Message ID | 20250103154141.47731-1-yury.khrustalev@arm.com (mailing list archive) |
---|---|
Headers |
Return-Path: <libc-alpha-bounces~patchwork=sourceware.org@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 79C20385841D for <patchwork@sourceware.org>; Fri, 3 Jan 2025 15:42:48 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 79C20385841D X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 7D07B3858D20 for <libc-alpha@sourceware.org>; Fri, 3 Jan 2025 15:41:50 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7D07B3858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7D07B3858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918910; cv=none; b=AUkpRVMYrTXTvKkIUhiYl8xWr+U/pv6q8WRAuAScmDFr8e/21C1YCFg9WvwCz+qb8xOZea2upmTACbv0aEw0kZE8WkXBB5in/stcZl0Cr1DYuF1R1/waYEJGN76TwHhcwtIKeWHKErEcz4bhCMkMXYnerf/USVZl7NCqwheWVLM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918910; c=relaxed/simple; bh=lNrmjrI78+7rJLd3Jsr4JZ1yki6w3QO3hW/4zxnOfY8=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=K8TYSYPaG69kVz7a/k4NIEQ3GNaqSZnxXd+4wtxfXQ3UaZtCFO7ephYTJS2cB8H/SAtduCwzCx1w0MjFPB55dRdLCIfuQ3e6GDgpIvVb/lJBJHe2K4v6J9TfQJhgB0ZLV48G6MfVG4FDnFKciLK2pvc9NJSMawAVWH9kECkRQiI= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7D07B3858D20 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5AC151480; Fri, 3 Jan 2025 07:42:18 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3EF3A3F6A8; Fri, 3 Jan 2025 07:41:49 -0800 (PST) From: Yury Khrustalev <yury.khrustalev@arm.com> To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 00/23] aarch64: Add support for Guarded Control Stack extension Date: Fri, 3 Jan 2025 15:41:18 +0000 Message-Id: <20250103154141.47731-1-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.3 required=5.0 tests=BAYES_00, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org |
Series |
aarch64: Add support for Guarded Control Stack extension
|
|
Message
Yury Khrustalev
Jan. 3, 2025, 3:41 p.m. UTC
This patch series adds support for the Guarded Control Stack extension [1] that allows to use shadow stacks on AArch64 systems with enabled GCS. This patch series includes: - Definition of jmp_buf offset for GCS - GCS support in longjmp, vfork, setcontext, makecontext - GCS support in static startup code and dynamic linker - Handling of GCS marking in dynamic binaries and DSOs - Handling of GCS marking in static binaries - Mark swapcontext with indirect_return - Reserved tunable names glibc.cpu.aarch64_gcs and glibc.cpu.aarch64_gcs_policy - Add generic hook for processing notes and properties in static executables GCS marking for binaries is specified in [2]. Regression tested on AArch64 and x86 and no regressions have been found. Also build-tested using build-many-glibcs.py and no regressions found. Applies to e9eea05986 in master. Any feedback is welcome and appreciated. Sources and branches: - binutils-gdb: sourceware.org/git/binutils-gdb.git master - gcc: gcc.gnu.org/git/gcc.git master - glibc: this patch series - kernel: git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master Cross-building the toolchain for target aarch64-none-linux-gnu: - build and install binutils-gdb - build and install GCC stage 1 - install kernel headers - install glibc headers - build and install GCC stage 2 configuring with --enable-standard-branch-protection - build and install glibc - build and install GCC stage 3 along with target libraries configuring with --enable-standard-branch-protection FVP model provided by the Shrinkwrap tool [3] can be used for testing. To enable GCS, run tests with environment variable: GLIBC_TUNABLES=glibc.cpu.aarch64_gcs=1:glibc.cpu.aarch64_gcs_policy=2 [1] https://developer.arm.com/documentation/ddi0487/ka/ (chapter D11) [2] https://github.com/ARM-software/abi-aa/blob/main/sysvabi64/sysvabi64.rst [3] https://git.gitlab.arm.com/tooling/shrinkwrap.git --- Changes in v7: - Rebased on recent master (required fix-up for one of the commits: is_rtld_link_map). - Added check for incorrect tunable value for glibc.cpu.aarch64_gcs_policy. - Updated copyright years. Link to v6: https://inbox.sourceware.org/libc-alpha/20241212143749.767747-1-yury.khrustalev@arm.com/ Changes in v6: - Changed how notes and properties are processed for static executables. - Fixed vfork() comment. - Fixed error message formatting for GCS errors for static executables. - Fixed ARCH_THREAD_FREERES macro to avoid #ifdef-s. - Rebased on recent