Message ID | 20241023083920.466015-1-yury.khrustalev@arm.com |
---|---|
Headers |
Return-Path: <libc-alpha-bounces~patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 787DC3858C42 for <patchwork@sourceware.org>; Wed, 23 Oct 2024 08:40:22 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 9A9F63858D28 for <libc-alpha@sourceware.org>; Wed, 23 Oct 2024 08:39:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9A9F63858D28 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9A9F63858D28 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729672796; cv=none; b=RoZHgzogiKEvMK+MPgpmSX1Bimi9rD+f8upy3NpqndBWEvJ4E1SwpYiek4PhPs/6w7OaVgzYfRzSXwuRlBR1Uuh1szxuu35seExXlw8XIAdmRtUxVx4Ul1tNIgMl2fCFzkSHtGodYeEXLLzSi27kZ0O88vtJCDIBIh/CM7tYI2k= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1729672796; c=relaxed/simple; bh=1CoTNt8DnPJut/S7vKfk8guEfHl5JFyWlwL0f5u81bY=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=rZTOqt+D9ZqYT81Gnb4rbmMpQWNKeCM72X3oxuJ04l9RJO1ZyTnd1DH6XKiXzlp1MPY1RVomtfeSyF4ZC10Lq9VzfQkRLWYV/tfU3D+hk/O0vtkae2eumGOn1jiHNsspxaGEKvb79c2bRkaHTnwvpTmZ7EQKVYb96jBatb52b+E= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EFD86339; Wed, 23 Oct 2024 01:40:23 -0700 (PDT) Received: from udebian.localdomain (unknown [10.1.39.30]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 947563F528; Wed, 23 Oct 2024 01:39:53 -0700 (PDT) From: Yury Khrustalev <yury.khrustalev@arm.com> To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org Subject: [PATCH v3 00/23] aarch64: Add support for Guarded Control Stack extension Date: Wed, 23 Oct 2024 09:38:57 +0100 Message-Id: <20241023083920.466015-1-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org |
Series |
aarch64: Add support for Guarded Control Stack extension
|
|
Message
Yury Khrustalev
Oct. 23, 2024, 8:38 a.m. UTC
This patch series adds support for the Guarded Control Stack extension [1] that allows to use shadow stacks on AArch64 systems with enabled GCS. This patch series includes: - New tunables glibc.cpu.aarch64_gcs and glibc.cpu.aarch64_gcs_policy - Definition of jmp_buf offset for GCS - GCS support in longjmp, vfork, setcontext, makecontext - GCS support in static startup code and dynamic linker - Handling of GCS marking in dynamic binaries and DSOs - Handling of GCS marking in static binaries - Mark swapcontext with indirect_return - HWCAP_GCS Corresponding Linux kernel patches [2] are in progress but are very close to stable ABI. GCS marking for binaries is specified in [3]. Regression tested on AArch64 and no regressions have been found. Any feedback is welcome and appreciated. Sources and branches: - binutils-gdb: sourceware.org/git/binutils-gdb.git users/ARM/gcs - gcc: gcc.gnu.org/git/gcc.git vendors/ARM/gcs-v3 see https://gcc.gnu.org/gitwrite.html#vendor for setup details - glibc: this patch series, or sourceware.org/git/glibc.git arm/gcs-v2 - kernel: git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/gcs Cross-building the toolchain for target aarch64-none-linux-gnu: - build and install binutils-gdb - build and install GCC stage 1 - install kernel headers - install glibc headers - build and install GCC stage 2 configuring with --enable-standard-branch-protection - build and install glibc - build and install GCC stage 3 along with target libraries configuring with --enable-standard-branch-protection FVP model provided by the Shrinkwrap tool [4] can be used for testing. Run tests with environment var