diff mbox series

[committed,2/6] arm: testsuite: improve detection of CMSE hardware.

Message ID 20210824105928.3869183-3-rearnsha@arm.com
State New
Headers show
Series arm: mitigation for CVE-2021-35465 | expand

Commit Message

Richard Earnshaw Aug. 24, 2021, 10:59 a.m. UTC 
The test for CMSE support being available in hardware currently
relies on the compiler not optimizing away a secure gateway operation.
But even that is suspect, because the SG instruction is just a NOP
on armv8-m implementations that do not support the security extension.

Replace the existing test with a new one that reads and checks
the appropriate hardware feature register (memory mapped).  This has
to be run from secure mode, but that shouldn't matter, because if we
can't do that we can't really test the CMSE extensions anyway.  We
retain the SG instruction to ensure the test can't pass accidentally
if run on pre-armv8-m devices.

gcc/testsuite:
	* lib/target-supports.exp (check_effective_target_arm_cmse_hw):
	Check the CMSE feature register, rather than relying on the
	SG operation causing an execution fault.
---
 gcc/testsuite/lib/target-supports.exp | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)
diff mbox series

Patch

diff --git a/gcc/testsuite/lib/target-supports.exp b/gcc/testsuite/lib/target-supports.exp
index 66ce48d7dfd..06f5b1eb54d 100644
--- a/gcc/testsuite/lib/target-supports.exp
+++ b/gcc/testsuite/lib/target-supports.exp
@@ -4878,15 +4878,16 @@  proc check_effective_target_arm_cmse_ok {} {
 
 proc check_effective_target_arm_cmse_hw { } {
     return [check_runtime arm_cmse_hw_available {
-	int __attribute__ ((cmse_nonsecure_entry)) ns_func(void)
-	{
-	    return 0;
-	}
 	int main (void)
 	{
-	    return ns_func();
-	}
-    } "-mcmse -Wl,--section-start,.gnu.sgstubs=0x00400000"]
+	    unsigned id_pfr1;
+	    asm ("ldr\t%0, =0xe000ed44\n" \
+		 "ldr\t%0, [%0]\n" \
+		 "sg" : "=l" (id_pfr1));
+	    /* Exit with code 0 iff security extension is available.  */
+	    return !(id_pfr1 & 0xf0);
+	}
+    } "-mcmse"]
 }
 # Return 1 if the target supports executing MVE instructions, 0
 # otherwise.