master. Link to v5: https://inbox.sourceware.org/libc-alpha/20241206132952.2410680-1-yury.khrustalev@arm.com/ Changes in v5: - Reworked patch series to exclude exporting new public header constants. - Fixed minor style issues. - Added reserved names for new Glibc tunables to the manual. - GCS tunables are now using internally defined HWCAP_GCS unless it is already defined. - vfork() does not clear x30 before "returning" to child any more as this would be unnecessary in most cases but might create some undocumented "de facto" ABI. Link to v4: https://inbox.sourceware.org/libc-alpha/20241129163721.2385847-1-yury.khrustalev@arm.com/ Changes in v4: - Merged patches 17 and 18 from v3 series. - Amended tests that would fail if executed on a system with GCS. Link to v3: https://inbox.sourceware.org/libc-alpha/20241023083920.466015-1-yury.khrustalev@arm.com/ --- Szabolcs Nagy (20): aarch64: Add asm helpers for GCS elf.h: Define GNU_PROPERTY_AARCH64_FEATURE_1_GCS aarch64: Define jmp_buf offset for GCS aarch64: Add GCS support to longjmp aarch64: Add GCS support to vfork aarch64: Add GCS support for setcontext aarch64: Mark swapcontext with indirect_return aarch64: Add GCS support for makecontext aarch64: Try to free the GCS of makecontext aarch64: Add glibc.cpu.aarch64_gcs tunable aarch64: Enable GCS in static linked exe aarch64: Enable GCS in dynamic linked exe aarch64: Mark objects with GCS property note aarch64: Add glibc.cpu.aarch64_gcs_policy tunable aarch64: Use l_searchlist.r_list for bti aarch64: Handle GCS marking aarch64: Ignore GCS property of ld.so aarch64: Process gnu properties in static exe aarch64: Add GCS user-space allocation logic aarch64: Use __alloc_gcs in makecontext Yury Khrustalev (3): manual: Add glibc.cpu.aarch64_gcs tunable manual: Add glibc.cpu.aarch64_gcs_policy tunable aarch64: Fix tests not compatible with targets supporting GCS csu/libc-start.c | 12 +++ elf/elf.h | 1 + elf/tst-asm-helper.h | 49 ++++++++++ elf/tst-big-note-lib.S | 2 + elf/tst-ro-dynamic-mod.map | 7 +- include/set-freeres.h | 2 + malloc/thread-freeres.c | 9 ++ manual/tunables.texi | 12 +++ sysdeps/aarch64/Makefile | 11 ++- sysdeps/aarch64/__alloc_gcs.c | 66 +++++++++++++ sysdeps/aarch64/__longjmp.S | 30 ++++++ sysdeps/aarch64/aarch64-gcs.h | 28 ++++++ sysdeps/aarch64/bits/indirect-return.h | 36 +++++++ sysdeps/aarch64/dl-bti.c | 5 +- sysdeps/aarch64/dl-gcs.c | 76 +++++++++++++++ sysdeps/aarch64/dl-prop.h | 15 ++- sysdeps/aarch64/dl-start.S | 25 ++++- sysdeps/aarch64/dl-tunables.list | 10 ++ sysdeps/aarch64/jmpbuf-offsets.h | 62 ++++++++++++ sysdeps/aarch64/linkmap.h | 1 + sysdeps/aarch64/rtld-global-offsets.sym | 5 + sysdeps/aarch64/setjmp.S | 10 ++ sysdeps/aarch64/sysdep.h | 12 ++- sysdeps/aarch64/tst-vpcs-mod.S | 4 +- sysdeps/generic/libc-start.h | 1 + .../unix/sysv/linux/aarch64/cpu-features.c | 13 +++ sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c | 13 +++ .../unix/sysv/linux/aarch64/dl-procruntime.c | 37 +++++++ sysdeps/unix/sysv/linux/aarch64/getcontext.S | 17 +++- sysdeps/unix/sysv/linux/aarch64/libc-start.h | 65 +++++++++++++ sysdeps/unix/sysv/linux/aarch64/makecontext.c | 97 ++++++++++++++++++- sysdeps/unix/sysv/linux/aarch64/setcontext.S | 57 ++++++++++- sysdeps/unix/sysv/linux/aarch64/swapcontext.S | 32 ++++-- sysdeps/unix/sysv/linux/aarch64/sysdep.h | 6 +- .../sysv/linux/aarch64/ucontext-internal.h | 5 + sysdeps/unix/sysv/linux/aarch64/vfork.S | 7 +- 36 files changed, 806 insertions(+), 34 deletions(-) create mode 100644 elf/tst-asm-helper.h create mode 100644 sysdeps/aarch64/__alloc_gcs.c create mode 100644 sysdeps/aarch64/aarch64-gcs.h create mode 100644 sysdeps/aarch64/bits/indirect-return.h create mode 100644 sysdeps/aarch64/dl-gcs.c create mode 100644 sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c create mode 100644 sysdeps/unix/sysv/linux/aarch64/libc-start.h
Comments
Hi Adhemerval, On Fri, Jan 03, 2025 at 03:41:18PM +0000, Yury Khrustalev wrote: > This patch series adds support for the Guarded Control Stack extension [1] that > allows to use shadow stacks on AArch64 systems with enabled GCS. Thank you for taking time to review v7 series. I've addressed your comments in the v8 series [1]. I would appreciate if you could review v8 patches 8-11, 13 and 15. I hope in its current state the series looks good for merging it. [1] https://inbox.sourceware.org/libc-alpha/20250114160328.2031684-1-yury.khrustalev@arm.com/ Kind regards, Yury