This is the mail archive of the binutils@sourceware.org mailing list for the binutils project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[RFC PATCH, binutils, ARM 9/9] Add support for stable secure gateway veneers addresses


Hi,

[Posting patch series as RFC]

This patch is part of a patch series to add support for ARMv8-M security extension[1] to GNU ld. This specific patch adds support for allowing Secure Gateway veneers to have stable addresses when relinking a secure executable.

ARM v8-M security extensions allow code running in a device to be divided into secure and non-secure code expected to be developed by independent (teams of) people. To allow updating the secure code without the need to relink the non-secure code against it, it is necessary for the toolchain to provide a way to fix the addresses of the secure gateway veneers that serve as entry points for non-secure code to call secure code. This is also a requirement [2] to claim support for ARM v8-M security extensions.

This patch adds a --in-implib=<in_implib_filename> option which, when used in conjunction of --cmse-implib will ensure that the veneers whose symbols are defined in the import library $in_implib_filename will remain at the same address in the executable. In the absence of a --out-implib option, the code will warn about new secure gateway veneers being created, otherwise these are allowed.


[1] Software requirements for ARMv8-M security extension are described in document ARM-ECM-0359818 [2]
[2] Available on http://infocenter.arm.com in Developer guides and articles > Software development > ARMÂv8-M Security Extensions: Requirements on Development Tools
[3] See requirement 15 of ARM-ECM-0359818 [2]

ChangeLog entries are as follow:


*** bfd/ChangeLog ***

2015-10-30  Thomas Preud'homme  <thomas.preudhomme@arm.com>

        * bfd-in.h (bfd_elf32_arm_set_target_relocs): Add a new parameter for
        the input import library bfd.
        * bfd-in2.h: Regenerate.
        * elf32-arm.c (struct elf32_arm_link_hash_table): New in_implib_bfd
        and new_cmse_veneers_offset fields.
        (stub_hash_newfunc): Initialize stub_offset to -1.
        (elf32_arm_add_stub): Likewise.
        (arm_build_one_stub): Only allocate a stub_offset is it's -1.
        (elf32_arm_create_stub): Change stub_changed parameter into an integer
        pointer parameter cmse_stub_created to count the number of stub
        created.
        (cmse_entry_fct_p): New function.
        (arm_list_new_cmse_stub): Likewise.
        (set_cmse_veneer_addr_from_implib): Likewise.
        (elf32_arm_size_stubs): Define cmse_stub_created, pass its address to
        cmse_scan instead of that of cmse_stub_changed to compute the number
        of stub created and use it to initialize stub_changed.  Call
        set_cmse_veneer_addr_from_implib after cmse_scan.  Use
        htab->new_cmse_veneers_offset to initialize size of secure gateway
        veneers section.  Initialize stub_offset of Cortex-A8 erratum fix to
        -1.  Use ret to hold return value.
        (elf32_arm_build_stubs): Use htab->new_cmse_veneers_offset to
        initialize size of secure gateway veneers section.  Add comment to
        stress the importance of zeroing veneer section content.
        (bfd_elf32_arm_set_target_relocs): Add new in_implib_bfd parameter to
        initialize eponymous field in struct elf32_arm_link_hash_table.


*** ld/ChangeLog ***

2015-11-02  Thomas Preud'homme  <thomas.preudhomme@arm.com>

        * emultempl/armelf.em (in_implib_filename): Declare and initialize new
        variable.
        (arm_elf_create_output_section_statements): Open import input library
        file for writing and pass resulting in_implib_bfd to
        bfd_elf32_arm_set_target_relocs.
        (PARSE_AND_LIST_PROLOGUE): Define OPTION_IN_IMPLIB option.
        (PARSE_AND_LIST_LONGOPTS): Define --in-implib option.
        (PARSE_AND_LIST_OPTIONS): Add help message for --in-implib option.
        (PARSE_AND_LIST_ARGS_CASES): Handle new OPTION_IN_IMPLIB case.
        * ld.texinfo (--cmse-implib): Update to mention --in-implib.
        (--in-implib): Document new option.


*** ld/testsuite/ChangeLog ***

2015-10-30  Thomas Preud'homme  <thomas.preudhomme@arm.com>

        * ld-arm/arm-elf.exp (Secure gateway import library generation): add
        --defsym VER=1 to gas CLI.
        (Secure gateway import library generation: errors): Likewise.
        (Input secure gateway import library): New test.
        (Input secure gateway import library: no output import library):
        Likewise.
        (Input secure gateway import library: earlier stub section base):
        Likewise.
        (Input secure gateway import library: later stub section base):
        Likewise.
        (Input secure gateway import library: entry function change):
        Likewise.
        * ld-arm/cmse-implib.s: Add input import library testing.
        * ld-arm/cmse-implib.rd: Update accordingly.
        * ld-arm/cmse-new-implib.out: New file.
        * ld-arm/cmse-new-implib.rd: Likewise.
        * ld-arm/cmse-new-later-implib.out: Likewise.
        * ld-arm/cmse-new-wrong-implib.out: Likewise.
        * ld-arm/cmse-new-implib-no-output.out: Likewise.


