From: Szabolcs Nagy <szabolcs.nagy@arm.com>
- Handle GCS marking
- Use l_searchlist.r_list for gcs (allows using the
same function for static exe)
---
sysdeps/aarch64/Makefile | 4 ++-
sysdeps/aarch64/dl-gcs.c | 59 +++++++++++++++++++++++++++++++++++++++
sysdeps/aarch64/dl-prop.h | 15 ++++++----
sysdeps/aarch64/linkmap.h | 1 +
4 files changed, 73 insertions(+), 6 deletions(-)
create mode 100644 sysdeps/aarch64/dl-gcs.c
@@ -9,7 +9,9 @@ LDFLAGS-rtld += -Wl,-z,force-bti,--fatal-warnings
endif
ifeq ($(subdir),elf)
-sysdep-dl-routines += dl-bti
+sysdep-dl-routines += \
+ dl-bti \
+ dl-gcs
tests += tst-audit26 \
tst-audit27
new file mode 100644
@@ -0,0 +1,59 @@
+/* AArch64 GCS functions.
+ Copyright (C) 2024 Free Software Foundation, Inc.
+
+ The GNU C Library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
+
+ The GNU C Library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <https://www.gnu.org/licenses/>. */
+
+#include <unistd.h>
+#include <errno.h>
+#include <libintl.h>
+#include <ldsodefs.h>
+
+static void
+fail (struct link_map *l, const char *program)
+{
+ if (program)
+ _dl_fatal_printf ("%s: %s: not GCS compatible\n", program, l->l_name);
+ else
+ _dl_signal_error (0, l->l_name, "dlopen", N_("not GCS compatible"));
+}
+
+static void
+check_gcs (struct link_map *l, const char *program)
+{
+ if (!l->l_mach.gcs)
+ {
+ if (GLRO(dl_aarch64_gcs_policy) == 2 || !program)
+ fail (l, program);
+ if (GLRO(dl_aarch64_gcs_policy) == 1 && program)
+ GL(dl_aarch64_gcs) = 0;
+ }
+}
+
+/* Apply GCS policy for L and its dependencies. */
+
+void
+_dl_gcs_check (struct link_map *l, const char *program)
+{
+ /* GCS is disabled. */
+ if (GL(dl_aarch64_gcs) == 0)
+ return;
+ /* GCS marking is ignored. */
+ if (GLRO(dl_aarch64_gcs_policy) == 0)
+ return;
+
+ check_gcs (l, program);
+ for (unsigned int i = 0; i < l->l_searchlist.r_nlist; i++)
+ check_gcs (l->l_searchlist.r_list[i], program);
+}
@@ -24,16 +24,21 @@ extern void _dl_bti_protect (struct link_map *, int) attribute_hidden;
extern void _dl_bti_check (struct link_map *, const char *)
attribute_hidden;
+extern void _dl_gcs_check (struct link_map *, const char *)
+ attribute_hidden;
+
static inline void __attribute__ ((always_inline))
_rtld_main_check (struct link_map *m, const char *program)
{
_dl_bti_check (m, program);
+ _dl_gcs_check (m, program);
}
static inline void __attribute__ ((always_inline))
_dl_open_check (struct link_map *m)
{
_dl_bti_check (m, NULL);
+ _dl_gcs_check (m, NULL);
}
static inline void __attribute__ ((always_inline))
@@ -45,10 +50,6 @@ static inline int
_dl_process_gnu_property (struct link_map *l, int fd, uint32_t type,
uint32_t datasz, void *data)
{
- if (!GLRO(dl_aarch64_cpu_features).bti)
- /* Skip note processing. */
- return 0;
-
if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND)
{
/* Stop if the property note is ill-formed. */
@@ -57,7 +58,11 @@ _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type,
unsigned int feature_1 = *(unsigned int *) data;
if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)
- _dl_bti_protect (l, fd);
+ if (GLRO(dl_aarch64_cpu_features).bti)
+ _dl_bti_protect (l, fd);
+
+ if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_GCS)
+ l->l_mach.gcs = 1;
/* Stop if we processed the property note. */
return 0;
@@ -23,4 +23,5 @@ struct link_map_machine
ElfW(Addr) plt; /* Address of .plt */
void *tlsdesc_table; /* Address of TLS descriptor hash table. */
bool bti_fail; /* Failed to enable Branch Target Identification. */
+ bool gcs; /* Guarded Control Stack marking. */
};