[v4,17/22] aarch64: Handle GCS marking

Message ID 20241129163721.2385847-18-yury.khrustalev@arm.com
State Under Review
Delegated to: Carlos O'Donell
Headers
Series aarch64: Add support for Guarded Control Stack extension |

Checks

Context Check Description
redhat-pt-bot/TryBot-apply_patch success Patch applied to master at the time it was sent
linaro-tcwg-bot/tcwg_glibc_build--master-aarch64 success Build passed
linaro-tcwg-bot/tcwg_glibc_check--master-aarch64 success Test passed
linaro-tcwg-bot/tcwg_glibc_build--master-arm success Build passed
linaro-tcwg-bot/tcwg_glibc_check--master-arm success Test passed

Commit Message

Yury Khrustalev Nov. 29, 2024, 4:37 p.m. UTC
  From: Szabolcs Nagy <szabolcs.nagy@arm.com>

 - Handle GCS marking
 - Use l_searchlist.r_list for gcs (allows using the
   same function for static exe)
---
 sysdeps/aarch64/Makefile  |  4 ++-
 sysdeps/aarch64/dl-gcs.c  | 59 +++++++++++++++++++++++++++++++++++++++
 sysdeps/aarch64/dl-prop.h | 15 ++++++----
 sysdeps/aarch64/linkmap.h |  1 +
 4 files changed, 73 insertions(+), 6 deletions(-)
 create mode 100644 sysdeps/aarch64/dl-gcs.c
  

Patch

diff --git a/sysdeps/aarch64/Makefile b/sysdeps/aarch64/Makefile
index ca8b96f550..74479604f2 100644
--- a/sysdeps/aarch64/Makefile
+++ b/sysdeps/aarch64/Makefile
@@ -9,7 +9,9 @@  LDFLAGS-rtld += -Wl,-z,force-bti,--fatal-warnings
 endif
 
 ifeq ($(subdir),elf)
-sysdep-dl-routines += dl-bti
+sysdep-dl-routines += \
+  dl-bti \
+  dl-gcs
 
 tests += tst-audit26 \
 	 tst-audit27
diff --git a/sysdeps/aarch64/dl-gcs.c b/sysdeps/aarch64/dl-gcs.c
new file mode 100644
index 0000000000..764b8a56e9
--- /dev/null
+++ b/sysdeps/aarch64/dl-gcs.c
@@ -0,0 +1,59 @@ 
+/* AArch64 GCS functions.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <unistd.h>
+#include <errno.h>
+#include <libintl.h>
+#include <ldsodefs.h>
+
+static void
+fail (struct link_map *l, const char *program)
+{
+  if (program)
+    _dl_fatal_printf ("%s: %s: not GCS compatible\n", program, l->l_name);
+  else
+    _dl_signal_error (0, l->l_name, "dlopen", N_("not GCS compatible"));
+}
+
+static void
+check_gcs (struct link_map *l, const char *program)
+{
+  if (!l->l_mach.gcs)
+    {
+      if (GLRO(dl_aarch64_gcs_policy) == 2 || !program)
+	fail (l, program);
+      if (GLRO(dl_aarch64_gcs_policy) == 1 && program)
+	GL(dl_aarch64_gcs) = 0;
+    }
+}
+
+/* Apply GCS policy for L and its dependencies.  */
+
+void
+_dl_gcs_check (struct link_map *l, const char *program)
+{
+  /* GCS is disabled.  */
+  if (GL(dl_aarch64_gcs) == 0)
+    return;
+  /* GCS marking is ignored.  */
+  if (GLRO(dl_aarch64_gcs_policy) == 0)
+    return;
+
+  check_gcs (l, program);
+  for (unsigned int i = 0; i < l->l_searchlist.r_nlist; i++)
+    check_gcs (l->l_searchlist.r_list[i], program);
+}
diff --git a/sysdeps/aarch64/dl-prop.h b/sysdeps/aarch64/dl-prop.h
index df05c0211d..72ac11aec0 100644
--- a/sysdeps/aarch64/dl-prop.h
+++ b/sysdeps/aarch64/dl-prop.h
@@ -24,16 +24,21 @@  extern void _dl_bti_protect (struct link_map *, int) attribute_hidden;
 extern void _dl_bti_check (struct link_map *, const char *)
     attribute_hidden;
 
+extern void _dl_gcs_check (struct link_map *, const char *)
+    attribute_hidden;
+
 static inline void __attribute__ ((always_inline))
 _rtld_main_check (struct link_map *m, const char *program)
 {
   _dl_bti_check (m, program);
+  _dl_gcs_check (m, program);
 }
 
 static inline void __attribute__ ((always_inline))
 _dl_open_check (struct link_map *m)
 {
   _dl_bti_check (m, NULL);
+  _dl_gcs_check (m, NULL);
 }
 
 static inline void __attribute__ ((always_inline))
@@ -45,10 +50,6 @@  static inline int
 _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type,
 			  uint32_t datasz, void *data)
 {
-  if (!GLRO(dl_aarch64_cpu_features).bti)
-    /* Skip note processing.  */
-    return 0;
-
   if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND)
     {
       /* Stop if the property note is ill-formed.  */
@@ -57,7 +58,11 @@  _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type,
 
       unsigned int feature_1 = *(unsigned int *) data;
       if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)
-	_dl_bti_protect (l, fd);
+	if (GLRO(dl_aarch64_cpu_features).bti)
+	  _dl_bti_protect (l, fd);
+
+      if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_GCS)
+	l->l_mach.gcs = 1;
 
       /* Stop if we processed the property note.  */
       return 0;
diff --git a/sysdeps/aarch64/linkmap.h b/sysdeps/aarch64/linkmap.h
index 56a63fc3dd..423fc0bd8e 100644
--- a/sysdeps/aarch64/linkmap.h
+++ b/sysdeps/aarch64/linkmap.h
@@ -23,4 +23,5 @@  struct link_map_machine
   ElfW(Addr) plt;	  /* Address of .plt */
   void *tlsdesc_table;	  /* Address of TLS descriptor hash table.  */
   bool bti_fail;	  /* Failed to enable Branch Target Identification.  */
+  bool gcs;		  /* Guarded Control Stack marking.  */
 };