diff --git a/bfd/bfd-in.h b/bfd/bfd-in.h
index d4f0bf4..b12946c 100644
--- a/bfd/bfd-in.h
+++ b/bfd/bfd-in.h
@@ -895,7 +895,7 @@ extern bfd_boolean bfd_elf32_arm_process_before_allocation
 
 void bfd_elf32_arm_set_target_relocs
   (bfd *, struct bfd_link_info *, int, char *, int, int, bfd_arm_vfp11_fix,
-   bfd_arm_stm32l4xx_fix, int, int, int, int, int, int);
+   bfd_arm_stm32l4xx_fix, int, int, int, int, int, int, bfd *);
 
 extern bfd_boolean bfd_elf32_arm_get_bfd_for_interworking
   (bfd *, struct bfd_link_info *);
diff --git a/bfd/bfd-in2.h b/bfd/bfd-in2.h
index 864988d..406fd6b 100644
--- a/bfd/bfd-in2.h
+++ b/bfd/bfd-in2.h
@@ -902,7 +902,7 @@ extern bfd_boolean bfd_elf32_arm_process_before_allocation
 
 void bfd_elf32_arm_set_target_relocs
   (bfd *, struct bfd_link_info *, int, char *, int, int, bfd_arm_vfp11_fix,
-   bfd_arm_stm32l4xx_fix, int, int, int, int, int, int);
+   bfd_arm_stm32l4xx_fix, int, int, int, int, int, int, bfd *);
 
 extern bfd_boolean bfd_elf32_arm_get_bfd_for_interworking
   (bfd *, struct bfd_link_info *);
diff --git a/bfd/elf32-arm.c b/bfd/elf32-arm.c
index 37aede1..90f1333 100644
--- a/bfd/elf32-arm.c
+++ b/bfd/elf32-arm.c
@@ -3075,6 +3075,10 @@ struct elf32_arm_link_hash_table
      as per ARMv8-M security extensions.  */
   int cmse_implib;
 
+  /* The import library whose symbols' address must remain stable in
+     the import library generated.  */
+  bfd *in_implib_bfd;
+
   /* The index of the next unused R_ARM_TLS_DESC slot in .rel.plt.  */
   bfd_vma next_tls_desc_index;
 
@@ -3136,6 +3140,10 @@ struct elf32_arm_link_hash_table
   /* Input stub section holding secure gateway veneers.  */
   asection *cmse_stub_sec;
 
+  /* Offset in cmse_stub_sec where new SG veneers (not in input import library)
+     start to be allocated.  */
+  bfd_vma new_cmse_veneers_offset;
+
   /* Number of elements in stub_group.  */
   unsigned int top_id;
 
@@ -3383,7 +3391,7 @@ stub_hash_newfunc (struct bfd_hash_entry *entry,
       /* Initialize the local fields.  */
       eh = (struct elf32_arm_stub_hash_entry *) entry;
       eh->stub_sec = NULL;
-      eh->stub_offset = 0;
+      eh->stub_offset = (bfd_vma) -1;
       eh->source_value = 0;
       eh->target_value = 0;
       eh->target_section = NULL;
@@ -4200,7 +4208,7 @@ elf32_arm_add_stub (const char *stub_name, asection *section,
     }
 
   stub_entry->stub_sec = stub_sec;
-  stub_entry->stub_offset = 0;
+  stub_entry->stub_offset = (bfd_vma) -1;
   stub_entry->id_sec = link_sec;
 
   return stub_entry;
@@ -4334,13 +4342,10 @@ arm_build_one_stub (struct bfd_hash_entry *gen_entry,
   bfd *stub_bfd;
   bfd_byte *loc;
   bfd_vma sym_value;
-  int template_size;
-  int size;
+  int i, size, template_size, just_allocated = 0, nrelocs = 0;
   const insn_sequence *template_sequence;
-  int i;
   int stub_reloc_idx[MAXRELOCS] = {-1, -1};
   int stub_reloc_offset[MAXRELOCS] = {0, 0};
-  int nrelocs = 0;
 
   /* Massage our args to the form they really have.  */
   stub_entry = (struct elf32_arm_stub_hash_entry *) gen_entry;
@@ -4357,8 +4362,12 @@ arm_build_one_stub (struct bfd_hash_entry *gen_entry,
     /* We have to do less-strictly-aligned fixes last.  */
     return TRUE;
 
-  /* Make a note of the offset within the stubs for this entry.  */
-  stub_entry->stub_offset = stub_sec->size;
+  /* Assign a slot at the end of section if none assigned yet.  */
+  if (stub_entry->stub_offset == (bfd_vma) -1)
+    {
+      stub_entry->stub_offset = stub_sec->size;
+      just_allocated = 1;
+    }
   loc = stub_sec->contents + stub_entry->stub_offset;
 
   stub_bfd = stub_sec->owner;
@@ -4432,7 +4441,8 @@ arm_build_one_stub (struct bfd_hash_entry *gen_entry,
 	}
     }
 
-  stub_sec->size += size;
+  if (just_allocated)
+    stub_sec->size += size;
 
   /* Stub size has already been computed in arm_size_one_stub. Check
      consistency.  */
@@ -4550,6 +4560,10 @@ arm_size_one_stub (struct bfd_hash_entry *gen_entry,
   stub_entry->stub_template = template_sequence;
   stub_entry->stub_template_size = template_size;
 
+  /* Already accounted for.  */
+  if (stub_entry->stub_offset != (bfd_vma) -1)
+    return TRUE;
+
   size = (size + 7) & ~7;
   stub_entry->stub_sec->size += size;
 
@@ -5211,15 +5225,15 @@ elf32_arm_create_stub (struct elf32_arm_link_hash_table *htab,
 
 /* Scan symbols in INPUT_BFD for secure gateway veneers to create.  OUT_ATTR
    gives the output attributes, SYM_HASHES the symbol index to hash entry
-   mapping while HTAB gives the name to hash entry mapping.
+   mapping while HTAB gives the name to hash entry mapping. *CMSE_STUB_CREATED
+   is increased by the number of secure gateway veneer created.
 
