From patchwork Fri Nov 29 16:37:00 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102138 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CA08E3858C31 for ; Fri, 29 Nov 2024 16:38:08 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 861353858CD9 for ; Fri, 29 Nov 2024 16:37:36 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 861353858CD9 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 861353858CD9 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898256; cv=none; b=r/XLAVB21jbDKxq8kuS/EoLzaIE6P5L9/ByXa9TFD/LSmAZcgiTBo4GS2RowI0IX2klGTLIgk31TM9xtjpt24SK1Ro5oWxz6hLBBNZ/K4BSGZTOCQnJLYM0hbigvjZFEQlR+490Sy3+LXPXoxNrgkh4BcqBrl6oJ+rn6U0KAwr0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898256; c=relaxed/simple; bh=cI3VTuLF9VSvhtsHbF4OSXDetvMdIXE+CvLxmWljS+s=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=qimbGzZNclfU833/rVZOWdI67NrfZ/8YMgNfGj2g/z79nmVmQ1V9Xv3medzhuCwUjzQs/5avELozeN3o+c6yL5HTutFhMhHGrKN0aIVNCDc/ngI72gYtnHMaBTw3FlKQqcCN+tUtBGro4aPBf9G1eCSW6F6b7d6n3kuX9pR05y8= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C46A312FC; Fri, 29 Nov 2024 08:38:05 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 4E11C3F5A1; Fri, 29 Nov 2024 08:37:35 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 01/22] aarch64: Add HWCAP_GCS Date: Fri, 29 Nov 2024 16:37:00 +0000 Message-Id: <20241129163721.2385847-2-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Use upper 32 bits of HWCAP. --- sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h | 1 + 1 file changed, 1 insertion(+) diff --git a/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h b/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h index 2fa158fcc0..47836eb414 100644 --- a/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h +++ b/sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h @@ -54,6 +54,7 @@ #define HWCAP_SB (1 << 29) #define HWCAP_PACA (1 << 30) #define HWCAP_PACG (1UL << 31) +#define HWCAP_GCS (1UL << 32) #define HWCAP2_DCPODP (1 << 0) #define HWCAP2_SVE2 (1 << 1) From patchwork Fri Nov 29 16:37:01 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102149 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8379E3858404 for ; Fri, 29 Nov 2024 16:42:08 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8379E3858404 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 399013858D39 for ; Fri, 29 Nov 2024 16:37:44 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 399013858D39 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 399013858D39 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898264; cv=none; b=sy4okWsYfRAUwnF2I0OFhkfO1jzv24wwiR+qiM1klNvKP8LaOhLR+mlMachl6iEzYbXrYG5MURqUK2I8J8+4pB9HSFTxb0uAfWrSzt+Iv24Bw9FH8ibwyA0bhNbQxQZdXvv6ee5Ex+heI2iYGdUiNN4WzIV8aGCx9pSH7acCjJA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898264; c=relaxed/simple; bh=XmgfFpWY/RBQCwbEzagDnN6jiag+6zt5EChv6hSEumk=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=trrnYSQifkGZUxqRzcwMS9YDW/fZYXWycLfCuCw7hBsTYr7SeEoFDHqVu4iPFl/AD7FqfL+PYXQwjz4snIet9Pli4xttmure+4O0Vn82t1fTmJy6UvLm5swSecQxiA4W1qOkVqz3V/Su750/4NwxTMxII2fomILUFxiKINyyE/Y= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5CDF312FC; Fri, 29 Nov 2024 08:38:11 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 05F853F5A1; Fri, 29 Nov 2024 08:37:40 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 02/22] aarch64: Add asm helpers for GCS Date: Fri, 29 Nov 2024 16:37:01 +0000 Message-Id: <20241129163721.2385847-3-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy The Guarded Control Stack instructions can be present even if the hardware does not support the extension (runtime checked feature), so the asm code should be backward compatible with old assemblers. Reviewed-by: Carlos O'Donell --- sysdeps/aarch64/sysdep.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sysdeps/aarch64/sysdep.h b/sysdeps/aarch64/sysdep.h index 464674e89c..661d9fe8c1 100644 --- a/sysdeps/aarch64/sysdep.h +++ b/sysdeps/aarch64/sysdep.h @@ -74,6 +74,13 @@ strip_pac (void *p) #define PACIASP hint 25 #define AUTIASP hint 29 +/* Guarded Control Stack support. */ +#define CHKFEAT_X16 hint 40 +#define MRS_GCSPR(x) mrs x, s3_3_c2_c5_1 +#define GCSPOPM(x) sysl x, #3, c7, c7, #1 +#define GCSSS1(x) sys #3, c7, c7, #2, x +#define GCSSS2(x) sysl x, #3, c7, c7, #3 + /* GNU_PROPERTY_AARCH64_* macros from elf.h for use in asm code. */ #define FEATURE_1_AND 0xc0000000 #define FEATURE_1_BTI 1 From patchwork Fri Nov 29 16:37:02 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102139 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id DA0B43858C52 for ; Fri, 29 Nov 2024 16:38:40 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DA0B43858C52 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 9F9023858C5F for ; Fri, 29 Nov 2024 16:37:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9F9023858C5F Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9F9023858C5F Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898268; cv=none; b=P1PYNEVjW03j1evTTopgN6EmsCJTf78it22+tYnLqmKAKBgQgaKEHZKvWPjhdFo6qQVO28jjPW93UnenSLALAjYIzHrT9zVX/KHni5m4F/iEQOQGcCyUMO0/YexKXblxtK8Dvp4MupAkI1B44qToeVItmN72QBpGykfZ3fvZ9Jw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898268; c=relaxed/simple; bh=almvxLNCLNePzePUIYPbiJ4IJxi8uURzggirX9JF8dM=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=Ktk4Sjibjv9d188asqNW78A+9r6RzG2fbVghZucuN2rtf3wgwTyX0zBKCr2poX+2H9OnvuLTBd+4uoqEiasyd9ehp6WfvQYtEYyjL2O47xgYu6HaiQf1Sp5kswiV28cLQd0+jw9n33eAYJWgGxvbk6CDTJShUJj3c64P7Rz6Qy0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DB58A1424; Fri, 29 Nov 2024 08:38:16 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 8496E3F5A1; Fri, 29 Nov 2024 08:37:46 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 03/22] elf.h: Define GNU_PROPERTY_AARCH64_FEATURE_1_GCS Date: Fri, 29 Nov 2024 16:37:02 +0000 Message-Id: <20241129163721.2385847-4-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Reviewed-by: Carlos O'Donell --- elf/elf.h | 1 + 1 file changed, 1 insertion(+) diff --git a/elf/elf.h b/elf/elf.h index 33aea7f743..970c3daaec 100644 --- a/elf/elf.h +++ b/elf/elf.h @@ -1389,6 +1389,7 @@ typedef struct #define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0) #define GNU_PROPERTY_AARCH64_FEATURE_1_PAC (1U << 1) +#define GNU_PROPERTY_AARCH64_FEATURE_1_GCS (1U << 2) /* The x86 instruction sets indicated by the corresponding bits are used in program. Their support in the hardware is optional. */ From patchwork Fri Nov 29 16:37:03 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102151 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9652B3858C3A for ; Fri, 29 Nov 2024 16:43:50 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9652B3858C3A X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id AD15C385840C for ; Fri, 29 Nov 2024 16:37:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AD15C385840C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org AD15C385840C Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898273; cv=none; b=I/tXWnVUKMTGYCesgD+g4n274dJADe072qQydZYuxmI+9j2EOUY1uOYItJO8Wy5wJ89b7O/3h4w95uVcLx2o7OPIAJQAK3ywUW/hiXn7mdfIzvl491z7JkcRB7xBFd/y4wo0ipnxzZSH/EBC16F2mimQq2qtf1Qxe9ltFwSWUp4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898273; c=relaxed/simple; bh=rcZgcUEx2HP55xMYHTg1ZE/3c/0PaA6vDeZ6t6iGtWQ=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=n2nluAjDC3DoqTRYFlHSAYbbLpi4OLmIk1TWSTmbjtaeP4u5kOxn53nLNm+6/i7Cn5HU9A8Gdoy5Od5grq4yqO2L/sFSF3fQN4SyRnZiTq/8i+MEM7JzXR/0cnAFUgSatmp4isvgJchf9sEQuMsS87wFXMZSc0fr+zSsnxOXxWY= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AD15C385840C Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EBB0812FC; Fri, 