-
Notifications
You must be signed in to change notification settings - Fork 12.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add extern "C-cmse-nonsecure-entry" fn
#127766
base: master
Are you sure you want to change the base?
Conversation
These commits modify compiler targets. Some changes occurred in diagnostic error codes This PR changes Stable MIR cc @oli-obk, @celinval, @ouz-a rust-analyzer is developed in its own repository. If possible, consider making this change to rust-lang/rust-analyzer instead. cc @rust-lang/rust-analyzer Some changes occurred in compiler/rustc_codegen_cranelift cc @bjorn3 |
This comment has been minimized.
This comment has been minimized.
06fe23a
to
9d04d69
Compare
This comment has been minimized.
This comment has been minimized.
9d04d69
to
8da0efe
Compare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
r? compiler |
…rror-messages, r=oli-obk `C-cmse-nonsecure-call`: improved error messages tracking issue: rust-lang#81391 issue for the error messages (partially implemented by this PR): rust-lang#81347 related, in that it also deals with CMSE: rust-lang#127766 When using the `C-cmse-nonsecure-call` ABI, both the arguments and return value must be passed via registers. Previously, when violating this constraint, an ugly LLVM error would be shown. Now, the rust compiler itself will print a pretty message and link to more information.
Rollup merge of rust-lang#127814 - folkertdev:c-cmse-nonsecure-call-error-messages, r=oli-obk `C-cmse-nonsecure-call`: improved error messages tracking issue: rust-lang#81391 issue for the error messages (partially implemented by this PR): rust-lang#81347 related, in that it also deals with CMSE: rust-lang#127766 When using the `C-cmse-nonsecure-call` ABI, both the arguments and return value must be passed via registers. Previously, when violating this constraint, an ugly LLVM error would be shown. Now, the rust compiler itself will print a pretty message and link to more information.
…ages, r=oli-obk `C-cmse-nonsecure-call`: improved error messages tracking issue: #81391 issue for the error messages (partially implemented by this PR): #81347 related, in that it also deals with CMSE: rust-lang/rust#127766 When using the `C-cmse-nonsecure-call` ABI, both the arguments and return value must be passed via registers. Previously, when violating this constraint, an ugly LLVM error would be shown. Now, the rust compiler itself will print a pretty message and link to more information.
af4c41b
to
87224ba
Compare
HIR ty lowering was modified cc @fmease |
We've just added nicer error message in the same style as #127814. We believe that this resolves all steps from the tracking issue. |
r? compiler |
r? compiler |
☔ The latest upstream changes (presumably #128435) made this pull request unmergeable. Please resolve the merge conflicts. |
87224ba
to
174830a
Compare
Some changes occurred in src/tools/cargo cc @ehuss |
174830a
to
7f3e2c9
Compare
something got comitted accidentally. no changes are now made to |
2c83b07
to
15a0a05
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We reduced the scope of the PR to only cover the replacement of #[cmse_nonsecure_entry]
by extern "C-cmse-nonsecure-entry"
like it was requested in the tracking issue #75835 (comment) .
We also added some comments to aid the review.
@@ -61,6 +61,9 @@ pub(crate) fn conv_to_call_conv(sess: &Session, c: Conv, default_call_conv: Call | |||
Conv::CCmseNonSecureCall => { | |||
sess.dcx().fatal("C-cmse-nonsecure-call call conv is not yet implemented"); | |||
} | |||
Conv::CCmseNonSecureEntry => { | |||
sess.dcx().fatal("C-cmse-nonsecure-entry call conv is not yet implemented"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cranelift does not support any ARM cortex-m targets anyway. So this does not change anything.