-   If any secure gateway veneer is created, *STUB_CHANGED is set to TRUE.  The
-   return value gives whether a stub failed to be allocated.  */
+   The return value gives whether a stub failed to be allocated.  */
 
 static bfd_boolean
 cmse_scan (bfd *input_bfd, struct elf32_arm_link_hash_table *htab,
 	   obj_attribute *out_attr, struct elf_link_hash_entry **sym_hashes,
-	   bfd_boolean *stub_changed)
+	   int *cmse_stub_created)
 {
   const struct elf_backend_data *bed;
   Elf_Internal_Shdr *symtab_hdr;
@@ -5379,7 +5393,7 @@ cmse_scan (bfd *input_bfd, struct elf32_arm_link_hash_table *htab,
       else
 	{
 	  BFD_ASSERT (new_stub);
-	  *stub_changed = TRUE;
+	  (*cmse_stub_created)++;
 	}
     }
 
@@ -5388,6 +5402,246 @@ cmse_scan (bfd *input_bfd, struct elf32_arm_link_hash_table *htab,
   return ret;
 }
 
+/* Return whether a symbol identified by its linker HASH entry is an entry
+   function, ie can be called from non secure code without using a veneer.  */
+
+static bfd_boolean
+cmse_entry_fct_p (struct elf32_arm_link_hash_entry *hash)
+{
+  uint32_t first_insn;
+  asection *section;
+  file_ptr offset;
+  bfd *abfd;
+
+  /* Defined symbol of function type.  */
+  if (hash->root.root.type != bfd_link_hash_defined
+      && hash->root.root.type != bfd_link_hash_defweak)
+    return FALSE;
+  if (hash->root.type != STT_FUNC)
+    return FALSE;
+
+  /* Read first instruction.  */
+  section = hash->root.root.u.def.section;
+  abfd = section->owner;
+  offset = hash->root.root.u.def.value - section->vma;
+  if (!bfd_get_section_contents (abfd, section, &first_insn, offset,
+				 sizeof (first_insn)))
+    return FALSE;
+
+  /* Start by SG instruction.  */
+  return first_insn == 0xe97fe97f;
+}
+
+/* Output the name (in symbol table) of the veneer GEN_ENTRY if it is a new
+   secure gateway veneers (ie. the veneers was not in the input import library)
+   and there is no output import library (GEN_INFO->out_implib_bfd is NULL.  */
+
+static bfd_boolean
+arm_list_new_cmse_stub (struct bfd_hash_entry *gen_entry, void *gen_info)
+{
+  struct elf32_arm_stub_hash_entry *stub_entry;
+  struct bfd_link_info *info;
+
+  /* Massage our args to the form they really have.  */
+  stub_entry = (struct elf32_arm_stub_hash_entry *) gen_entry;
+  info = (struct bfd_link_info *) gen_info;
+
+  if (info->out_implib_bfd)
+    return TRUE;
+
+  if (stub_entry->stub_type != arm_stub_cmse_branch_thumb_only)
+    return TRUE;
+
+  if (stub_entry->stub_offset == (bfd_vma) -1)
+    (*_bfd_error_handler) ("  %s", stub_entry->output_name);
+
+  return TRUE;
+}
+
+/* Set offset of secure gateway veneers so that their address remain identical
+   to the one in the input import library referred by HTAB->in_implib_bfd.  A
+   warning is issued for veneers that disappeared (present in input import
+   library but absent from the executable being linked) or if new veneers
+   appeared and there is no output import library (INFO->out_implib_bfd is NULL
+   and CMSE_STUB_CREATED is bigger than the number of secure gateway veneers
+   found in the input import library.
+
+   The function returns whether an error occured and
+   HTAB->new_cmse_veneers_offset is set to the biggest veneer observed set for
+   new veneers to be layed out after.  */
+
+static bfd_boolean
+set_cmse_veneer_addr_from_implib (struct bfd_link_info *info,
+				  struct elf32_arm_link_hash_table *htab,
+				  int cmse_stub_created)
+{
+  long symsize;
+  char *sym_name;
+  flagword flags;
+  long i, symcount;
+  bfd *in_implib_bfd;
+  bfd_boolean ret = TRUE;
+  Elf_Internal_Sym *intsym;
+  int cmse_stub_template_size;
+  bfd_size_type cmse_stub_size;
+  asymbol **sympp = NULL, *sym;
+  asection *cmse_stub_out_sec;
+  struct elf32_arm_link_hash_entry *hash;
+  const insn_sequence *cmse_stub_template;
+  struct elf32_arm_stub_hash_entry *stub_entry;
+  bfd_vma veneer_value, stub_offset, new_cmse_veneers_offset, stub_sec_vma = 0;
+
+  /* No input secure gateway import library.  */
+  if (!htab->in_implib_bfd)
+    return TRUE;
+  else if (!htab->cmse_implib)
+    return FALSE;
+
+  /* Get symbol table size.  */
+  in_implib_bfd = htab->in_implib_bfd;
+  symsize = bfd_get_symtab_upper_bound (in_implib_bfd);
+  if (symsize < 0)
+    return FALSE;
+
+  /* Read in the input secure gateway import library's symbol table.  */
+  sympp = (asymbol **) xmalloc (symsize);
