Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ARM: Align stack pointer to support SCTLR_EL1.SA0 #495

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

ARM: Align stack pointer to support SCTLR_EL1.SA0 #495

wants to merge 2 commits into from

Conversation

ayrtonm
Copy link
Contributor

@ayrtonm ayrtonm commented Jan 7, 2025
edited
Loading

It seems that the pixel's kernel sets SCTLR_EL1.SA0 (unconditionally?) so stack accesses at EL0 must be aligned to 16 bytes. This fixes a few accesses in our handwritten asm to enable running the minimal test on MTE-enabled hardware. There are likely some stack accesses in the callgates that also need to be fixed and I'd like to fix the TODO in allocate_stack before merging this (@fw-immunant any ideas there?). I checked that when the minimal test binary is run from a tmpfs MTE protection for its writeable file-backed mappings are enforced (see #469).

@ayrtonm ayrtonm requested a review from fw-immunant January 7, 2025 04:04
@ayrtonm ayrtonm mentioned this pull request Jan 7, 2025
Open
@fw-immunant
Copy link
Contributor

It turns out we must do this regardless of the kernel SCTLR flags because it's required by the AArch64 ABI and assumed by LLVM when performing codegen:

I thought it was an LLVM codegen bug but it turns out LLVM was relying on the "sp is always 16B-aligned" guarantee when emitting instructions so it knew it was safe to AND an sp-derived pointer by #0xfffffffffffff0 (note trailing 0) while tagging it

(from here)

I had locally made changes equivalent to the allocate_stack change here, so r+ on that account. But I don't understand the second commit here--can it have a comment explaining why a dummy register should be pushed and popped? What failures/problems occur without this commit?

@ayrtonm
Copy link
Contributor Author

ayrtonm commented Jan 7, 2025

I had locally made changes equivalent to the allocate_stack change here, so r+ on that account.

Do some accesses/calls in the call gates assume the initial stack pointer mod 16 is 8?

@fw-immunant
Copy link
Contributor

I had locally made changes equivalent to the allocate_stack change here, so r+ on that account.

Do some accesses/calls in the call gates assume the initial stack pointer mod 16 is 8?

On x86_64, I'm pretty sure call gates don't rely on this because they don't use aligned mov instructions, but the more relevant case (where I'm seeing errors in the structs test) is AArch64, and I'm less familiar with that code. We do some padding based on count of registers, and that might be at fault for the issues I see on my branch. But I don't think that's a concern of this PR, is it?

fw-immunant
fw-immunant requested changes Jan 13, 2025
View reviewed changes
Copy link
Contributor

@fw-immunant fw-immunant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please document why we should push a dummy register as well as the old stack pointer. Otherwise looks good.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fw-immunant fw-immunant fw-immunant requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ayrtonm @fw-immunant