From patchwork Fri Mar 27 17:44:23 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 132387 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id 15F984BA900F for ; Fri, 27 Mar 2026 17:45:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 15F984BA900F Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=FT5Qs+Rx X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-ua1-x930.google.com (mail-ua1-x930.google.com [IPv6:2607:f8b0:4864:20::930]) by sourceware.org (Postfix) with ESMTPS id 94D7C4BA9034 for ; Fri, 27 Mar 2026 17:44:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 94D7C4BA9034 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 94D7C4BA9034 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::930 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1774633480; cv=none; b=msCoxu7mWN5euWwKlDriiOc2DA6crOaAySqt/dVAH+vyBF/2R5hlUX9RfRouTzhEM5UaqewUOew6KjqGVUHXRhOtRhm0kKig6w1GTUH9aHK8mISWMmUgEztki5k1eSDw0dSrmkGbjOVp9Nevt3Ympm8zsdY+uXN4t4EmRLw1Haw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1774633480; c=relaxed/simple; bh=13SveF37yptrmaumg0KvcZkRRBbv196+7WE1hEXD/Mw=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=fscvXuN+13wiEoSIw/35h4N5aje3/ywC04doIHZFKx1z+aF3PsmSyk5jZ5viP9U3hFlBoNDEFfRQtoGcJGrq76MAK0MRV00WK1QTVyvpj/ZWeV3ZqWtvF2mMlhvmu6YASCdUYUVFn+xIqhrbSRVZlBNPJ+Ul/su63Uy/EfdGbts= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 94D7C4BA9034 Received: by mail-ua1-x930.google.com with SMTP id a1e0cc1a2514c-950b77942deso753644241.1 for ; Fri, 27 Mar 2026 10:44:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1774633480; x=1775238280; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=v3Xf+e76qSjKDSVavrqFclRq0Uio7B9FvsbuNEsCC+Q=; b=FT5Qs+Rx0MjKjMI9cMmTiqmOrMuBNAC308vk67ruucCGrLA5gLpRSmMFQXxju4uHIY r4KFPsF5Mf9Ef1oosTxNrmVZ3IoRzigV9T94dGsku8bwaPQX0AkODydSG0UWT2IauJmC 2YFAlo8RVWNcvt36nbIvMHFqiigxBpCV/T4K/ktWjMDo+0ldRBnRW85N6aVPbjC1V6vA 59Yti67BZQOvA16nb3xbKpHMojTDAYxHNd4eLW+bFQXVuXRjM53ufDXWnsMVzAhkt5nu xH4m1afXmXRy4RS9sqkB7bcTLEOJb8UURkRQLnWmo5FdKtGS7wFdguoc1a2wNnja5AsM xzRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774633480; x=1775238280; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=v3Xf+e76qSjKDSVavrqFclRq0Uio7B9FvsbuNEsCC+Q=; b=FxL+vK7lrXx314Or2I1XMGjC9pdFvK7FZWVxzDKRwJeRkt29pzANrci6klw/e8XUuI ZJE40RfybHvJBkZK5wGOwr3Ogb45Gqxyvvsf3pz+V1PvQZOo9UPl29P0EV8rgOBLRPJX A4ULjHkRyN638PyvldRYEzjt6D1VANH1TpqGsaIuStpV4iu0DDsyeTHsN+83xgEYkrfj qzmrux7sBskjGyzbl04mzoF7mpt1z48zvSV5fS/4ktjXTahf6ojyAMQRK/0LyakxSo5h AOeZngJ59h/CCXlsBcXLllsxeGuhqSvLYVOObJcOItgdO1U/pCM0zfsZSKXj3ZzOhFlF TY9g== X-Gm-Message-State: AOJu0Ywab/rA4ez6bBCAOum433ek9ncvEQ7+HMbGs+0/vNmddjkUjllh eDE39JD+QMCS36kEgEn+DmZtNieNnGSgBOUebv0A2Bse1STQcP6yWHLw9HdGegB4eXZ+ROJVg6h 8a6wG X-Gm-Gg: ATEYQzzSqADsQZyZHUfM5r0bA9SsbNRvGXDnV1Vw67i+RGT6LGlzsnDWLlPMJdvTor1 2yAA4tw+PrPab5YikY7/0yTuHYmpRX6lriDvyo6WpCllgmGCEi3Z7Rd0V5NEZcTUtrC1sdzxvqL HWYNBJR7UMyqSjnAD7ro71Mk7uoCZmZtVAmr6CgA3GmSYt2xJzYMeZNMzXK+Iv6fsqo6QbCcTtq sCM1dtHgw6K2A91ra08vZazb0nY7GKyvKoJZIdeACpTwF3otP4MzLbfbyxjVcbHeJ2ZcSJFcIIZ 