+  symcount = bfd_canonicalize_symtab (in_implib_bfd, sympp);
+  if (symcount < 0)
+    {
+      ret = FALSE;
+      goto free_sym_buf;
+    }
+
+  htab->new_cmse_veneers_offset = 0;
+  cmse_stub_size =
+    find_stub_size_and_template (arm_stub_cmse_branch_thumb_only,
+				 &cmse_stub_template,
+				 &cmse_stub_template_size);
+  cmse_stub_out_sec =
+    bfd_get_section_by_name (htab->obfd, CMSE_STUB_OUT_SEC_NAME);
+  if (cmse_stub_out_sec == NULL)
+    {
+      (*_bfd_error_handler) (_("No address assigned to the secure gateway "
+			       "veneers output section %s"),
+			       CMSE_STUB_OUT_SEC_NAME);
+      stub_sec_vma = 0;
+      ret = FALSE;
+    }
+  else
+    stub_sec_vma = cmse_stub_out_sec->vma;
+
+  /* Set addresses of veneers mentionned in input secure gateway import
+     library's symbol table.  */
+  for (i = 0; i < symcount; i++)
+    {
+      sym = sympp[i];
+      flags = sym->flags;
+      intsym = &((elf_symbol_type *) sym)->internal_elf_sym;
+
+      if (sym->section != bfd_abs_section_ptr
+	  || !(flags & (BSF_GLOBAL | BSF_WEAK))
+	  || (flags & BSF_FUNCTION) != BSF_FUNCTION
+	  || (ARM_GET_SYM_BRANCH_TYPE (intsym->st_target_internal)
+	      != ST_BRANCH_TO_THUMB))
+	{
+	  (*_bfd_error_handler) (_("%B: invalid import library entry: `%s'."),
+				 in_implib_bfd, sym_name);
+	  (*_bfd_error_handler) (_("Symbol should be absolute, global and "
+				   "refer to Thumb functions."));
+	  ret = FALSE;
+	  continue;
+	}
+
+      sym_name = (char *) bfd_asymbol_name (sym);
+      veneer_value = bfd_asymbol_value (sym);
+      stub_offset = veneer_value - stub_sec_vma;
+      stub_entry = arm_stub_hash_lookup (&htab->stub_hash_table, sym_name,
+					 FALSE, FALSE);
+      hash = (struct elf32_arm_link_hash_entry *)
+	elf_link_hash_lookup (&(htab)->root, sym_name, FALSE, FALSE, TRUE);
+
+      /* Stub entry should have been created by cmse_scan or the symbol be of
+	 a secure function callable from non secure code.  */
+      if (!stub_entry && !hash)
+	(*_bfd_error_handler)
+	  (_("Entry function `%s' disappeared from secure code."), sym_name);
+      /* Symbol found is not callable from non secure code.  */
+      else if (!stub_entry)
+	{
+	  if (!cmse_entry_fct_p (hash))
+	    {
+	      (*_bfd_error_handler) (_("`%s' refers to a non entry function."),
+				     sym_name);
+	      ret = FALSE;
+	    }
+	  continue;
+	}
+      else
+	{
+	  /* Only stub for SG veneers should have been created.  */
+	  BFD_ASSERT (stub_entry->stub_type == arm_stub_cmse_branch_thumb_only);
+
+	  /* Check visibility hasn't changed.  */
+	  if (!!(flags & BSF_GLOBAL)
+	      != (hash->root.root.type == bfd_link_hash_defined))
+	    (*_bfd_error_handler)
+	      (_("%B: visibility of symbol `%s' has changed."), in_implib_bfd,
+	       sym_name);
+
+	  stub_entry->stub_offset = stub_offset;
+	}
+
+      /* Size should match that of a SG veneer.  */
+      if (intsym->st_size != cmse_stub_size)
+	{
+	  (*_bfd_error_handler) (_("%B: incorrect size for symbol `%s'."),
+				 in_implib_bfd, sym_name);
+	  ret = FALSE;
+	}
+
+      /* Previous veneer address is before current SG veneer section.  */
+      if (veneer_value < stub_sec_vma)
+	{
+	  (*_bfd_error_handler)
+	    (_("Veneer for entry function `%s' before veneer section start."),
+	     sym_name);
+	  if (stub_entry)
+	    stub_entry->stub_offset = 0; /* Avoid offset underflow.  */
+	  ret = FALSE;
+	}
+
+      /* Complain if stub offset not a multiple of stub size.  */
+      if (stub_offset % cmse_stub_size)
+	{
+	  (*_bfd_error_handler)
+	    (_("Offset of veneer for entry function `%s' not a multiple of "
+	       "its size."), sym_name);
+	  ret = FALSE;
+	}
+
+      if (!ret)
+	continue;
+
+      cmse_stub_created--;
+      new_cmse_veneers_offset = stub_offset + ((cmse_stub_size + 7) & ~7);
+      if (new_cmse_veneers_offset > htab->new_cmse_veneers_offset)
+	htab->new_cmse_veneers_offset = new_cmse_veneers_offset;
+    }
+
+  if (!info->out_implib_bfd && cmse_stub_created != 0)
+    {
+      BFD_ASSERT (cmse_stub_created > 0);
+      (*_bfd_error_handler)
+	(_("new entry function(s) introduced but no output import library "
+	   "specified:"));
+      bfd_hash_traverse (&htab->stub_hash_table, arm_list_new_cmse_stub, info);
+    }
+
+free_sym_buf:
+  free (sympp);
+  return ret;
+}
+
 /* Determine and set the size of the stub section for a final link.
 
