DW_CFA_restore_state, that both rely on the attribute "prev".
Those new information in _Unwind_FrameState simplifies the look-up of the signing key when the return address is demangled. It also allows future signing methods to be easily added.
_Unwind_FrameState is not a part of the public API of libunwind, so the change is backward compatible.

A new architecture-specific handler MD_ARCH_EXTENSION_FRAME_INIT allows to reset values in the frame state and unwind context if needed by the architecture extension before changing the frame state to the caller context.
A new architecture-specific handler MD_ARCH_EXTENSION_CIE_AUG_HANDLER isolates the architecture-specific augmentation strings in AArch64 backend, and allows others architectures to reuse augmentation strings that would have clashed with AArch64 DWARF extensions.
aarch64_demangle_return_addr, DW_CFA_AARCH64_negate_ra_state and DW_CFA_val_expression cases in libgcc/unwind-dw2-execute_cfa.h were documented to clarify where the value of the RA state register is stored (FS and CONTEXT respectively).

2. libgcc: hide CIE and FDE data for DWARF architecture extensions behind a handler.

This patch provides a new handler MD_ARCH_FRAME_STATE_T to hide an architecture-specific structure containing CIE and FDE data related to DWARF architecture extensions.
Hiding the architecture-specific attributes behind a handler has the following benefits:
1. isolating those data from the generic ones in _Unwind_FrameState
2. avoiding casts to custom types.
3. preserving typing information when debugging with GDB, and so facilitating their printing.

This approach required to add a new header md-unwind-def.h included at the top of libgcc/unwind-dw2.h, and redirecting to the corresponding architecture header via a symbolic link.
An obvious drawback is the increase in complexity with macros, and headers. It also caused a split of architecture definitions between md-unwind-def.h (types definitions used in unwind-dw2.h) and md-unwind.h (local types definitions and handlers implementations).
The naming of md-unwind.h with .h extension is a bit misleading as the file is only included in the middle of unwind-dw2.c. Changing this naming would require modification of others backends, which I prefered to abstain from.
Overall the benefits are worth the added complexity from my perspective.

3. libgcc: update configure (regenerated by autoreconf)

Regenerate the build files.

## Testing

Those changes were testing by covering the 3 following cases:
- backtracing.
- exception handling in a C++ program.
- gcc/testsuite/gcc.target/aarch64/pr104689.c: pac-ret with unusual DWARF [1]

Regression tested on aarch64-unknown-linux-gnu, and no regression found.

[1]: https://gcc.gnu.org/pipermail/gcc-patches/2022-May/594414.html

Ok for master? I don't have commit access so I need someone to commit on my behalf.

Regards,
Matthieu.

Matthieu Longo (3):
aarch64: store signing key and signing method in DWARF
_Unwind_FrameState
libgcc: hide CIE and FDE data for DWARF architecture extensions behind
a handler.
libgcc: update configure (regenerated by autoreconf)

libgcc/Makefile.in | 6 +-
libgcc/config.host | 13 +-
libgcc/config/aarch64/aarch64-unwind-def.h | 41 ++++++
libgcc/config/aarch64/aarch64-unwind.h | 150 +++++++++++++++++----
libgcc/configure | 2 +
libgcc/configure.ac | 1 +
libgcc/unwind-dw2-execute_cfa.h | 34 +++--
libgcc/unwind-dw2.c | 19 ++-
libgcc/unwind-dw2.h | 19 ++-
9 files changed, 233 insertions(+), 52 deletions(-)
create mode 100644 libgcc/config/aarch64/aarch64-unwind-def.h

