add extern "C-cmse-nonsecure-entry" fn
#127766
Conversation
rustbot
added
A-testsuite
|
These commits modify compiler targets. Some changes occurred in diagnostic error codes This PR changes Stable MIR cc @oli-obk, @celinval, @ouz-a rust-analyzer is developed in its own repository. If possible, consider making this change to rust-lang/rust-analyzer instead. cc @rust-lang/rust-analyzer Some changes occurred in compiler/rustc_codegen_cranelift cc @bjorn3 |
rustbot
added
the
T-compiler
This comment has been minimized.
This comment has been minimized.
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
from
06fe23a
to
9d04d69
Compare
This comment has been minimized.
This comment has been minimized.
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
from
9d04d69
to
8da0efe
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
r? compiler |
…rror-messages, r=oli-obk `C-cmse-nonsecure-call`: improved error messages tracking issue: rust-lang#81391 issue for the error messages (partially implemented by this PR): rust-lang#81347 related, in that it also deals with CMSE: rust-lang#127766 When using the `C-cmse-nonsecure-call` ABI, both the arguments and return value must be passed via registers. Previously, when violating this constraint, an ugly LLVM error would be shown. Now, the rust compiler itself will print a pretty message and link to more information.
Rollup merge of rust-lang#127814 - folkertdev:c-cmse-nonsecure-call-error-messages, r=oli-obk `C-cmse-nonsecure-call`: improved error messages tracking issue: rust-lang#81391 issue for the error messages (partially implemented by this PR): rust-lang#81347 related, in that it also deals with CMSE: rust-lang#127766 When using the `C-cmse-nonsecure-call` ABI, both the arguments and return value must be passed via registers. Previously, when violating this constraint, an ugly LLVM error would be shown. Now, the rust compiler itself will print a pretty message and link to more information.
…ages, r=oli-obk `C-cmse-nonsecure-call`: improved error messages tracking issue: #81391 issue for the error messages (partially implemented by this PR): #81347 related, in that it also deals with CMSE: rust-lang/rust#127766 When using the `C-cmse-nonsecure-call` ABI, both the arguments and return value must be passed via registers. Previously, when violating this constraint, an ugly LLVM error would be shown. Now, the rust compiler itself will print a pretty message and link to more information.
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
from
af4c41b
to
87224ba
Compare
|
HIR ty lowering was modified cc @fmease |
|
We've just added nicer error message in the same style as #127814. We believe that this resolves all steps from the tracking issue. |
|
r? compiler |
|
r? compiler |
|
☔ The latest upstream changes (presumably #128435) made this pull request unmergeable. Please resolve the merge conflicts. |
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
from
87224ba
to
174830a
Compare
|
Some changes occurred in src/tools/cargo cc @ehuss |
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
from
174830a
to
7f3e2c9
Compare
|
something got comitted accidentally. no changes are now made to |
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
2 times, most recently
from
2c83b07
to
15a0a05
Compare
There was a problem hiding this comment.
We reduced the scope of the PR to only cover the replacement of #[cmse_nonsecure_entry] by extern "C-cmse-nonsecure-entry" like it was requested in the tracking issue #75835 (comment) .
We also added some comments to aid the review.
| @@ -61,6 +61,9 @@ pub(crate) fn conv_to_call_conv(sess: &Session, c: Conv, default_call_conv: Call | |||
| Conv::CCmseNonSecureCall => { | |||
| sess.dcx().fatal("C-cmse-nonsecure-call call conv is not yet implemented"); | |||
| } | |||
| Conv::CCmseNonSecureEntry => { | |||
| sess.dcx().fatal("C-cmse-nonsecure-entry call conv is not yet implemented"); | |||
There was a problem hiding this comment.
Cranelift does not support any ARM cortex-m targets anyway. So this does not change anything.
| if let Conv::CCmseNonSecureEntry = self.conv { | ||
| func_attrs.push(llvm::CreateAttrString(cx.llcx, "cmse_nonsecure_entry")) | ||
| } |
There was a problem hiding this comment.
This got moved here from compiler/rustc_codegen_llvm/src/attributes.rs
| sym::cmse_nonsecure_entry => { | ||
| if let Some(fn_sig) = fn_sig() | ||
| && !matches!(fn_sig.skip_binder().abi(), abi::Abi::C { .. }) | ||
| { | ||
| struct_span_code_err!( | ||
| tcx.dcx(), | ||
| attr.span, | ||
| E0776, | ||
| "`#[cmse_nonsecure_entry]` requires C ABI" | ||
| ) | ||
| .emit(); | ||
| } | ||
| if !tcx.sess.target.llvm_target.contains("thumbv8m") { | ||
| struct_span_code_err!(tcx.dcx(), attr.span, E0775, "`#[cmse_nonsecure_entry]` is only valid for targets with the TrustZone-M extension") | ||
| .emit(); | ||
| } | ||
| codegen_fn_attrs.flags |= CodegenFnAttrFlags::CMSE_NONSECURE_ENTRY | ||
| } |
There was a problem hiding this comment.