    The basic idea here is to examine all the relocations looking for
@@ -5404,9 +5658,10 @@ elf32_arm_size_stubs (bfd *output_bfd,
 						      unsigned int),
 		      void (*layout_sections_again) (void))
 {
+  int cmse_stub_created = 0;
   obj_attribute *out_attr;
   bfd_size_type stub_group_size;
-  bfd_boolean stubs_always_after_branch, cmse_stub_changed = FALSE;
+  bfd_boolean stubs_always_after_branch, ret = TRUE;
   struct elf32_arm_link_hash_table *htab = elf32_arm_hash_table (info);
   struct a8_erratum_fix *a8_fixes = NULL;
   unsigned int num_a8_fixes = 0, a8_fix_table_size = 10;
@@ -5449,9 +5704,11 @@ elf32_arm_size_stubs (bfd *output_bfd,
 	  struct elf_link_hash_entry **sym_hashes = elf_sym_hashes (input_bfd);
 
 	  if (!cmse_scan (input_bfd, htab, out_attr, sym_hashes,
-			  &cmse_stub_changed))
+			  &cmse_stub_created))
 	    goto error_ret_free_local;
 	}
+      if (!set_cmse_veneer_addr_from_implib (info, htab, cmse_stub_created))
+	ret = FALSE;
     }
 
   /* The Cortex-A8 erratum fix depends on stubs not being in the same 4K page
@@ -5496,11 +5753,11 @@ elf32_arm_size_stubs (bfd *output_bfd,
       bfd *input_bfd;
       unsigned int bfd_indx;
       asection *stub_sec;
-      bfd_boolean stub_changed = cmse_stub_changed;
+      bfd_boolean stub_changed = cmse_stub_created != 0;
       unsigned prev_num_a8_fixes = num_a8_fixes;
 
       num_a8_fixes = 0;
-      cmse_stub_changed = FALSE;
+      cmse_stub_created = 0;
       for (input_bfd = info->input_bfds, bfd_indx = 0;
 	   input_bfd != NULL;
 	   input_bfd = input_bfd->link.next, bfd_indx++)
@@ -5851,7 +6108,11 @@ elf32_arm_size_stubs (bfd *output_bfd,
 	  if (!strstr (stub_sec->name, STUB_SUFFIX))
 	    continue;
 
-	  stub_sec->size = 0;
+	  /* Append new SG veneers after those in input import library.  */
+	  if (stub_sec == htab->cmse_stub_sec)
+	    stub_sec->size = htab->new_cmse_veneers_offset;
+	  else
+	    stub_sec->size = 0;
 	}
 
       bfd_hash_traverse (&htab->stub_hash_table, arm_size_one_stub, htab);
@@ -5908,7 +6169,7 @@ elf32_arm_size_stubs (bfd *output_bfd,
 	    }
 
 	  stub_entry->stub_sec = stub_sec;
-	  stub_entry->stub_offset = 0;
+	  stub_entry->stub_offset = (bfd_vma) -1;
 	  stub_entry->id_sec = link_sec;
 	  stub_entry->stub_type = a8_fixes[i].stub_type;
 	  stub_entry->source_value = a8_fixes[i].offset;
@@ -5936,7 +6197,7 @@ elf32_arm_size_stubs (bfd *output_bfd,
       htab->a8_erratum_fixes = NULL;
       htab->num_a8_erratum_fixes = 0;
     }
-  return TRUE;
+  return ret;
 
  error_ret_free_local:
   return FALSE;
@@ -5969,12 +6230,19 @@ elf32_arm_build_stubs (struct bfd_link_info *info)
       if (!strstr (stub_sec->name, STUB_SUFFIX))
 	continue;
 
-      /* Allocate memory to hold the linker stubs.  */
+      /* Allocate memory to hold the linker stubs.  Zeroing the stub section
+	 ensures that a non secure application branching to a removed SG veneer
+	 will cause an error.  */
       size = stub_sec->size;
       stub_sec->contents = (unsigned char *) bfd_zalloc (htab->stub_bfd, size);
       if (stub_sec->contents == NULL && size != 0)
 	return FALSE;
-      stub_sec->size = 0;
+
+      /* Append new SG veneers after those in input import library.  */
+      if (stub_sec == htab->cmse_stub_sec)
+	stub_sec->size = htab->new_cmse_veneers_offset;
+      else
+	stub_sec->size = 0;
     }
 
   /* Build the stubs as directed by the stub hash table.  */
@@ -7940,7 +8208,8 @@ bfd_elf32_arm_set_target_relocs (struct bfd *output_bfd,
 				 bfd_arm_stm32l4xx_fix stm32l4xx_fix,
 				 int no_enum_warn, int no_wchar_warn,
 				 int pic_veneer, int fix_cortex_a8,
-				 int fix_arm1176, int cmse_implib)
+				 int fix_arm1176, int cmse_implib,
+				 bfd *in_implib_bfd)
 {
   struct elf32_arm_link_hash_table *globals;
 