Comments

Matthieu Longo July 29, 2024, 10:25 a.m. UTC | #1

On 2024-07-19 15:54, Matthieu Longo wrote:
> This patch series is only a refactoring of the existing implementation of PAuth and returned-address signing. The existing behavior is preserved.
> 
> 1. aarch64: store signing key and signing method in DWARF _Unwind_FrameState
> 
> _Unwind_FrameState already contains several CIE and FDE information (see the attributes below the comment "The information we care about from the CIE/FDE" in libgcc/unwind-dw2.h).
> The patch aims at moving the information from DWARF CIE (signing key stored in the augmentation string) and FDE (the used signing method) into _Unwind_FrameState along the already-stored CIE and FDE information.
> Note: those information have to be saved in frame_state_reg_info instead of _Unwind_FrameState as they need to be savable by DW_CFA_remember_state and restorable by DW_CFA_restore_state, that both rely on the attribute "prev".
> Those new information in _Unwind_FrameState simplifies the look-up of the signing key when the return address is demangled. It also allows future signing methods to be easily added.
> _Unwind_FrameState is not a part of the public API of libunwind, so the change is backward compatible.
> 
> A new architecture-specific handler MD_ARCH_EXTENSION_FRAME_INIT allows to reset values in the frame state and unwind context if needed by the architecture extension before changing the frame state to the caller context.
> A new architecture-specific handler MD_ARCH_EXTENSION_CIE_AUG_HANDLER isolates the architecture-specific augmentation strings in AArch64 backend, and allows others architectures to reuse augmentation strings that would have clashed with AArch64 DWARF extensions.
> aarch64_demangle_return_addr, DW_CFA_AARCH64_negate_ra_state and DW_CFA_val_expression cases in libgcc/unwind-dw2-execute_cfa.h were documented to clarify where the value of the RA state register is stored (FS and CONTEXT respectively).
> 
> 2. libgcc: hide CIE and FDE data for DWARF architecture extensions behind a handler.
> 
> This patch provides a new handler MD_ARCH_FRAME_STATE_T to hide an architecture-specific structure containing CIE and FDE data related to DWARF architecture extensions.
> Hiding the architecture-specific attributes behind a handler has the following benefits:
>      1. isolating those data from the generic ones in _Unwind_FrameState
>      2. avoiding casts to custom types.
>      3. preserving typing information when debugging with GDB, and so facilitating their printing.
> 
> This approach required to add a new header md-unwind-def.h included at the top of libgcc/unwind-dw2.h, and redirecting to the corresponding architecture header via a symbolic link.
> An obvious drawback is the increase in complexity with macros, and headers. It also caused a split of architecture definitions between md-unwind-def.h (types definitions used in unwind-dw2.h) and md-unwind.h (local types definitions and handlers implementations).
> The naming of md-unwind.h with .h extension is a bit misleading as the file is only included in the middle of unwind-dw2.c. Changing this naming would require modification of others backends, which I prefered to abstain from.
> Overall the benefits are worth the added complexity from my perspective.
> 
> 3. libgcc: update configure (regenerated by autoreconf)
> 
> Regenerate the build files.
> 
> 
> ## Testing
> 
> Those changes were testing by covering the 3 following cases:
> - backtracing.
> - exception handling in a C++ program.
> - gcc/testsuite/gcc.target/aarch64/pr104689.c: pac-ret with unusual DWARF [1]
> 
> Regression tested on aarch64-unknown-linux-gnu, and no regression found.
> 
> [1]: https://gcc.gnu.org/pipermail/gcc-patches/2022-May/594414.html
> 
> 
> Ok for master? I don't have commit access so I need someone to commit on my behalf.
> 
> Regards,
> Matthieu.
> 
> 
> Matthieu Longo (3):
>    aarch64: store signing key and signing method in DWARF
>      _Unwind_FrameState
>    libgcc: hide CIE and FDE data for DWARF architecture extensions behind
>      a handler.
>    libgcc: update configure (regenerated by autoreconf)
> 
>   libgcc/Makefile.in                         |   6 +-
>   libgcc/config.host                         |  13 +-
>   libgcc/config/aarch64/aarch64-unwind-def.h |  41 ++++++
>   libgcc/config/aarch64/aarch64-unwind.h     | 150 +++++++++++++++++----
>   libgcc/configure                           |   2 +
>   libgcc/configure.ac                        |   1 +
>   libgcc/unwind-dw2-execute_cfa.h            |  34 +++--
>   libgcc/unwind-dw2.c                        |  19 ++-
>   libgcc/unwind-dw2.h                        |  19 ++-
>   9 files changed, 233 insertions(+), 52 deletions(-)
>   create mode 100644 libgcc/config/aarch64/aarch64-unwind-def.h
> 

Adding Ian in CC as he is listed as the maintainer of libgcc in 
MAINTAINERS file.