29 Nov 2024 08:38:22 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 737A83F5A1; Fri, 29 Nov 2024 08:37:52 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 04/22] aarch64: Define jmp_buf offset for GCS Date: Fri, 29 Nov 2024 16:37:03 +0000 Message-Id: <20241129163721.2385847-5-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy The target specific internal __longjmp is called with a __jmp_buf argument which has its size exposed in the ABI. On aarch64 this has no space left, so GCSPR cannot be restored in longjmp in the usual way, which is needed for the Guarded Control Stack (GCS) extension. setjmp is implemented via __sigsetjmp which has a jmp_buf argument however it is also called with __pthread_unwind_buf_t argument cast to jmp_buf (in cancellation cleanup code built with -fno-exception). The two types, jmp_buf and __pthread_unwind_buf_t, have common bits beyond the __jmp_buf field and there is unused space there which we can use for saving GCSPR. For this to work some bits of those two generic types have to be reserved for target specific use and the generic code in glibc has to ensure that __longjmp is always called with a __jmp_buf that is embedded into one of those two types. Morally __longjmp should be changed to take jmp_buf as argument, but that is an intrusive change across targets. Note: longjmp is never called with __pthread_unwind_buf_t from user code, only the internal __libc_longjmp is called with that type and thus the two types could have separate longjmp implementations on a target. We don't rely on this now (but migh in the future given that cancellation unwind does not need to restore GCSPR). Given the above this patch finds an unused slot for GCSPR. This placement is not exposed in the ABI so it may change in the future. This is also very target ABI specific so the generic types cannot be easily changed to clearly mark the reserved fields. Reviewed-by: Carlos O'Donell --- sysdeps/aarch64/jmpbuf-offsets.h | 63 ++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) diff --git a/sysdeps/aarch64/jmpbuf-offsets.h b/sysdeps/aarch64/jmpbuf-offsets.h index 632328c7e2..ec047cf6b1 100644 --- a/sysdeps/aarch64/jmpbuf-offsets.h +++ b/sysdeps/aarch64/jmpbuf-offsets.h @@ -39,6 +39,69 @@ #define JB_D14 20 #define JB_D15 21 +/* The target specific part of jmp_buf has no space for expansion but + the public jmp_buf ABI type has. Unfortunately there is another type + that is used with setjmp APIs and exposed by thread cancellation (in + binaries built with -fno-exceptions) which complicates the situation. + + // Internal layout of the public jmp_buf type on AArch64. + // This is passed to setjmp, longjmp, sigsetjmp, siglongjmp. + struct + { + uint64_t jmpbuf[22]; // Target specific part. + uint32_t mask_was_saved; // savemask bool used by sigsetjmp/siglongjmp. + uint32_t pad; + uint64_t saved_mask; // sigset_t bits used on linux. + uint64_t unused[15]; // sigset_t bits not used on linux. + }; + + // Internal layout of the public __pthread_unwind_buf_t type. + // This is passed to sigsetjmp with !savemask and to the internal + // __libc_longjmp (currently alias of longjmp on AArch64). + struct + { + uint64_t jmpbuf[22]; // Must match jmp_buf. + uint32_t mask_was_saved; // Must match jmp_buf, always 0. + uint32_t pad; + void *prev; // List for unwinding. + void *cleanup; // Cleanup handlers. + uint32_t canceltype; // 1 bit cancellation type. + uint32_t pad2; + void *pad3; + }; + + Ideally only the target specific part of jmp_buf (A) is accessed by + __setjmp and __longjmp. But that is always embedded into one of the + two types above so the bits that are unused in those types (B) may be + reused for target specific purposes. Setjmp can't distinguish between + jmp_buf and __pthread_unwind_buf_t, but longjmp can: only an internal + longjmp call uses the latter, so state that is not needed for cancel + cleanups can go to fields (C). If generic code is refactored then the + usage of additional fields can be optimized (D). And some fields are + only accessible in the savedmask case (E). Reusability of jmp_buf + fields on AArch64 for target purposes: + + struct + { + uint64_t A[22]; // 0 .. 176 + uint32_t D; // 176 .. 180 + uint32_t B; // 180 .. 184 + uint64_t D; // 184 .. 192 + uint64_t C; // 192 .. 200 + uint32_t C; // 200 .. 204 + uint32_t B; // 204 .. 208 + uint64_t B; // 208 .. 216 + uint64_t E[12]; // 216 .. 312 + } + + The B fields can be used with minimal glibc code changes. We need a + 64 bit field for the Guarded Control Stack pointer (GCSPR_EL0) which + can use a C field too as cancellation cleanup does not execute RET + for a previous BL of the cancelled thread, but that would require a + custom __libc_longjmp. This layout can change in the future. +*/ +#define JB_GCSPR 208 + #ifndef __ASSEMBLER__ #include #include From patchwork Fri Nov 29 16:37:04 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102153 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 5CE443858D37 for ; Fri, 29 Nov 2024 16:45:01 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5CE443858D37 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id BA6CD3858428 for ; Fri, 29 Nov 2024 16:37:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org BA6CD3858428 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org BA6CD3858428 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898279; cv=none; b=DmoJl3B09ESIrJ0/LauJos5dwNO0u/S2MJ/91Zjeo59MPe84k8+9C563lu53OlPPTXQzdL1jBSqpE/9+hFlAUiycj2yEQCzrnPbYGhUFikjnFayrtcwIvQ2D6WITh7hKQ8DxvgGMTTHZvbZgZ09txpMQMZwhewKP2hAJRDLtoWU= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898279; c=relaxed/simple; bh=We0/sUf5uqWPoMZSKgn9OZUQ1ngusMLmCjQClHsXsBA=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=angrN7ofsx6ql3SPESRdtGxTWBqk0VA4+ZoMvIg5OAWnl9CLb1ZPloMexWBg7cHVlMkba9v+qlSGZGshvDSVZjGB8tir63r9ubuAFAXAPMTmTV1QchU8yAbSAhUTIOvlf9wmRCBEHauEBJaEQscsbRyKqfFWfDbJsHYvGeWr4ac= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 001C31424; Fri, 29 Nov 2024 08:38:29 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 7BE293F5A1; Fri, 29 Nov 2024 08:37:58 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 05/22] aarch64: Add GCS support to longjmp Date: Fri, 29 Nov 2024 16:37:04 +0000 Message-Id: <20241129163721.2385847-6-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy This implementations ensures that longjmp across different stacks works: it scans for GCS cap token and switches GCS if necessary then the target GCSPR is restored with a GCSPOPM loop once the current GCSPR is on the same GCS. This makes longjmp linear time in the number of jumped over stack frames when GCS is enabled. Reviewed-by: Carlos O'Donell --- sysdeps/aarch64/__longjmp.S | 30 ++++++++++++++++++++++++++++++ sysdeps/aarch64/setjmp.S | 10 ++++++++++ 2 files changed, 40 insertions(+) diff --git a/sysdeps/aarch64/__longjmp.S b/sysdeps/aarch64/__longjmp.S index 7b6add751e..d8670d8995 100644 --- a/sysdeps/aarch64/__longjmp.S +++ b/sysdeps/aarch64/__longjmp.S @@ -91,6 +91,36 @@ ENTRY (__longjmp) ldp d12, d13, [x0, #JB_D12<<3] ldp d14, d15, [x0, #JB_D14<<3] + /* GCS support. */ + mov x16, 1 + CHKFEAT_X16 + tbnz x16, 0, L(gcs_done) + MRS_GCSPR (x2) + ldr x3, [x0, #JB_GCSPR] + mov x4, x3 + /* x2: GCSPR now. x3, x4: target GCSPR. x5, x6: tmp regs. */ +L(gcs_scan): + cmp x2, x4 + b.eq L(gcs_pop) + sub x4, x4, 8 + /* Check for a cap token. */ + ldr x5, [x4] + and x6, x4, 0xfffffffffffff000 + orr x6, x6, 1 + cmp x5, x6 + b.ne L(gcs_scan) +L(gcs_switch): + add x2, x4, 8 + GCSSS1 (x4) + GCSSS2 (xzr) +L(gcs_pop): + cmp x2, x3 + b.eq L(gcs_done) + GCSPOPM (xzr) + add x2, x2, 8 + b L(gcs_pop) +L(gcs_done): + /* Originally this was implemented with a series of .cfi_restore() directives. diff --git a/sysdeps/aarch64/setjmp.S b/sysdeps/aarch64/setjmp.S index 43fdb1b2fb..f7ffccfaba 100644 --- a/sysdeps/aarch64/setjmp.S +++ b/sysdeps/aarch64/setjmp.S @@ -57,6 +57,16 @@ ENTRY (__sigsetjmp) stp d10, d11, [x0, #JB_D10<<3] stp d12, d13, [x0, #JB_D12<<3] stp d14, d15, [x0, #JB_D14<<3] + + /* GCS support. */ + mov x16, 1 + CHKFEAT_X16 + tbnz x16, 0, L(gcs_done) + MRS_GCSPR (x2) + add x2, x2, 8 /* GCS state right after setjmp returns. */ + str x2, [x0, #JB_GCSPR] +L(gcs_done): + #ifdef PTR_MANGLE mov x4, sp PTR_MANGLE (5, 4, 3, 2) From patchwork Fri Nov 29 16:37:05 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102144 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B90063858428 for ; Fri, 29 Nov 2024 16:40:13 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B90063858428 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 833DA3858C42 for ; Fri, 29 Nov 2024 16:38:05 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 833DA3858C42 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 833DA3858C42 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898285; cv=none; b=svMagxu6YD33vtf7SBuPPff1yjNM5mCQjvflnaTGEW1c4AxcmwL8ITwFLc+DA8CwFpCPA3FrAKyZ0VM9H29yWY3HBy7KAsorFl3gdwKaazD+PbjU1XM0NDcc2v1SqDfS7coTrQK1RRzYMmccTmJozMJZUeWceFI0/t9f4End6NY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898285; c=relaxed/simple; bh=oWXhLGXNw74nmW+2QMEMJteXb00LobTKqr1NJH8bRwE=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=Mwd4X+sqWOlfh2nqVT+wzxw7zOU7W5en+ENi+T+lQl2gVopIw4nOJ7mw8HAKhmc/U4C+cgP66N+WELvp6BCtWsWWUIhzlKypmKJ6ktj9khzcoRLVNOhICcAvpFXFplG3i9+hOb/pkgoPDo38yP38BHKRyLVPdbhrsa36ao0pQXM= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id A175712FC; Fri, 29 Nov 2024 08:38:34 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 4A9013F5A1; Fri, 29 Nov 2024 08:38:04 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 06/22] aarch64: Add GCS support to vfork Date: Fri, 29 Nov 2024 16:37:05 +0000 Message-Id: <20241129163721.2385847-7-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy --- sysdeps/unix/sysv/linux/aarch64/vfork.S | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/sysdeps/unix/sysv/linux/aarch64/vfork.S b/sysdeps/unix/sysv/linux/aarch64/vfork.S index e71e492da3..cfaf4a1ffb 100644 --- a/sysdeps/unix/sysv/linux/aarch64/vfork.S +++ b/sysdeps/unix/sysv/linux/aarch64/vfork.S @@ -33,8 +33,14 @@ ENTRY (__vfork) cmn x0, #4095 b.cs .Lsyscall_error + cbz x0, L(child) RET - +L(child): + /* Return with indirect branch in the child to support GCS. + Clear x30 to crash early if the child tries to ret. */ + mov x1, x30 + mov x30, 0 + br x1 PSEUDO_END (__vfork) libc_hidden_def (__vfork) From patchwork Fri Nov 29 16:37:06 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102140 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 378C73858410 for ; Fri, 29 Nov 2024 16:39:07 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 646693858C31 for ; Fri, 29 Nov 2024 16:38:23 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 646693858C31 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 646693858C31 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898303; cv=none; b=N/X4El6GYyWs7aJhLhY/Y/937kNSOHz86pqodgoRoi37Yv4FqarrZByVNS8NpLBMDnhyaZutwLTEJ2suvfKP9gxqYrIXdDlMxecbhsZV9AChO1q2Ein/fpc4vaBxZCRy1HIXjkzxZECDKSzK94uuKTUx/rJLf3kb+U6rfbadUIk= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898303; c=relaxed/simple; bh=sSiJ2As3jnFiz+mw19mes0h5j+xMWP2O2uyo4+3NoDs=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=PmGqpkXjVkZckspE3cvA5ijjqv4DlLxLn9wU1tJWe/Km0S9tMu6qand/S2zH9QXV0JxoGoyn/zfoO661A419cTUFO5B/f4g9ArBt/5o2XO+ZUigxlA4q7gscenfuzAuq/NJIjgZVmVjZ62+KCumaQ+rHrbVRYBf9Oakk2uzTZiw= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 646693858C31 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9D3AD12FC; Fri, 29 Nov 2024 08:38:40 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 24DB53F5A1; Fri, 29 Nov 2024 08:38:09 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 07/22] aarch64: Add GCS support for setcontext Date: Fri, 29 Nov 2024 16:37:06 +0000 Message-Id: <20241129163721.2385847-8-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-12.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_STOCKGEN, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Userspace ucontext needs to store GCSPR, it does not have to be compatible with the kernel ucontext. For now we use the linux struct gcs_context layout but only use the gcspr field from it. Similar implementation to the longjmp code, supports switching GCS if the target GCS is capped, and unwinding a continous GCS to a previous state. --- sysdeps/unix/sysv/linux/aarch64/getcontext.S | 17 ++++++++- sysdeps/unix/sysv/linux/aarch64/setcontext.S | 38 +++++++++++++++++++ sysdeps/unix/sysv/linux/aarch64/swapcontext.S | 32 ++++++++++++---- .../sysv/linux/aarch64/ucontext-internal.h | 5 +++ 4 files changed, 83 insertions(+), 9 deletions(-) diff --git a/sysdeps/unix/sysv/linux/aarch64/getcontext.S b/sysdeps/unix/sysv/linux/aarch64/getcontext.S index e5b69c9a82..30e2b39399 100644 --- a/sysdeps/unix/sysv/linux/aarch64/getcontext.S +++ b/sysdeps/unix/sysv/linux/aarch64/getcontext.S @@ -83,9 +83,24 @@ ENTRY(__getcontext) mrs x4, fpcr str w4, [x3, oFPCR - oFPSR] - /* Write the termination context extension header. */ add x2, x2, #FPSIMD_CONTEXT_SIZE + /* Save the GCSPR. */ + mov x16, 1 + CHKFEAT_X16 + tbnz x16, 0, L(gcs_done) + mov w3, #(GCS_MAGIC & 0xffff) + movk w3, #(GCS_MAGIC >> 16), lsl #16 + str w3, [x2, #oHEAD + oMAGIC] + mov w3, #GCS_CONTEXT_SIZE + str w3, [x2, #oHEAD + oSIZE] + MRS_GCSPR (x4) + add x4, x4, 8 /* GCS state right after getcontext returns. */ + str x4, [x2, #oGCSPR] + add x2, x2, #GCS_CONTEXT_SIZE +L(gcs_done): + + /* Write the termination context extension header. */ str wzr, [x2, #oHEAD + oMAGIC] str wzr, [x2, #oHEAD + oSIZE] diff --git a/sysdeps/unix/sysv/linux/aarch64/setcontext.S b/sysdeps/unix/sysv/linux/aarch64/setcontext.S index ba659438c5..bdfd4580ec 100644 --- a/sysdeps/unix/sysv/linux/aarch64/setcontext.S +++ b/sysdeps/unix/sysv/linux/aarch64/setcontext.S @@ -130,6 +130,44 @@ ENTRY (__setcontext) ldr w4, [x3, oFPCR - oFPSR] msr fpcr, x4 + /* Restore the GCS. */ + mov x16, 1 + CHKFEAT_X16 + tbnz x16, 0, L(gcs_done) + /* Get target GCS from GCS context. */ + ldr w1, [x2, #oHEAD + oSIZE] + add x2, x2, x1 + mov w3, #(GCS_MAGIC & 0xffff) + movk w3, #(GCS_MAGIC >> 16), lsl #16 + ldr w1, [x2, #oHEAD + oMAGIC] + cmp w1, w3 + b.ne L(gcs_done) + ldr x3, [x2, #oGCSPR] + MRS_GCSPR (x2) + mov x4, x3 + /* x2: GCSPR now. x3, x4: target GCSPR. x5, x6: tmp regs. */ +L(gcs_scan): + cmp x2, x4 + b.eq L(gcs_pop) + sub x4, x4, 8 + /* Check for a cap token. */ + ldr x5, [x4] + and x6, x4, 0xfffffffffffff000 + orr x6, x6, 1 + cmp x5, x6 + b.ne L(gcs_scan) +L(gcs_switch): + add x2, x4, 8 + GCSSS1 (x4) + GCSSS2 (xzr) +L(gcs_pop): + cmp x2, x3 + b.eq L(gcs_done) + GCSPOPM (xzr) + add x2, x2, 8 + b L(gcs_pop) +L(gcs_done): + 2: ldr x16, [x0, oPC] /* Restore arg registers. */ diff --git a/sysdeps/unix/sysv/linux/aarch64/swapcontext.S b/sysdeps/unix/sysv/linux/aarch64/swapcontext.S index f049140d35..45b1277c74 100644 --- a/sysdeps/unix/sysv/linux/aarch64/swapcontext.S +++ b/sysdeps/unix/sysv/linux/aarch64/swapcontext.S @@ -32,8 +32,15 @@ ENTRY(__swapcontext) And set up x1 to become the return address of the caller, so we can return there with a normal RET instead of an indirect jump. */ stp xzr, x30, [x0, oX0 + 0 * SZREG] + + /* With GCS, swapcontext calls are followed by BTI J, otherwise + we have to be compatible with old BTI enabled binaries. */ + mov x16, 1 + CHKFEAT_X16 + tbz x16, 0, L(skip_x30_redirect) /* Arrange the oucp context to return to 2f. */ adr x30, 2f +L(skip_x30_redirect): stp x18, x19, [x0, oX0 + 18 * SZREG] stp x20, x21, [x0, oX0 + 20 * SZREG] @@ -72,14 +79,27 @@ ENTRY(__swapcontext) mrs x4, fpcr str w4, [x3, #oFPCR - oFPSR] - /* Write the termination context extension header. */ add x2, x2, #FPSIMD_CONTEXT_SIZE + /* Save the GCSPR. */ + tbnz x16, 0, L(gcs_done) + mov w3, #(GCS_MAGIC & 0xffff) + movk w3, #(GCS_MAGIC >> 16), lsl #16 + str w3, [x2, #oHEAD + oMAGIC] + mov w3, #GCS_CONTEXT_SIZE + str w3, [x2, #oHEAD + oSIZE] + MRS_GCSPR (x4) + add x4, x4, 8 /* GCSPR of the caller. */ + str x4, [x2, #oGCSPR] + add x2, x2, #GCS_CONTEXT_SIZE +L(gcs_done): + + /* Write the termination context extension header. */ str wzr, [x2, #oHEAD + oMAGIC] str wzr, [x2, #oHEAD + oSIZE] /* Preserve ucp. */ - mov x21, x1 + mov x9, x1 /* rt_sigprocmask (SIG_SETMASK, &ucp->uc_sigmask, &oucp->uc_sigmask, _NSIG8) */ @@ -93,12 +113,8 @@ ENTRY(__swapcontext) svc 0 cbnz x0, 1f - mov x22, x30 - mov x0, x21 - bl JUMPTARGET (__setcontext) - mov x30, x22 - RET - + mov x0, x9 + b JUMPTARGET (__setcontext) 1: b C_SYMBOL_NAME(__syscall_error) 2: diff --git a/sysdeps/unix/sysv/linux/aarch64/ucontext-internal.h b/sysdeps/unix/sysv/linux/aarch64/ucontext-internal.h index 096d5fb7c7..84f5365c0e 100644 --- a/sysdeps/unix/sysv/linux/aarch64/ucontext-internal.h +++ b/sysdeps/unix/sysv/linux/aarch64/ucontext-internal.h @@ -43,3 +43,8 @@ #define oX21 (oX0 + 21*8) #define oFP (oX0 + 29*8) #define oLR (oX0 + 30*8) + +/* Use kernel layout for saving GCSPR in ucontext. */ +#define GCS_MAGIC 0x47435300 +#define GCS_CONTEXT_SIZE 32 +#define oGCSPR 8 From patchwork Fri Nov 29 16:37:07 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102155 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 848AD3858402 for ; Fri, 29 Nov 2024 16:46:15 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 848AD3858402 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 688DD3858C35 for ; Fri, 29 Nov 2024 16:38:23 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 688DD3858C35 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 688DD3858C35 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898303; cv=none; b=st7HrfAvq/GHWyNBvpmmvvuuAMaDKiy9VcN6NTXbGafsZDFn5vRU45e6PtWos72Pa+sHBbpADVeArd4YGY3vo93GaoWq+JNzZnnT02F6w6MgvtmkXB5YDWvCd+hmzzS5PY6IBYf6deMq3+V9U7QNEZ0MXJvFb4Q3p5Z/aXO3jC4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898303; c=relaxed/simple; bh=drjrkgcPtoTucmHisp6+M/HTlfkjgOi9EKNnAeY2aIg=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=deaaKWvXx9sRLM9EmXqTnVwKHuj9QeWn84XnkFIBpOjquDWIK1Uf4ut+3iT7rPNGPCfB5EdPcuXJ+WvRWa997zvT9e/u1bsHoaDy2UdG4sDL8hMgC11TlidSE1FbkKY/KUHl///WX2ZMP3ksHbc/4j2e9ccBvOAl0thZJR7MBe4= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 688DD3858C35 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 90BFF1424; Fri, 29 Nov 2024 08:38:46 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 192123F5A1; Fri, 29 Nov 2024 08:38:15 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 08/22] aarch64: Mark swapcontext with indirect_return Date: Fri, 29 Nov 2024 16:37:07 +0000 Message-Id: <20241129163721.2385847-9-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy --- sysdeps/aarch64/bits/indirect-return.h | 36 ++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 sysdeps/aarch64/bits/indirect-return.h diff --git a/sysdeps/aarch64/bits/indirect-return.h b/sysdeps/aarch64/bits/indirect-return.h new file mode 100644 index 0000000000..99905f21fa --- /dev/null +++ b/sysdeps/aarch64/bits/indirect-return.h @@ -0,0 +1,36 @@ +/* Definition of __INDIRECT_RETURN. AArch64 version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _UCONTEXT_H +# error "Never include directly; use instead." +#endif + +/* __INDIRECT_RETURN indicates that swapcontext may return via + an indirect branch. This happens when GCS is enabled, so + add the attribute if available, otherwise returns_twice has + a similar effect, but it prevents some code transformations + that can cause build failures in some rare cases so it is + only used when GCS is enabled. */ +#if __glibc_has_attribute (__indirect_return__) +# define __INDIRECT_RETURN __attribute__ ((__indirect_return__)) +#elif __glibc_has_attribute (__returns_twice__) \ + && defined __ARM_FEATURE_GCS_DEFAULT +# define __INDIRECT_RETURN __attribute__ ((__returns_twice__)) +#else +# define __INDIRECT_RETURN +#endif From patchwork Fri Nov 29 16:37:08 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102143 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6583A3858C62 for ; Fri, 29 Nov 2024 16:40:09 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 6470C3858C3A for ; Fri, 29 Nov 2024 16:38:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6470C3858C3A Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6470C3858C3A Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898309; cv=none; b=jjou5glYoREVZ5OZLqF5uAgtCnimFoJ4GKwwCE5HpVy4V7UU81L6YydXsuSr/xQX0Smta4qpfZyz3QB6zP8q5hkgMrIMwqaqdOCgs+99CMWigFQlRxLf34rgcaiVrsLudIkDhhnzfzvZnAXc2/f2etESbkVFIQEsi6LZuOv2xjs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898309; c=relaxed/simple; bh=h0+6ZoJAcZf89DCarO6jLLzUW6MqqkA+fFTK16tAZRc=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=sdIcxvaTnnht5i1DMnMcadsEG0T/kHDTTRkdlH/QPTpXaY3ihcIJ6bGT3SlbSv2aBOkernl+6Bj0SzKWRRP4u7xKqNjZvZShVkqQkNF1tkhbW5LTsWDsGP8CGVeEVrW4flAuUUNs+vfyc8aMwuGUhJxy9xFlu8OYx2JgitYsHa4= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6470C3858C3A Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2F4DE1570; Fri, 29 Nov 2024 08:38:52 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id CD3DC3F5A1; Fri, 29 Nov 2024 08:38:21 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 09/22] aarch64: Add GCS support for makecontext Date: Fri, 29 Nov 2024 16:37:08 +0000 Message-Id: <20241129163721.2385847-10-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Changed the makecontext logic: previously the first setcontext jumped straight to the user callback function and the return address is set to __startcontext. This does not work when GCS is enabled as the integrity of the return address is protected, so instead the context is setup such that setcontext jumps to __startcontext which calls the user callback (passed in x20). The map_shadow_stack syscall is used to allocate a suitably sized GCS (which includes some reserved area to account for altstack signal handlers and otherwise supports maximum number of 16 byte aligned stack frames on the given stack) however the GCS is never freed as the lifetime of ucontext and related stack is user managed. --- sysdeps/unix/sysv/linux/aarch64/makecontext.c | 61 ++++++++++++++++++- sysdeps/unix/sysv/linux/aarch64/setcontext.S | 4 ++ 2 files changed, 63 insertions(+), 2 deletions(-) diff --git a/sysdeps/unix/sysv/linux/aarch64/makecontext.c b/sysdeps/unix/sysv/linux/aarch64/makecontext.c index 5aec182013..9e66b6761c 100644 --- a/sysdeps/unix/sysv/linux/aarch64/makecontext.c +++ b/sysdeps/unix/sysv/linux/aarch64/makecontext.c @@ -22,6 +22,52 @@ #include #include +#define GCS_MAGIC 0x47435300 + +static struct _aarch64_ctx *extension (void *p) +{ + return p; +} + +#ifndef __NR_map_shadow_stack +# define __NR_map_shadow_stack 453 +#endif +#ifndef SHADOW_STACK_SET_TOKEN +# define SHADOW_STACK_SET_TOKEN (1UL << 0) +# define SHADOW_STACK_SET_MARKER (1UL << 1) +#endif + +static void * +map_shadow_stack (void *addr, size_t size, unsigned long flags) +{ + return (void *) INLINE_SYSCALL_CALL (map_shadow_stack, addr, size, flags); +} + +#define GCS_MAX_SIZE (1UL << 31) +#define GCS_ALTSTACK_RESERVE 160 + +static void * +alloc_makecontext_gcs (size_t stack_size) +{ + size_t size = (stack_size / 2 + GCS_ALTSTACK_RESERVE) & -8UL; + if (size > GCS_MAX_SIZE) + size = GCS_MAX_SIZE; + + unsigned long flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN; + void *base = map_shadow_stack (NULL, size, flags); + if (base == (void *) -1) + /* ENOSYS, bad size or OOM. */ + abort (); + uint64_t *gcsp = (uint64_t *) ((char *) base + size); + /* Skip end of GCS token. */ + gcsp--; + /* Verify GCS cap token. */ + gcsp--; + if (((uint64_t)gcsp & 0xfffffffffffff000) + 1 != *gcsp) + abort (); + /* Return the target GCS pointer for context switch. */ + return gcsp + 1; +} /* makecontext sets up a stack and the registers for the user context. The stack looks like this: @@ -56,10 +102,21 @@ __makecontext (ucontext_t *ucp, void (*func) (void), int argc, ...) sp = (uint64_t *) (((uintptr_t) sp) & -16L); ucp->uc_mcontext.regs[19] = (uintptr_t) ucp->uc_link; + ucp->uc_mcontext.regs[20] = (uintptr_t) func; ucp->uc_mcontext.sp = (uintptr_t) sp; - ucp->uc_mcontext.pc = (uintptr_t) func; + ucp->uc_mcontext.pc = (uintptr_t) __startcontext; ucp->uc_mcontext.regs[29] = (uintptr_t) 0; - ucp->uc_mcontext.regs[30] = (uintptr_t) &__startcontext; + ucp->uc_mcontext.regs[30] = (uintptr_t) 0; + + void *p = ucp->uc_mcontext.__reserved; + if (extension (p)->magic == FPSIMD_MAGIC) + p = (char *)p + extension (p)->size; + if (extension (p)->magic == GCS_MAGIC) + { + /* Using the kernel struct gcs_context layout. */ + struct { uint64_t x, gcspr, y, z; } *q = p; + q->gcspr = (uint64_t) alloc_makecontext_gcs (ucp->uc_stack.ss_size); + } va_start (ap, argc); for (i = 0; i < argc; ++i) diff --git a/sysdeps/unix/sysv/linux/aarch64/setcontext.S b/sysdeps/unix/sysv/linux/aarch64/setcontext.S index bdfd4580ec..17b0a48ce1 100644 --- a/sysdeps/unix/sysv/linux/aarch64/setcontext.S +++ b/sysdeps/unix/sysv/linux/aarch64/setcontext.S @@ -180,7 +180,11 @@ L(gcs_done): PSEUDO_END (__setcontext) weak_alias (__setcontext, setcontext) +/* makecontext start function: receives uc_link in x19 and func in x20. + Arguments of func, x29, x30 and sp are set up by the caller. */ ENTRY (__startcontext) + cfi_undefined (x30) + blr x20 mov x0, x19 cbnz x0, __setcontext 1: b HIDDEN_JUMPTARGET (exit) From patchwork Fri Nov 29 16:37:09 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102141 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 52AAA385840D for ; Fri, 29 Nov 2024 16:39:10 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 643F73858C39 for ; Fri, 29 Nov 2024 16:38:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 643F73858C39 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 643F73858C39 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898309; cv=none; b=IL/xQN620MxnlD+iRc9Gtl4KCyPGVX0F9xH5bS9rAo+tYKXcWdd0x4WGUwyrN369g2gMbjNRE/yLo9/2HfbkCAojnVV6H4byGdw2I3qCKE9RksHp/5gxd7q6CyA1pk7lIr051YWLipax7XzTTK/K7iDsQhwAVmFZj1jiotVFhXY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898309; c=relaxed/simple; bh=wwXe1cFjfxguyC1DZLJFc5GISU/DAXRStjSodXeANVE=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=JyBiLTogG6d316SVBkIkCSFHwQW/V65kLapeA0wB4/mGskW6AuWTYCFvpMPBMQ9HzpwTrkcUFBg8sAOkw0qSi/mFhqAFgLxhq5efyvVcA9rXbC27uXHpBn4tpbrzqMIAf3uJ2oUifcjRIs/5/fy75N1q+PayJ6IV34kyQ6vFOGc= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 643F73858C39 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D658812FC; Fri, 29 Nov 2024 08:38:57 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 803263F5A1; Fri, 29 Nov 2024 08:38:27 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 10/22] aarch64: Try to free the GCS of makecontext Date: Fri, 29 Nov 2024 16:37:09 +0000 Message-Id: <20241129163721.2385847-11-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Free GCS after a makecontext start func returns and at thread exit, so assume makecontext cannot outlive the thread where it was created. This is an attempt to bound the lifetime of the GCS allocated for makecontext, but it is still possible to have significant GCS leaks, new GCS aware APIs could solve that, but that would not allow using GCS with existing code transparently. --- include/set-freeres.h | 4 ++ malloc/thread-freeres.c | 3 + sysdeps/unix/sysv/linux/aarch64/makecontext.c | 65 +++++++++++++++++++ sysdeps/unix/sysv/linux/aarch64/setcontext.S | 19 +++++- sysdeps/unix/sysv/linux/aarch64/sysdep.h | 6 +- 5 files changed, 93 insertions(+), 4 deletions(-) diff --git a/include/set-freeres.h b/include/set-freeres.h index 4177b453fa..c3d64b4f41 100644 --- a/include/set-freeres.h +++ b/include/set-freeres.h @@ -78,6 +78,10 @@ extern void __nss_database_freeres (void) attribute_hidden; extern int _IO_cleanup (void) attribute_hidden;; /* From dlfcn/dlerror.c */ extern void __libc_dlerror_result_free (void) attribute_hidden; +/* From libc.so, arch specific. */ +#ifdef ARCH_THREAD_FREERES +extern void ARCH_THREAD_FREERES (void) attribute_hidden; +#endif /* From either libc.so or libpthread.so */ extern void __libpthread_freeres (void) attribute_hidden; diff --git a/malloc/thread-freeres.c b/malloc/thread-freeres.c index 55ba4e7b83..69867f3a3b 100644 --- a/malloc/thread-freeres.c +++ b/malloc/thread-freeres.c @@ -29,6 +29,9 @@ void __libc_thread_freeres (void) { +#ifdef ARCH_THREAD_FREERES + call_function_static_weak (ARCH_THREAD_FREERES); +#endif #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_32) __rpc_thread_destroy (); #endif diff --git a/sysdeps/unix/sysv/linux/aarch64/makecontext.c b/sysdeps/unix/sysv/linux/aarch64/makecontext.c index 9e66b6761c..779f7e55aa 100644 --- a/sysdeps/unix/sysv/linux/aarch64/makecontext.c +++ b/sysdeps/unix/sysv/linux/aarch64/makecontext.c @@ -20,7 +20,9 @@ #include #include #include +#include #include +#include #define GCS_MAGIC 0x47435300 @@ -29,6 +31,47 @@ static struct _aarch64_ctx *extension (void *p) return p; } +struct gcs_list { + struct gcs_list *next; + void *base; + size_t size; +}; + +static __thread struct gcs_list *gcs_list_head = NULL; + +static void +record_gcs (void *base, size_t size) +{ + struct gcs_list *p = malloc (sizeof *p); + if (p == NULL) + abort (); + p->base = base; + p->size = size; + p->next = gcs_list_head; + gcs_list_head = p; +} + +static void +free_gcs_list (void) +{ + for (;;) + { + struct gcs_list *p = gcs_list_head; + if (p == NULL) + break; + gcs_list_head = p->next; + __munmap (p->base, p->size); + free (p); + } +} + +/* Called during thread shutdown to free resources. */ +void +__libc_aarch64_thread_freeres (void) +{ + free_gcs_list (); +} + #ifndef __NR_map_shadow_stack # define __NR_map_shadow_stack 453 #endif @@ -58,6 +101,9 @@ alloc_makecontext_gcs (size_t stack_size) if (base == (void *) -1) /* ENOSYS, bad size or OOM. */ abort (); + + record_gcs (base, size); + uint64_t *gcsp = (uint64_t *) ((char *) base + size); /* Skip end of GCS token. */ gcsp--; @@ -69,6 +115,25 @@ alloc_makecontext_gcs (size_t stack_size) return gcsp + 1; } +void +__free_makecontext_gcs (void *gcs) +{ + struct gcs_list *p = gcs_list_head; + struct gcs_list **q = &gcs_list_head; + for (;;) + { + if (p == NULL) + abort (); + if (gcs == p->base + p->size - 8) + break; + q = &p->next; + p = p->next; + } + *q = p->next; + __munmap (p->base, p->size); + free (p); +} + /* makecontext sets up a stack and the registers for the user context. The stack looks like this: diff --git a/sysdeps/unix/sysv/linux/aarch64/setcontext.S b/sysdeps/unix/sysv/linux/aarch64/setcontext.S index 17b0a48ce1..853dcb7a73 100644 --- a/sysdeps/unix/sysv/linux/aarch64/setcontext.S +++ b/sysdeps/unix/sysv/linux/aarch64/setcontext.S @@ -34,6 +34,9 @@ .text ENTRY (__setcontext) + /* If x10 is set then old GCS is freed. */ + mov x10, 0 +__setcontext_internal: PTR_ARG (0) /* Save a copy of UCP. */ mov x9, x0 @@ -145,7 +148,8 @@ ENTRY (__setcontext) ldr x3, [x2, #oGCSPR] MRS_GCSPR (x2) mov x4, x3 - /* x2: GCSPR now. x3, x4: target GCSPR. x5, x6: tmp regs. */ + mov x1, x2 + /* x1, x2: GCSPR now. x3, x4: target GCSPR. x5, x6: tmp regs. */ L(gcs_scan): cmp x2, x4 b.eq L(gcs_pop) @@ -162,10 +166,18 @@ L(gcs_switch): GCSSS2 (xzr) L(gcs_pop): cmp x2, x3 - b.eq L(gcs_done) + b.eq L(gcs_free_old) GCSPOPM (xzr) add x2, x2, 8 b L(gcs_pop) +L(gcs_free_old): + cbz x10, L(gcs_done) + mov x28, x0 + mov x0, x1 + bl __free_makecontext_gcs + mov x0, x28 + ldp x28, x29, [x0, oX0 + 28 * SZREG] + ldr x30, [x0, oX0 + 30 * SZREG] L(gcs_done): 2: @@ -186,6 +198,7 @@ ENTRY (__startcontext) cfi_undefined (x30) blr x20 mov x0, x19 - cbnz x0, __setcontext + mov x10, 1 + cbnz x0, __setcontext_internal 1: b HIDDEN_JUMPTARGET (exit) END (__startcontext) diff --git a/sysdeps/unix/sysv/linux/aarch64/sysdep.h b/sysdeps/unix/sysv/linux/aarch64/sysdep.h index 974b503b2f..97cf84eaaa 100644 --- a/sysdeps/unix/sysv/linux/aarch64/sysdep.h +++ b/sysdeps/unix/sysv/linux/aarch64/sysdep.h @@ -29,8 +29,12 @@ #include -/* In order to get __set_errno() definition in INLINE_SYSCALL. */ #ifndef __ASSEMBLER__ +/* Thread cleanup function. */ +#define ARCH_THREAD_FREERES __libc_aarch64_thread_freeres +void __libc_aarch64_thread_freeres (void) attribute_hidden; + +/* In order to get __set_errno() definition in INLINE_SYSCALL. */ #include #endif From patchwork Fri Nov 29 16:37:10 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102142 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 5BA873858427 for ; Fri, 29 Nov 2024 16:40:03 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id DE6493858C98 for ; Fri, 29 Nov 2024 16:38:37 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org DE6493858C98 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org DE6493858C98 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898318; cv=none; b=XpUEyug2xL1Q1PPOnCFYWOVzx0oi2DDGD26yUlikgcMtzBI65llg0PwsJmVkZxG4nNeAEDCZMbohuv++fv2QYp9SBfvYlxovUoh/QLAt1kQd76orzHHXrh9QNQ6zsSO/8xCgJKuvHaowsWamDB3LfQ2fpqm4oy+GNE8QePiAFaI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898318; c=relaxed/simple; bh=DZJU4qeu3+nxbXM7KoddZBEl5SPqS5o/ZO9oJOMCf5A=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=aDcGmAiQxugJwAVFb0RN5MymuZwEQ8xOczrVVWI9cU3eUCfKGpCvt9XzLkqPj//RNhhPu6nCuBQRwJ83WjDQJogZF2JtMAl0nEEvMLCETEfC7KWpcUCUg1zWU3iYWdFARfDuehqG0JUh/xVVItTCkQgyVCJ/UksATnNF0pK/EiA= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DE6493858C98 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 68E281424; Fri, 29 Nov 2024 08:39:03 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 11FD13F5A1; Fri, 29 Nov 2024 08:38:32 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 11/22] aarch64: Add glibc.cpu.aarch64_gcs tunable Date: Fri, 29 Nov 2024 16:37:10 +0000 Message-Id: <20241129163721.2385847-12-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy This tunable is for controlling the GCS status. It is the argument to the PR_SET_SHADOW_STACK_STATUS prctl, by default 0, so GCS is disabled. The status is stored into GL(dl_aarch64_gcs) early and only applied later, since enabling GCS is tricky: it must happen on a top level stack frame. (Using GL instead of GLRO because it may need updates depending on loaded libraries that happen after readonly protection is applied, however library marking based GCS setting is not yet implemented.) --- sysdeps/aarch64/dl-tunables.list | 5 +++ .../unix/sysv/linux/aarch64/cpu-features.c | 4 ++ .../unix/sysv/linux/aarch64/dl-procruntime.c | 37 +++++++++++++++++++ 3 files changed, 46 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c diff --git a/sysdeps/aarch64/dl-tunables.list b/sysdeps/aarch64/dl-tunables.list index 92c6cbfa92..c08be86932 100644 --- a/sysdeps/aarch64/dl-tunables.list +++ b/sysdeps/aarch64/dl-tunables.list @@ -21,5 +21,10 @@ glibc { name { type: STRING } + aarch64_gcs { + type: UINT_64 + minval: 0 + default: 0 + } } } diff --git a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c index c0b047bc0d..4a63875b19 100644 --- a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c +++ b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c @@ -176,4 +176,8 @@ init_cpu_features (struct cpu_features *cpu_features) /* Check if MOPS is supported. */ cpu_features->mops = GLRO (dl_hwcap2) & HWCAP2_MOPS; + + if (GLRO (dl_hwcap) & HWCAP_GCS) + /* GCS status may be updated later by binary compatibility checks. */ + GL (dl_aarch64_gcs) = TUNABLE_GET (glibc, cpu, aarch64_gcs, uint64_t, 0); } diff --git a/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c b/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c new file mode 100644 index 0000000000..23c61da6c4 --- /dev/null +++ b/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c @@ -0,0 +1,37 @@ +/* Data for processor runtime information. AArch64 version. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef PROCINFO_CLASS +# define PROCINFO_CLASS +#endif + +#if !IS_IN (ldconfig) +# if !defined PROCINFO_DECL && defined SHARED + ._dl_aarch64_gcs +# else +PROCINFO_CLASS unsigned long _dl_aarch64_gcs +# endif +# ifndef PROCINFO_DECL += 0 +# endif +# if !defined SHARED || defined PROCINFO_DECL +; +# else +, +# endif +#endif From patchwork Fri Nov 29 16:37:11 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102146 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E11B33858402 for ; Fri, 29 Nov 2024 16:41:16 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E11B33858402 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 6A1183858D39 for ; Fri, 29 Nov 2024 16:38:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6A1183858D39 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6A1183858D39 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898328; cv=none; b=UoYVFq4Nw0JgB804AUdw8Zq7b53ze2w6ivvhzHT7QhqODPZKXkIRb6p9oToP2HylYhfXk59JmXuhoXp9rcdz1xBzVgVohMedZ+PWs4dhTZAJ50in/BYaIzUTaMat+Ej86qIcLsKAYhzHTAWuaPARs/rx14654LFL3fWLD2HbNZA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898328; c=relaxed/simple; bh=wVqyhE49Q6gGKWVmKiHoIrGXzJMcgNoL7IIthNw/93k=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=dAo4SYU3JULcZrYRXbmbdABsob75fiKkTxBTu3cESZcZY4axH+SwpkFTakcdS0n0OV4U7p8PUgdP6PUFREshVVeZk3VF9798ihxITK7EYsZwEvLAbp1T68s3z9cPC4REqTd9V3lZIuoWNWL2cN9z7teydyZOsGduKyfXpsna/TU= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5A68412FC; Fri, 