@@ -7968,6 +8237,7 @@ bfd_elf32_arm_set_target_relocs (struct bfd *output_bfd,
   globals->fix_cortex_a8 = fix_cortex_a8;
   globals->fix_arm1176 = fix_arm1176;
   globals->cmse_implib = cmse_implib;
+  globals->in_implib_bfd = in_implib_bfd;
 
   BFD_ASSERT (is_arm_elf (output_bfd));
   elf_arm_tdata (output_bfd)->no_enum_size_warning = no_enum_warn;
diff --git a/ld/emultempl/armelf.em b/ld/emultempl/armelf.em
index ec6dca2..0e4d1bd 100644
--- a/ld/emultempl/armelf.em
+++ b/ld/emultempl/armelf.em
@@ -43,6 +43,7 @@ static int pic_veneer = 0;
 static int merge_exidx_entries = -1;
 static int fix_arm1176 = 1;
 static int cmse_implib = 0;
+static char *in_implib_filename = NULL;
 
 static void
 gld${EMULATION_NAME}_before_parse (void)
@@ -495,6 +496,8 @@ gld${EMULATION_NAME}_finish (void)
 static void
 arm_elf_create_output_section_statements (void)
 {
+  bfd *in_implib_bfd;
+
   if (strstr (bfd_get_target (link_info.output_bfd), "arm") == NULL)
     {
       /* The arm backend needs special fields in the output hash structure.
@@ -505,6 +508,20 @@ arm_elf_create_output_section_statements (void)
       return;
     }
 
+  if (in_implib_filename)
+    {
+      in_implib_bfd = bfd_openr (in_implib_filename,
+				 bfd_get_target (link_info.output_bfd));
+
+      if (in_implib_bfd == NULL)
+	einfo ("%F%s: Can't open: %E\n", in_implib_filename);
+
+      if (!bfd_check_format (in_implib_bfd, bfd_object))
+	einfo ("%F%s: Not a relocatable file: %E\n", in_implib_filename);
+    }
+  else
+    in_implib_bfd = NULL;
+
   bfd_elf32_arm_set_target_relocs (link_info.output_bfd, &link_info,
 				   target1_is_rel,
 				   target2_type, fix_v4bx, use_blx,
@@ -512,7 +529,7 @@ arm_elf_create_output_section_statements (void)
 				   no_enum_size_warning,
 				   no_wchar_size_warning,
 				   pic_veneer, fix_cortex_a8,
-				   fix_arm1176, cmse_implib);
+				   fix_arm1176, cmse_implib, in_implib_bfd);
 
   stub_file = lang_add_input_file ("linker stubs",
  				   lang_input_file_is_fake_enum,
@@ -582,6 +599,7 @@ PARSE_AND_LIST_PROLOGUE='
 #define OPTION_LONG_PLT			319
 #define OPTION_STM32L4XX_FIX		320
 #define OPTION_CMSE_IMPLIB		321
+#define OPTION_IN_IMPLIB		322
 '
 
 PARSE_AND_LIST_SHORTOPTS=p
@@ -609,6 +627,7 @@ PARSE_AND_LIST_LONGOPTS='
   { "no-fix-arm1176", no_argument, NULL, OPTION_NO_FIX_ARM1176 },
   { "long-plt", no_argument, NULL, OPTION_LONG_PLT },
   { "cmse-implib", no_argument, NULL, OPTION_CMSE_IMPLIB },
+  { "in-implib", required_argument, NULL, OPTION_IN_IMPLIB },
 '
 
 PARSE_AND_LIST_OPTIONS='
@@ -631,6 +650,8 @@ PARSE_AND_LIST_OPTIONS='
            "                              to handle large .plt/.got displacements\n"));
   fprintf (file, _("  --cmse-implib               Make import library to be a secure gateway import\n"
                    "                                library as per ARMv8-M security extensions\n"));
+  fprintf (file, _("  --in-implib                 Import library whose symbols address must\n"
+                   "                                remain stable\n"));
   fprintf (file, _("\
   --stub-group-size=N         Maximum size of a group of input sections that\n\
                                can be handled by one stub section.  A negative\n\
@@ -755,6 +776,10 @@ PARSE_AND_LIST_ARGS_CASES='
    case OPTION_CMSE_IMPLIB:
       cmse_implib = 1;
       break;
+
+   case OPTION_IN_IMPLIB:
+      in_implib_filename = optarg;
+      break;
 '
 
 # We have our own before_allocation etc. functions, but they call
diff --git a/ld/ld.texinfo b/ld/ld.texinfo
index 234716b..851c7fa 100644
--- a/ld/ld.texinfo
+++ b/ld/ld.texinfo
@@ -6806,10 +6806,20 @@ entries which only support 512Mb of code.
 
 @kindex --cmse-implib
 @cindex Secure gateway import library
-The @samp{--cmse-implib} option requests that the import library
-specified by @samp{--out-implib} option is a secure gateway import
-library, suitable for linking a non-secure executable against secure
-code as per ARMv8-M security extensions.
+The @samp{--cmse-implib} option requests that the import libraries
+specified by the @samp{--out-implib} and @samp{--in-implib} options are
+secure gateway import libraries, suitable for linking a non-secure
+executable against secure code as per ARMv8-M security extensions.
+
+@kindex --in-implib
+@cindex Input import library
+The @samp{--in-implib} option specifies an import library whose symbols
+must keep the same address in the executable being produced.  A warning
+is given if @samp{--out-implib} is not specified but new symbols would
+end up in the output import library if it was.  Otherwise, if
+@samp{--out-implib} is specified, the symbols are silently added to the
+output import library.  This option is only effective for Secure
+Gateway import libraries, ie. when @samp{--cmse-implib} is specified.
 
