Updated stack-clash implementation supporting 64k probes.
This patch implements the use of the stack clash mitigation for aarch64.
In Aarch64 we expect both the probing interval and the guard size to be 64KB
and we enforce them to always be equal.
We also probe up by 1024 bytes in the general case when a probe is required.
AArch64 has the following probing conditions:
1a) Any initial adjustment less than 63KB requires no probing. An ABI defined
safe buffer of 1Kbytes is used and a page size of 64k is assumed.
b) Any final adjustment residual requires a probe at SP + 1KB.
We know this to be safe since you would have done at least one page worth
of allocations already to get to that point.
c) Any final adjustment more than remainder (total allocation amount) larger
than 1K - LR offset requires a probe at SP.
safe buffer mentioned in 1a is maintained by the storing of FP/LR.
In the case of -fomit-frame-pointer we can still count on LR being stored
if the function makes a call, even if it's a tail call. The AArch64 frame
layout code guarantees this and tests have been added to check against
this particular case.
2) Any allocations larger than 1 page size, is done in increments of page size
and probed up by 1KB leaving the residuals.
3a) Any residual for initial adjustment that is less than guard-size - 1KB
requires no probing. Essentially this is a sliding window. The probing
range determines the ABI safe buffer, and the amount to be probed up.
Incrementally allocating less than the probing thresholds, e.g. recursive functions will
not be an issue as the storing of LR counts as a probe.
+-------------------+
| ABI SAFE REGION |
+------------------------------
| | |
| | |
| | |
| | |
| | |
| | |
maximum amount | | |
not needing a | | |
probe | | |
| | |
| | |
| | |
| | | Probe offset when
| ---------------------------- probe is required
| | |
+-------- +-------------------+ -------- Point of first probe
| ABI SAFE REGION |
---------------------
| |
| |
| |
Bootstrapped Regtested on aarch64-none-linux-gnu and no issues.
Target was tested with stack clash on and off by default.
GLIBC testsuite also ran with stack clash on by default and no new
regressions.
Co-Authored-By: Richard Sandiford <richard.sandiford@linaro.org>
Co-Authored-By: Tamar Christina <tamar.christina@arm.com>
From-SVN: r264747
projects / gcc.git / commit