29 Nov 2024 08:39:09 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D4ED53F5A1; Fri, 29 Nov 2024 08:38:38 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 12/22] aarch64: Enable GCS in static linked exe Date: Fri, 29 Nov 2024 16:37:11 +0000 Message-Id: <20241129163721.2385847-13-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Use the ARCH_SETUP_TLS hook to enable GCS in the static linked case. The system call must be inlined and then GCS is enabled on a top level stack frame that does not return and has no exception handlers above it. --- sysdeps/unix/sysv/linux/aarch64/libc-start.h | 49 ++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/aarch64/libc-start.h diff --git a/sysdeps/unix/sysv/linux/aarch64/libc-start.h b/sysdeps/unix/sysv/linux/aarch64/libc-start.h new file mode 100644 index 0000000000..0dd102c374 --- /dev/null +++ b/sysdeps/unix/sysv/linux/aarch64/libc-start.h @@ -0,0 +1,49 @@ +/* AArch64 definitions for libc main startup. + Copyright (C) 2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _LIBC_START_H +#define _LIBC_START_H + +#ifndef SHARED + +# ifndef PR_SET_SHADOW_STACK_STATUS +# define PR_GET_SHADOW_STACK_STATUS 74 +# define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_LOCK_SHADOW_STACK_STATUS 76 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# define PR_SHADOW_STACK_WRITE (1UL << 1) +# define PR_SHADOW_STACK_PUSH (1UL << 2) +# endif + +/* Must be on a top-level stack frame that does not return. */ +static inline void __attribute__((always_inline)) +aarch64_libc_setup_tls (void) +{ + __libc_setup_tls (); + + uint64_t s = GL(dl_aarch64_gcs); + if (s != 0) + INLINE_SYSCALL_CALL (prctl, PR_SET_SHADOW_STACK_STATUS, s, 0, 0, 0); +} + +# define ARCH_SETUP_IREL() apply_irel () +# define ARCH_SETUP_TLS() aarch64_libc_setup_tls () +# define ARCH_APPLY_IREL() +#endif /* ! SHARED */ + +#endif /* _LIBC_START_H */ From patchwork Fri Nov 29 16:37:12 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102145 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 5FBB03858403 for ; Fri, 29 Nov 2024 16:40:39 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5FBB03858403 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 0C5973858432 for ; Fri, 29 Nov 2024 16:38:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0C5973858432 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 0C5973858432 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898326; cv=none; b=C/RPZ2L1U4khZF0FUUZb1KYZ8+t5umzegYfugm6ZHR526Rb8p+J7yrfoPWwTaGL2U1PQiL7pezWa7u9Hv0qrLiwIaSZmikQeiCoMh4qvVdYqjRX79UHoraZsELj3I/pyAv1xAybKB/Wacrm30/442yYC4CmKMCOMzFa+gKaihvg= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898326; c=relaxed/simple; bh=n+Lg1JKA1uD4aWJ+JZKderDl5ueKdZ4/dF4CZhFd1Pk=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=HAOLBqqNhoiFJbALjGc/M+9NahC4HyRngWyD8l2IaGYJj9tjvj0Cif2ZMk8RC70jJ7dsqGKGN3lENrK5lW4EZQRWyXBdlN7HYLb9Uk5th4HDJsNsIX55H/wyvYjdNxKjmgwKJg/76K/C+QKfENKGuE60kiN8l9u5lmuMLZq1mNU= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0C5973858432 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4A8971424; Fri, 29 Nov 2024 08:39:15 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id BF6D23F5A1; Fri, 29 Nov 2024 08:38:44 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 13/22] aarch64: Enable GCS in dynamic linked exe Date: Fri, 29 Nov 2024 16:37:12 +0000 Message-Id: <20241129163721.2385847-14-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Use the dynamic linker start code to enable GCS in the dynamic linked case after _dl_start returns and before _dl_start_user which marks the point after which user code may run. Like in the static linked case this ensures that GCS is enabled on a top level stack frame. --- sysdeps/aarch64/Makefile | 4 +++- sysdeps/aarch64/dl-start.S | 23 +++++++++++++++++++++-- sysdeps/aarch64/rtld-global-offsets.sym | 5 +++++ 3 files changed, 29 insertions(+), 3 deletions(-) diff --git a/sysdeps/aarch64/Makefile b/sysdeps/aarch64/Makefile index 141d7d9cc2..ca8b96f550 100644 --- a/sysdeps/aarch64/Makefile +++ b/sysdeps/aarch64/Makefile @@ -35,7 +35,9 @@ endif ifeq ($(subdir),elf) sysdep-rtld-routines += dl-start sysdep-dl-routines += tlsdesc dl-tlsdesc -gen-as-const-headers += dl-link.sym +gen-as-const-headers += \ + dl-link.sym \ + rtld-global-offsets.sym tests-internal += tst-ifunc-arg-1 tst-ifunc-arg-2 diff --git a/sysdeps/aarch64/dl-start.S b/sysdeps/aarch64/dl-start.S index d645484e79..bca5c408af 100644 --- a/sysdeps/aarch64/dl-start.S +++ b/sysdeps/aarch64/dl-start.S @@ -18,6 +18,7 @@ . */ #include +#include ENTRY (_start) /* Create an initial frame with 0 LR and FP */ @@ -25,11 +26,30 @@ ENTRY (_start) mov x29, #0 mov x30, #0 + /* Load and relocate all library dependencies. */ mov x0, sp PTR_ARG (0) bl _dl_start /* Returns user entry point in x0. */ mov PTR_REG (21), PTR_REG (0) + + /* Use GL(dl_aarch64_gcs) to set the shadow stack status. */ + adrp x16, _rtld_local + add PTR_REG (16), PTR_REG (16), :lo12:_rtld_local + ldr x1, [x16, GL_DL_AARCH64_GCS_OFFSET] + cbz x1, L(skip_gcs_enable) + + /* Enable GCS before user code runs. Note that IFUNC resolvers and + LD_AUDIT hooks may run before, but should not create threads. */ +#define PR_SET_SHADOW_STACK_STATUS 75 + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x2, 0 + mov x3, 0 + mov x4, 0 + mov x8, #SYS_ify(prctl) + svc 0x0 +L(skip_gcs_enable): + .globl _dl_start_user .type _dl_start_user, %function _dl_start_user: @@ -40,8 +60,7 @@ _dl_start_user: /* Compute envp. */ add PTR_REG (3), PTR_REG (2), PTR_REG (1), lsl PTR_LOG_SIZE add PTR_REG (3), PTR_REG (3), PTR_SIZE - adrp x16, _rtld_local - add PTR_REG (16), PTR_REG (16), :lo12:_rtld_local + /* Run the init functions of the loaded modules. */ ldr PTR_REG (0), [x16] bl _dl_init /* Load the finalizer function. */ diff --git a/sysdeps/aarch64/rtld-global-offsets.sym b/sysdeps/aarch64/rtld-global-offsets.sym index 23cdaf7d9e..6c0690bb95 100644 --- a/sysdeps/aarch64/rtld-global-offsets.sym +++ b/sysdeps/aarch64/rtld-global-offsets.sym @@ -3,8 +3,13 @@ #include #define GLRO_offsetof(name) offsetof (struct rtld_global_ro, _##name) +#define GL_offsetof(name) offsetof (struct rtld_global, _##name) -- Offsets of _rtld_global_ro in libc.so GLRO_DL_HWCAP_OFFSET GLRO_offsetof (dl_hwcap) GLRO_DL_HWCAP2_OFFSET GLRO_offsetof (dl_hwcap2) + +-- Offsets of _rtld_global in libc.so + +GL_DL_AARCH64_GCS_OFFSET GL_offsetof (dl_aarch64_gcs) From patchwork Fri Nov 29 16:37:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102150 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 9AB403858D35 for ; Fri, 29 Nov 2024 16:43:02 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9AB403858D35 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 65DE73858D35 for ; Fri, 29 Nov 2024 16:38:54 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 65DE73858D35 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 65DE73858D35 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898334; cv=none; b=xcDu1rYSvk58BL1HhHC8ky8L/L3u0H5Z7+QKw3uMSFQoqSX18Dln8x5walU8Llk8FN7CjbrGI6s8hrnJt7Dq0GLyln40bfXsm35AcovN6VKsJC0ONbXjDieiXTjGBJTCb81QwVdJsSXeRgZZFEfG1Hz6gN11SQvX89i7konxHRw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898334; c=relaxed/simple; bh=MvUQNpxFf+Ipd473sWA65unaBFkAgqKEs3RV+kflTi8=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=a/qLkC35GIoISZjnh49SeRJssfLGP4MRhQ891ieU/QdJZsDcgGCkAk3frvzhuIsDKnN7U5Bzo2R9gdIgjeO8gnRlyNzszcF+chqXsbyqqRNgVCk3Qh6RLgILFoppVucT378cM00AKJmzMA0bUBQqIPeMf9sWwU0BvkJuk/GfFUI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id D7D0412FC; Fri, 29 Nov 2024 08:39:20 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 816E43F5A1; Fri, 29 Nov 2024 08:38:50 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 14/22] aarch64: Mark objects with GCS property note Date: Fri, 29 Nov 2024 16:37:13 +0000 Message-Id: <20241129163721.2385847-15-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy --- sysdeps/aarch64/sysdep.