https://gcc.gnu.org/bugzilla/show_bug.cgi?id=105817
Bug ID: 105817
Summary: outline kernel-address sanitizer doesn't save
callee-saved register properly on AArch64
Product: gcc
Version: 11.2.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: sanitizer
Assignee: unassigned at gcc dot gnu.org
Reporter: tonnyl at nvidia dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at
gcc dot gnu.org
Target Milestone: ---
We are using Arm GNU Toolchain Version 11.2-2022.02 (distributed by ARM).
The source code snippet is below:
#include <stdint.h>
int foo(unsigned int *result)
{
register uint64_t r0 asm("x0");
register uint64_t r1 asm("x1");
asm("hvc %2"
: "=r"(r0), "=r"(r1)
: "i"(0)
: "x2", "x3", "x4", "x5", "x6", "x7", "x8", "x9", "x10", "x11",
"x12", "x13", "x14", "x15", "x16", "x17");
*result = r1;
return (int)r0;
}
And the compiling command is:
aarch64-none-linux-gnu-gcc -c -O1 -fno-omit-frame-pointer
-fsanitize=kernel-address snippet.c
Then disassemble the code:
aarch64-linux-objdump -d snippet.o
snippet.o: file format elf64-littleaarch64
Disassembly of section .text:
0000000000000000 <foo>:
0: a9be7bfd stp x29, x30, [sp, #-32]!
4: 910003fd mov x29, sp
8: a90153f3 stp x19, x20, [sp, #16]
c: aa0003f3 mov x19, x0
10: d4000002 hvc #0x0
14: aa0103f4 mov x20, x1
18: aa1303e0 mov x0, x19
1c: 94000000 bl 0 <__asan_store4_noabort>
20: b9000274 str w20, [x19]
24: 2a1303e0 mov w0, w19
28: a94153f3 ldp x19, x20, [sp, #16]
2c: a8c27bfd ldp x29, x30, [sp], #32
30: d65f03c0 ret
The problem is:
* the inline asm outputs on x0 and x1
* this function returns the value in x0
* before invocation of __asan_store4_noabort, the instrumented instructions
*only save x1 and overwrite x0*
* this causes semantic difference between before/after instrumentation