6KB6VLI0L4H+5B6EQ7i/9PI4icSQXPjSAHy6sXHPAIZJGLgsi3kHZAr5L5+FsKtBblGHWJnWwLN fO7/MN4y12sF45I1d/b6+vWxFoTpFWUHPokEIJQxj/6RXJGzOaEMjENJGVOYL2Aze9IJbHbJj+f xBHJy8ulSqLFBoiTep6E+3wQjYrxYfLrnnSis= X-Received: by 2002:a05:6102:14a9:b0:5ff:b403:a36a with SMTP id ada2fe7eead31-604f90e55a3mr1563555137.16.1774633479402; Fri, 27 Mar 2026 10:44:39 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:90ea:62b5:ca73:a5e8:4825]) by smtp.gmail.com with ESMTPSA id a1e0cc1a2514c-951be56f28esm7578251241.10.2026.03.27.10.44.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Mar 2026 10:44:38 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Yury Khrustalev , Wilco Dijkstra Subject: [PATCH 1/2] aarch64: Convert GCS policy states to an enum Date: Fri, 27 Mar 2026 14:44:23 -0300 Message-ID: <20260327174434.2852296-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org This patch replaces the raw preprocessor macros used for GCS policies with a strictly typed 'aarch64_gcs_mode' enum. A new header, 'aarch64/dl-gcs.h', is introduced to centralize the GCS mode definitions and enforce internal mode typing. The '_dl_aarch64_gcs' variable is updated to the new 32-bit enum type, and dl-start.S is adjusted to load and test 32-bit w registers 64-bit ones. Checked on aarch64-linux-gnu. --- sysdeps/aarch64/dl-gcs.c | 25 +++--------- sysdeps/aarch64/dl-gcs.h | 38 +++++++++++++++++++ sysdeps/aarch64/dl-start.S | 6 +-- sysdeps/aarch64/ldsodefs.h | 1 + .../unix/sysv/linux/aarch64/dl-procruntime.c | 2 +- sysdeps/unix/sysv/linux/aarch64/libc-start.h | 2 +- 6 files changed, 50 insertions(+), 24 deletions(-) create mode 100644 sysdeps/aarch64/dl-gcs.h diff --git a/sysdeps/aarch64/dl-gcs.c b/sysdeps/aarch64/dl-gcs.c index 4961ad75eb..213ed01382 100644 --- a/sysdeps/aarch64/dl-gcs.c +++ b/sysdeps/aarch64/dl-gcs.c @@ -18,18 +18,6 @@ #include #include -/* GCS is disabled. */ -#define GCS_POLICY_DISABLED 0 - -/* Enable GCS, abort if unmarked binary is found. */ -#define GCS_POLICY_ENFORCED 1 - -/* Optionally enable GCS if all startup dependencies are marked. */ -#define GCS_POLICY_OPTIONAL 2 - -/* Override binary marking and always enabled GCS. */ -#define GCS_POLICY_OVERRIDE 3 - static void fail (struct link_map *l, const char *program) { @@ -96,7 +84,7 @@ check_gcs (struct link_map *l, const char *program, bool enforced, /* Binary is not marked but GSC is optional: disable GCS. */ else { - GL(dl_aarch64_gcs) = 0; + GL(dl_aarch64_gcs) = AARCH64_GCS_POLICY_DISABLED; return false; } __builtin_unreachable (); @@ -124,16 +112,15 @@ check_gcs_depends (struct link_map *l, const char *program, bool enforced, void _dl_gcs_check (struct link_map *l, const char *program, int dlopen_mode) { - unsigned long policy = GL (dl_aarch64_gcs); - switch (policy) + switch (GL(dl_aarch64_gcs)) { - case GCS_POLICY_DISABLED: - case GCS_POLICY_OVERRIDE: + case AARCH64_GCS_POLICY_DISABLED: + case AARCH64_GCS_POLICY_OVERRIDE: return; - case GCS_POLICY_ENFORCED: + case AARCH64_GCS_POLICY_ENFORCED: check_gcs_depends (l, program, true, dlopen_mode); return; - case GCS_POLICY_OPTIONAL: + case