 @ifclear GENERIC
 @lowersections
diff --git a/ld/testsuite/ld-arm/arm-elf.exp b/ld/testsuite/ld-arm/arm-elf.exp
index 95b8881..5c6de60 100644
--- a/ld/testsuite/ld-arm/arm-elf.exp
+++ b/ld/testsuite/ld-arm/arm-elf.exp
@@ -607,16 +607,48 @@ set armeabitests_nonacl {
      "cmse-veneers-mainline"}
     {"Secure gateway import library generation: errors"
      "--section-start .sgstubs=0x20000 --out-implib=tmpdir/cmse-implib.lib --cmse-implib" ""
-     "-march=armv8-m.base -mthumb --defsym CHECK_ERRORS=1"
+     "-march=armv8-m.base -mthumb --defsym CHECK_ERRORS=1 --defsym VER=1"
      {cmse-implib.s}
      {{ld cmse-implib-errors.out}}
      "cmse-implib"}
     {"Secure gateway import library generation"
      "--section-start .sgstubs=0x20000 --out-implib=tmpdir/cmse-implib.lib --cmse-implib" ""
-     "-march=armv8-m.base -mthumb"
+     "-march=armv8-m.base -mthumb --defsym VER=1"
      {cmse-implib.s}
      {{readelf {-s tmpdir/cmse-implib.lib} cmse-implib.rd}}
      "cmse-implib"}
+    {"Input secure gateway import library"
+     "--section-start .sgstubs=0x20000 --out-implib=tmpdir/cmse-new-implib.lib --in-implib=tmpdir/cmse-implib.lib --cmse-implib" ""
+     "-march=armv8-m.base -mthumb --defsym VER=2"
+     {cmse-implib.s}
+     {{ld cmse-new-implib.out}
+      {readelf {-s tmpdir/cmse-new-implib.lib} cmse-new-implib.rd}}
+     "cmse-new-implib"}
+    {"Input secure gateway import library: no output import library"
+     "--section-start .sgstubs=0x20000 --in-implib=tmpdir/cmse-implib.lib --cmse-implib" ""
+     "-march=armv8-m.base -mthumb --defsym VER=2"
+     {cmse-implib.s}
+     {{ld cmse-new-implib-no-output.out}}
+     "cmse-new-implib-no-output"}
+    {"Input secure gateway import library: earlier stub section base"
+     "--section-start .sgstubs=0x19000 --out-implib=tmpdir/cmse-new-earlier-implib.lib --in-implib=tmpdir/cmse-implib.lib --cmse-implib" ""
+     "-march=armv8-m.base -mthumb --defsym VER=2"
+     {cmse-implib.s}
+     {{ld cmse-new-implib.out}
+      {readelf {-s tmpdir/cmse-new-earlier-implib.lib} cmse-new-implib.rd}}
+     "cmse-new-earlier-implib"}
+    {"Input secure gateway import library: later stub section base"
+     "--section-start .sgstubs=0x30000 --out-implib=tmpdir/cmse-new-later-implib.lib --in-implib=tmpdir/cmse-implib.lib --cmse-implib" ""
+     "-march=armv8-m.base -mthumb --defsym VER=2"
+     {cmse-implib.s}
+     {{ld cmse-new-later-implib.out}}
+     "cmse-new-later-implib"}
+    {"Input secure gateway import library: entry function change"
+     "--section-start .sgstubs=0x20000 --out-implib=tmpdir/cmse-new-wrong-implib.lib --in-implib=tmpdir/cmse-implib.lib --cmse-implib" ""
+     "-march=armv8-m.base -mthumb --defsym VER=3"
+     {cmse-implib.s}
+     {{ld cmse-new-wrong-implib.out}}
+     "cmse-new-wrong-implib"}
 
     {"R_ARM_THM_JUMP19 Relocation veneers: Short"
      "--section-start destsect=0x000108002 --section-start .text=0x8000" ""
diff --git a/ld/testsuite/ld-arm/cmse-implib.rd b/ld/testsuite/ld-arm/cmse-implib.rd
index 8b11637..c5f7aef 100644
--- a/ld/testsuite/ld-arm/cmse-implib.rd
+++ b/ld/testsuite/ld-arm/cmse-implib.rd
@@ -1,11 +1,12 @@
 File: tmpdir/cmse-implib.lib
 
-Symbol table '.symtab' contains 4 entries:
+Symbol table '.symtab' contains 5 entries:
    Num:    Value  Size Type    Bind   Vis      Ndx Name
      0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND 
-     1: 00020001     8 FUNC    GLOBAL DEFAULT  ABS exported_entry_veneer1
-     2: [0-9a-f]+     6 FUNC    GLOBAL DEFAULT  ABS exported_entry_fct
+     1: 00020001     8 FUNC    GLOBAL DEFAULT  ABS exported_entry_veneer3
+     2: [0-9a-f]+     6 FUNC    GLOBAL DEFAULT  ABS exported_entry_fct1
      3: 00020009     8 FUNC    GLOBAL DEFAULT  ABS exported_entry_veneer2
+     4: [0-9a-f]+     6 FUNC    GLOBAL DEFAULT  ABS exported_entry_fct2
 