All these checks are no longer needed, as the ABI now is specified explicitly, and checks for if an ABI is supported on a target are already in place here: compiler/rustc_target/src/spec/mod.rs
| CCmseNonSecureCall => ["arm", "aarch64"].contains(&&self.arch[..]), | ||
| CCmseNonSecureEntry => ["arm", "aarch64"].contains(&&self.arch[..]), |
There was a problem hiding this comment.
Here we follow what C-cmse-nonsecure-call does. However we might want to check explicitly for the thumbv8m target. However this PR only wants to tackle the attribute to ABI conversion requested in the tracking issue.
There was a problem hiding this comment.
We actually added this check right away, turned out to be pretty straightforward.
| // CHECK-LABEL: __acle_se_entry_point | ||
| // CHECK: bxns |
There was a problem hiding this comment.
This tests end-to-end if we communicated the attribute to LLVM. From the tracking issue ( #75835 ):
- add a special symbol on the function which is the _acle_se prefix and the standard function name
- constrain the number of parameters to avoid using the Non-Secure stack
- before returning from the function, clear registers that might contain Secure information
- use the BXNS instruction to return
So here we check if the label with the __acle_se_ prefix exists. And that the bxns (Branch and Exchange Non-secure) instruction is used to return.
| // CHECK-LABEL: call_nonsecure | ||
| // CHECK: blxns |
There was a problem hiding this comment.
Same as above, but now checking for blxns to be used. From that tracking issue ( #81391 ):
- save registers needed after the call to Secure memory
- clear all registers that might contain confidential information
- clear the Least Significant Bit of the function address
- branches using the BLXNS instruction
| #[no_mangle] | ||
| pub extern "C-cmse-nonsecure-entry" fn test( | ||
| f: extern "C-cmse-nonsecure-call" fn(u32, u32, u32, u32) -> u32, | ||
| a: u32, | ||
| b: u32, | ||
| c: u32, | ||
| ) -> u32 { | ||
| f(a, b, c, 42) | ||
| } |
There was a problem hiding this comment.
This tests the typical use case of CMSE. test is exposed to the non-secure side, when it calls it passes along a call-back function which can be called by the secure side.
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
from
3e1abc8
to
f9ba7e8
Compare
|
☔ The latest upstream changes (presumably #128490) made this pull request unmergeable. Please resolve the merge conflicts. |
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
from
f9ba7e8
to
ed11848
Compare
|
☔ The latest upstream changes (presumably #128672) made this pull request unmergeable. Please resolve the merge conflicts. |
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
from
ed11848
to
2fc72c6
Compare
This comment has been minimized.
This comment has been minimized.
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
from
2fc72c6
to
9be420a
Compare
|
☔ The latest upstream changes (presumably #128763) made this pull request unmergeable. Please resolve the merge conflicts. |
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
from
9be420a
to
da55a39
Compare
verifies that the correct return instructions are emitted. Co-authored-by: Tamme Dittrich <tamme@tweedegolf.com>
folkertdev
force-pushed
the
c-cmse-nonsecure-entry
branch
from
da55a39
to
a756451
Compare
|
r? @jackh726 you reviewed the structurally similar #111891, the most recent new ABI addition. Could you review this one too? We've had some trouble finding a good reviewer here because this change, while simple in theory, touches a lot of different parts of the compiler. Conceptually, all this does is add a new variant to the abi enum, and then follow the compiler error messages. In most files, the number of changes lines is minimal, and completely in line with surrounding code. Then, the cmse entry attribute is removed and the tests are updated. So, all changes follow naturally, but it's a lot. |
|
☔ The latest upstream changes (presumably #124895) made this pull request unmergeable. Please resolve the merge conflicts. |
tracking issue #75835
in #75835 (comment) it was decided that using an abi, rather than an attribute, was the right way to go for this feature.
This PR adds that ABI and removes the
#[cmse_nonsecure_entry]attribute. All relevant tests have been updated, some are now obsolete and have been removed.Error 0775 is no longer generated. It contains the list of targets that support the CMSE feature, and maybe we want to still use this? right now a generic "this abi is not supported on this platform" error is returned when this abi is used on an unsupported platform. On the other hand, users of this abi are likely to be experienced rust users, so maybe the generic error is good enough.