AARCH64_GCS_POLICY_OPTIONAL: check_gcs_depends (l, program, false, dlopen_mode); return; default: diff --git a/sysdeps/aarch64/dl-gcs.h b/sysdeps/aarch64/dl-gcs.h new file mode 100644 index 0000000000..bee3c94432 --- /dev/null +++ b/sysdeps/aarch64/dl-gcs.h @@ -0,0 +1,38 @@ +/* Internal AArch64 GCS definitions. + Copyright (C) 2026 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_GCS_H +#define _DL_GCS_H + +#include + +typedef enum +{ + /* GCS is disabled. */ + AARCH64_GCS_POLICY_DISABLED = 0, + /* Enable GCS, abort if unmarked binary is found. */ + AARCH64_GCS_POLICY_ENFORCED = 1, + /* Optionally enable GCS if all startup dependencies are marked. */ + AARCH64_GCS_POLICY_OPTIONAL = 2, + /* Override binary marking and always enabled GCS. */ + AARCH64_GCS_POLICY_OVERRIDE = 3 +} aarch64_gcs_mode; + +/* dl-start.S assumes aarch64_gcs_mode is representable as uint32_t. */ +verify (sizeof (aarch64_gcs_mode) == 4); + +#endif diff --git a/sysdeps/aarch64/dl-start.S b/sysdeps/aarch64/dl-start.S index c278485cd3..78b30b709e 100644 --- a/sysdeps/aarch64/dl-start.S +++ b/sysdeps/aarch64/dl-start.S @@ -35,8 +35,8 @@ ENTRY (_start) /* Use GL(dl_aarch64_gcs) to set the shadow stack status. */ adrp x16, _rtld_local add x16, x16, :lo12:_rtld_local - ldr x22, [x16, GL_DL_AARCH64_GCS_OFFSET] - cbz x22, L(skip_gcs_enable) + ldr w22, [x16, GL_DL_AARCH64_GCS_OFFSET] + cbz w22, L(skip_gcs_enable) /* Enable GCS before user code runs. Note that IFUNC resolvers and LD_AUDIT hooks may run before, but should not create threads. */ @@ -53,7 +53,7 @@ ENTRY (_start) cbnz w0, L(failed_gcs_enable) /* Check if we need to lock GCS features. */ /* If the aarch64_gcs tunable is either 0 or 2 do not lock GCS. */ - tst x22, #-3 + tst w22, #-3 beq L(skip_gcs_enable) mov x0, PR_LOCK_SHADOW_STACK_STATUS /* Lock everything including future operations. */ diff --git a/sysdeps/aarch64/ldsodefs.h b/sysdeps/aarch64/ldsodefs.h index 03b35ce20a..d29569593a 100644 --- a/sysdeps/aarch64/ldsodefs.h +++ b/sysdeps/aarch64/ldsodefs.h @@ -21,6 +21,7 @@ #include #include +#include struct La_aarch64_regs; struct La_aarch64_retval; diff --git a/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c b/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c index 1f3b58d0fc..d49bb6cf5d 100644 --- a/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c +++ b/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c @@ -24,7 +24,7 @@ # if !defined PROCINFO_DECL && defined SHARED ._dl_aarch64_gcs # else -PROCINFO_CLASS unsigned long _dl_aarch64_gcs +PROCINFO_CLASS aarch64_gcs_mode _dl_aarch64_gcs # endif # ifndef PROCINFO_DECL = 0 diff --git a/sysdeps/unix/sysv/linux/aarch64/libc-start.h b/sysdeps/unix/sysv/linux/aarch64/libc-start.h index 4ccd13741b..293c8a90b2 100644 --- a/sysdeps/unix/sysv/linux/aarch64/libc-start.h +++ b/sysdeps/unix/sysv/linux/aarch64/libc-start.h @@ -54,7 +54,7 @@ aarch64_libc_setup_tls (void) _rtld_main_check (main_map, _dl_argv[0]); - uint64_t gcs = GL (dl_aarch64_gcs); + aarch64_gcs_mode gcs = GL(dl_aarch64_gcs); if (gcs != GCS_POLICY_DISABLED) { int ret;