GLIBC_TUNABLES=glibc.cpu.aarch64_gcs=1:glibc.cpu.aarch64_gcs_policy=2 By default both tunables are 0, the meaning is: - glibc.cpu.aarch64_gcs_policy=0: GCS is enabled if glibc.cpu.aarch64_gcs is set - glibc.cpu.aarch64_gcs_policy=1: GCS is enabled if glibc.cpu.aarch64_gcs is set and binary is marked if GCS is enabled, an incompatible dlopen is an error - glibc.cpu.aarch64_gcs_policy=2: GCS is enabled if glibc.cpu.aarch64_gcs is set if GCS is enabled, any incompatible binary is an error [1] https://developer.arm.com/documentation/ddi0487/ka/ (chapter D11) [2] https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git for-next/gcs [3] https://github.com/ARM-software/abi-aa/blob/main/sysvabi64/sysvabi64.rst [4] https://git.gitlab.arm.com/tooling/shrinkwrap.git --- Szabolcs Nagy (23): aarch64: Add HWCAP_GCS aarch64: Add asm helpers for GCS elf.h: Define GNU_PROPERTY_AARCH64_FEATURE_1_GCS aarch64: Define jmp_buf offset for GCS aarch64: Add GCS support to longjmp aarch64: Add GCS support to vfork aarch64: Add GCS support for setcontext aarch64: Mark swapcontext with indirect_return aarch64: Add GCS support for makecontext aarch64: Try to free the GCS of makecontext aarch64: Add glibc.cpu.aarch64_gcs tunable aarch64: Enable GCS in static linked exe aarch64: Enable GCS in dynamic linked exe aarch64: Mark objects with GCS property note aarch64: Add glibc.cpu.aarch64_gcs_policy aarch64: Use l_searchlist.r_list for bti aarch64: Handle gcs marking aarch64: Use l_searchlist.r_list for gcs aarch64: Ignore GCS property of ld.so aarch64: Process gnu properties in static exe aarch64: Add GCS user-space allocation logic aarch64: use __alloc_gcs in makecontext doc: Add plain text readme for using GCS README | 68 +++++++++++++ elf/elf.h | 1 + include/set-freeres.h | 4 + malloc/thread-freeres.c | 3 + sysdeps/aarch64/Makefile | 11 ++- sysdeps/aarch64/__alloc_gcs.c | 66 +++++++++++++ sysdeps/aarch64/__longjmp.S | 30 ++++++ sysdeps/aarch64/aarch64-gcs.h | 36 +++++++ sysdeps/aarch64/bits/indirect-return.h | 36 +++++++ sysdeps/aarch64/dl-bti.c | 5 +- sysdeps/aarch64/dl-gcs.c | 64 ++++++++++++ sysdeps/aarch64/dl-prop.h | 15 ++- sysdeps/aarch64/dl-start.S | 23 ++++- sysdeps/aarch64/dl-tunables.list | 10 ++ sysdeps/aarch64/jmpbuf-offsets.h | 63 ++++++++++++ sysdeps/aarch64/linkmap.h | 1 + sysdeps/aarch64/rtld-global-offsets.sym | 5 + sysdeps/aarch64/setjmp.S | 10 ++ sysdeps/aarch64/sysdep.h | 12 ++- sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h | 1 + .../unix/sysv/linux/aarch64/cpu-features.c | 9 ++ sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c | 13 +++ .../unix/sysv/linux/aarch64/dl-procruntime.c | 37 +++++++ sysdeps/unix/sysv/linux/aarch64/getcontext.S | 17 +++- sysdeps/unix/sysv/linux/aarch64/libc-start.h | 61 ++++++++++++ sysdeps/unix/sysv/linux/aarch64/makecontext.c | 97 ++++++++++++++++++- sysdeps/unix/sysv/linux/aarch64/setcontext.S | 57 ++++++++++- sysdeps/unix/sysv/linux/aarch64/swapcontext.S | 32 ++++-- sysdeps/unix/sysv/linux/aarch64/sysdep.h | 6 +- .../sysv/linux/aarch64/ucontext-internal.h | 5 + sysdeps/unix/sysv/linux/aarch64/vfork.S | 8 +- 31 files changed, 777 insertions(+), 29 deletions(-) create mode 100644 sysdeps/aarch64/__alloc_gcs.c create mode 100644 sysdeps/aarch64/aarch64-gcs.h create mode 100644 sysdeps/aarch64/bits/indirect-return.h create mode 100644 sysdeps/aarch64/dl-gcs.c create mode 100644 sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c create mode 100644 sysdeps/unix/sysv/linux/aarch64/libc-start.h