 File: tmpdir/cmse-implib
 
diff --git a/ld/testsuite/ld-arm/cmse-implib.s b/ld/testsuite/ld-arm/cmse-implib.s
index 99fa90c..a841130 100644
--- a/ld/testsuite/ld-arm/cmse-implib.s
+++ b/ld/testsuite/ld-arm/cmse-implib.s
@@ -1,17 +1,17 @@
 	.syntax unified
 	.text
 
-.macro	entry	name, entry_fct
+.macro	entry	name, vis, entry_fct
 	.align	2
-	.global	\name
-	.global	__acle_se_\name
+	.\vis	\name
+	.\vis	__acle_se_\name
 	.thumb
 	.thumb_func
 	.type	\name, %function
 	.type	__acle_se_\name, %function
 \name:
 .ifnb \entry_fct
-	sg
+	\entry_fct
 .endif
 __acle_se_\name:
 	nop
@@ -20,11 +20,28 @@ __acle_se_\name:
 .endm
 
 	@ Valid setups for veneer generation
-	entry exported_entry_veneer1
-	entry exported_entry_veneer2
+.if (VER >= 2)
+	entry exported_entry_veneer1, global
+.endif
+.if (VER < 3)
+	entry exported_entry_veneer2, global
+.else
+	entry exported_entry_veneer2, weak
+.endif
+.if (VER == 1)
+	entry exported_entry_veneer3, global
+.else
+	entry exported_entry_veneer4, global
+.endif
 
 	@ Valid setup for entry function without veneer generation
-	entry exported_entry_fct, entry_fct
+	entry exported_entry_fct1, global, sg
+.if (VER < 3)
+	entry exported_entry_fct2, global, sg
+.else
+	@ Invalid setup for entry function without veneer generation
+	entry exported_entry_fct2, global, nop
+.endif
 
 	@ Normal symbol not exported to SG import library
 	.align	2
diff --git a/ld/testsuite/ld-arm/cmse-new-implib-no-output.out b/ld/testsuite/ld-arm/cmse-new-implib-no-output.out
new file mode 100644
index 0000000..0590b71
--- /dev/null
+++ b/ld/testsuite/ld-arm/cmse-new-implib-no-output.out
@@ -0,0 +1,4 @@
+.*: Entry function `exported_entry_veneer3' disappeared from secure code.
+.*: new entry function\(s\) introduced but no output import library specified:
+.*:   exported_entry_veneer4
+.*:   exported_entry_veneer1
diff --git a/ld/testsuite/ld-arm/cmse-new-implib.out b/ld/testsuite/ld-arm/cmse-new-implib.out
new file mode 100644
index 0000000..c8af280
--- /dev/null
+++ b/ld/testsuite/ld-arm/cmse-new-implib.out
@@ -0,0 +1 @@
+.*: Entry function `exported_entry_veneer3' disappeared from secure code.
diff --git a/ld/testsuite/ld-arm/cmse-new-implib.rd b/ld/testsuite/ld-arm/cmse-new-implib.rd
new file mode 100644
index 0000000..9ff0fd8
--- /dev/null
+++ b/ld/testsuite/ld-arm/cmse-new-implib.rd
@@ -0,0 +1,14 @@
+File: tmpdir/cmse-new-.*implib.lib
+
+Symbol table '.symtab' contains 6 entries:
+   Num:    Value  Size Type    Bind   Vis      Ndx Name
+     0: 00000000     0 NOTYPE  LOCAL  DEFAULT  UND 
+     1: 00020011     8 FUNC    GLOBAL DEFAULT  ABS exported_entry_veneer4
+     2: 00020019     8 FUNC    GLOBAL DEFAULT  ABS exported_entry_veneer1
+     3: [0-9a-f]+     6 FUNC    GLOBAL DEFAULT  ABS exported_entry_fct1
+     4: 00020009     8 FUNC    GLOBAL DEFAULT  ABS exported_entry_veneer2
+     5: [0-9a-f]+     6 FUNC    GLOBAL DEFAULT  ABS exported_entry_fct2
+
+File: tmpdir/cmse-new-.*implib
+
+#...
diff --git a/ld/testsuite/ld-arm/cmse-new-later-implib.out b/ld/testsuite/ld-arm/cmse-new-later-implib.out
new file mode 100644
index 0000000..9652759
--- /dev/null
+++ b/ld/testsuite/ld-arm/cmse-new-later-implib.out
@@ -0,0 +1,4 @@
+.*: Entry function `exported_entry_veneer3' disappeared from secure code.
+.*: Veneer for entry function `exported_entry_veneer3' before veneer section start.
+.*: Veneer for entry function `exported_entry_veneer2' before veneer section start.
+.*: cannot size stub section: Invalid operation
diff --git a/ld/testsuite/ld-arm/cmse-new-wrong-implib.out b/ld/testsuite/ld-arm/cmse-new-wrong-implib.out
new file mode 100644
index 0000000..95733b2
--- /dev/null
+++ b/ld/testsuite/ld-arm/cmse-new-wrong-implib.out
@@ -0,0 +1,4 @@
+.*: Entry function `exported_entry_veneer3' disappeared from secure code.
+.*: .*: visibility of symbol `exported_entry_veneer2' has changed.
+.*: `exported_entry_fct2' refers to a non entry function.
+.*: cannot size stub section: Invalid operation


The patch doesn't show any regression when running the binutils-gdb testsuite for the arm-none-eabi target.

Any comments?

Best regards,

Thomas


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]