if let Conv::CCmseNonSecureEntry = self.conv { | ||
func_attrs.push(llvm::CreateAttrString(cx.llcx, "cmse_nonsecure_entry")) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This got moved here from compiler/rustc_codegen_llvm/src/attributes.rs
sym::cmse_nonsecure_entry => { | ||
if let Some(fn_sig) = fn_sig() | ||
&& !matches!(fn_sig.skip_binder().abi(), abi::Abi::C { .. }) | ||
{ | ||
struct_span_code_err!( | ||
tcx.dcx(), | ||
attr.span, | ||
E0776, | ||
"`#[cmse_nonsecure_entry]` requires C ABI" | ||
) | ||
.emit(); | ||
} | ||
if !tcx.sess.target.llvm_target.contains("thumbv8m") { | ||
struct_span_code_err!(tcx.dcx(), attr.span, E0775, "`#[cmse_nonsecure_entry]` is only valid for targets with the TrustZone-M extension") | ||
.emit(); | ||
} | ||
codegen_fn_attrs.flags |= CodegenFnAttrFlags::CMSE_NONSECURE_ENTRY | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All these checks are no longer needed, as the ABI now is specified explicitly, and checks for if an ABI is supported on a target are already in place here: compiler/rustc_target/src/spec/mod.rs
CCmseNonSecureCall => ["arm", "aarch64"].contains(&&self.arch[..]), | ||
CCmseNonSecureEntry => ["arm", "aarch64"].contains(&&self.arch[..]), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Here we follow what C-cmse-nonsecure-call
does. However we might want to check explicitly for the thumbv8m
target. However this PR only wants to tackle the attribute to ABI conversion requested in the tracking issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We actually added this check right away, turned out to be pretty straightforward.
// CHECK-LABEL: __acle_se_entry_point | ||
// CHECK: bxns |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This tests end-to-end if we communicated the attribute to LLVM. From the tracking issue ( #75835 ):
- add a special symbol on the function which is the _acle_se prefix and the standard function name
- constrain the number of parameters to avoid using the Non-Secure stack
- before returning from the function, clear registers that might contain Secure information
- use the BXNS instruction to return
So here we check if the label with the __acle_se_
prefix exists. And that the bxns
(Branch and Exchange Non-secure) instruction is used to return.
// CHECK-LABEL: call_nonsecure | ||
// CHECK: blxns |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same as above, but now checking for blxns
to be used. From that tracking issue ( #81391 ):
- save registers needed after the call to Secure memory
- clear all registers that might contain confidential information
- clear the Least Significant Bit of the function address
- branches using the BLXNS instruction
#[no_mangle] | ||
pub extern "C-cmse-nonsecure-entry" fn test( | ||
f: extern "C-cmse-nonsecure-call" fn(u32, u32, u32, u32) -> u32, | ||
a: u32, | ||
b: u32, | ||
c: u32, | ||
) -> u32 { | ||
f(a, b, c, 42) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This tests the typical use case of CMSE. test
is exposed to the non-secure side, when it calls it passes along a call-back function which can be called by the secure side.
3e1abc8
to
f9ba7e8
Compare
☔ The latest upstream changes (presumably #128490) made this pull request unmergeable. Please resolve the merge conflicts. |
f9ba7e8
to
ed11848
Compare
☔ The latest upstream changes (presumably #128672) made this pull request unmergeable. Please resolve the merge conflicts. |
ed11848
to
2fc72c6
Compare
This comment has been minimized.
This comment has been minimized.
2fc72c6
to
9be420a
Compare
☔ The latest upstream changes (presumably #128763) made this pull request unmergeable. Please resolve the merge conflicts. |
9be420a
to
da55a39
Compare
verifies that the correct return instructions are emitted. Co-authored-by: Tamme Dittrich <tamme@tweedegolf.com>
da55a39
to
a756451
Compare
r? @jackh726 you reviewed the structurally similar #111891, the most recent new ABI addition. Could you review this one too? We've had some trouble finding a good reviewer here because this change, while simple in theory, touches a lot of different parts of the compiler. Conceptually, all this does is add a new variant to the abi enum, and then follow the compiler error messages. In most files, the number of changes lines is minimal, and completely in line with surrounding code. Then, the cmse entry attribute is removed and the tests are updated. So, all changes follow naturally, but it's a lot. |
☔ The latest upstream changes (presumably #124895) made this pull request unmergeable. Please resolve the merge conflicts. |
tracking issue #75835
in #75835 (comment) it was decided that using an abi, rather than an attribute, was the right way to go for this feature.
This PR adds that ABI and removes the
#[cmse_nonsecure_entry]
attribute. All relevant tests have been updated, some are now obsolete and have been removed.Error 0775 is no longer generated. It contains the list of targets that support the CMSE feature, and maybe we want to still use this? right now a generic "this abi is not supported on this platform" error is returned when this abi is used on an unsupported platform. On the other hand, users of this abi are likely to be experienced rust users, so maybe the generic error is good enough.