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sysdeps/aarch64/sysdep.h b/sysdeps/aarch64/sysdep.h index 661d9fe8c1..55e0230b5e 100644 --- a/sysdeps/aarch64/sysdep.h +++ b/sysdeps/aarch64/sysdep.h @@ -85,6 +85,7 @@ strip_pac (void *p) #define FEATURE_1_AND 0xc0000000 #define FEATURE_1_BTI 1 #define FEATURE_1_PAC 2 +#define FEATURE_1_GCS 4 /* Add a NT_GNU_PROPERTY_TYPE_0 note. */ #define GNU_PROPERTY(type, value) \ @@ -103,9 +104,9 @@ strip_pac (void *p) /* Add GNU property note with the supported features to all asm code where sysdep.h is included. */ #if HAVE_AARCH64_BTI && HAVE_AARCH64_PAC_RET -GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_PAC) +GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_PAC|FEATURE_1_GCS) #elif HAVE_AARCH64_BTI -GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI) +GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_GCS) #endif /* Define an entry point visible from C. */ From patchwork Fri Nov 29 16:37:14 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102157 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 5327E3858C50 for ; Fri, 29 Nov 2024 16:47:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5327E3858C50 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 97EC63858D33 for ; Fri, 29 Nov 2024 16:38:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 97EC63858D33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 97EC63858D33 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898339; cv=none; b=pVO8zBi/AQONmzgGh7fdUbGXG/5PBZ3oU9sRr4WlY0BdXycDqFz7rmN+uzWFUrsR4tZds3tRjWtAS/aTiC9m+nQeUKf3fWlJfU1MfdxHyttIGHWxHPee92Dg4lKQtdXJAdwWDPEe/RNfyefEG7Z6JUAjXthxJIwqDQuzsCaBBGg= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898339; c=relaxed/simple; bh=t50onkiO5G04+3GwchV7etD3tmRVbbguqiS/urUe2yk=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=exWm9MG/xY3AupOaAJ/u+l+BXsktTMxpjeCarOImE42qbUKOfDka3FAZimk0W8D6Jc+SDX7/1l5mEAofA5qMvAhEfHrc4U9xzSDypFH3MSvJKUehSLO+SdD2ZxXk7PIBocEBETA5rRWrtxBmGmzcORXkSR82PShe9Uist+myYFw= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8090612FC; Fri, 29 Nov 2024 08:39:26 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2A3143F5A1; Fri, 29 Nov 2024 08:38:56 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 15/22] aarch64: Add glibc.cpu.aarch64_gcs_policy Date: Fri, 29 Nov 2024 16:37:14 +0000 Message-Id: <20241129163721.2385847-16-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP, T_FILL_THIS_FORM_SHORT autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy policy sets how gcs tunable and gcs marking turns into gcs state: 0: state = tunable 1: state = marking ? tunable : (tunable && dlopen ? err : 0) 2: state = marking ? tunable : (tunable ? err : 0) --- sysdeps/aarch64/dl-tunables.list | 5 +++++ sysdeps/unix/sysv/linux/aarch64/cpu-features.c | 9 +++++++-- sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c | 13 +++++++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/sysdeps/aarch64/dl-tunables.list b/sysdeps/aarch64/dl-tunables.list index c08be86932..2a07a6216b 100644 --- a/sysdeps/aarch64/dl-tunables.list +++ b/sysdeps/aarch64/dl-tunables.list @@ -26,5 +26,10 @@ glibc { minval: 0 default: 0 } + aarch64_gcs_policy { + type: UINT_64 + minval: 0 + default: 0 + } } } diff --git a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c index 4a63875b19..925756d79e 100644 --- a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c +++ b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c @@ -178,6 +178,11 @@ init_cpu_features (struct cpu_features *cpu_features) cpu_features->mops = GLRO (dl_hwcap2) & HWCAP2_MOPS; if (GLRO (dl_hwcap) & HWCAP_GCS) - /* GCS status may be updated later by binary compatibility checks. */ - GL (dl_aarch64_gcs) = TUNABLE_GET (glibc, cpu, aarch64_gcs, uint64_t, 0); + { + /* GCS status may be updated later by binary compatibility checks. */ + GL (dl_aarch64_gcs) = TUNABLE_GET (glibc, cpu, aarch64_gcs, uint64_t, 0); + /* Fixed GCS policy. */ + GLRO (dl_aarch64_gcs_policy) = + TUNABLE_GET (glibc, cpu, aarch64_gcs_policy, uint64_t, 0); + } } diff --git a/sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c b/sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c index 7af232de52..a9d5ee9df5 100644 --- a/sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c +++ b/sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c @@ -54,6 +54,19 @@ PROCINFO_CLASS struct cpu_features _dl_aarch64_cpu_features # else , # endif +# if !defined PROCINFO_DECL && defined SHARED + ._dl_aarch64_gcs_policy +# else +PROCINFO_CLASS uint64_t _dl_aarch64_gcs_policy +# endif +# ifndef PROCINFO_DECL += 0 +# endif +# if !defined SHARED || defined PROCINFO_DECL +; +# else +, +# endif #endif /* Number of HWCAP bits set. */ From patchwork Fri Nov 29 16:37:15 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102147 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 346A13858C56 for ; Fri, 29 Nov 2024 16:41:21 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 346A13858C56 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 9C3833858C51 for ; Fri, 29 Nov 2024 16:39:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9C3833858C51 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9C3833858C51 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898346; cv=none; b=v0HN2kXHIhSBucvxFOPuIjb4Ssw20pjAQiLCn3kfSaRg2lICiBmeCa132Fmto05oL+wfiCo7nn3cmnbawCaCrL+L7v76EIbAVtnX0OXZKSfPXPEsv0Cvf8q4QaDTCvxWgCckIqlM3ujKyEGttAlmWlRWqoiF8sfRkG14jEc+6yc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898346; c=relaxed/simple; bh=W686nIykdpeyzK86pRT4fnxf241+RINhSGBgURxW60Y=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=f8FTT3KE0jgvu5UEBijyeENpnDXyJ30bjZk0e/N6SUi58PgfAB+2EtCvWeKc+q+1V3bAF39x/wQzUNb3YWQlNU1+7don3MOo/o8vXx72D2al/PRhBS7C7LZ/melGNB4VFDDYklzh5eR2s6fOAxL1Hh5Ey7WjJ64RHvJzX/+ypP4= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9C3833858C51 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 58F4E12FC; Fri, 29 Nov 2024 08:39:32 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D4EB93F5A1; Fri, 29 Nov 2024 08:39:01 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 16/22] aarch64: Use l_searchlist.r_list for bti Date: Fri, 29 Nov 2024 16:37:15 +0000 Message-Id: <20241129163721.2385847-17-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Allows using the same function for static exe. --- sysdeps/aarch64/dl-bti.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c index fd0d308a39..e03bfc2acb 100644 --- a/sysdeps/aarch64/dl-bti.c +++ b/sysdeps/aarch64/dl-bti.c @@ -84,10 +84,9 @@ _dl_bti_check (struct link_map *l, const char *program) if (l->l_mach.bti_fail) bti_failed (l, program); - unsigned int i = l->l_searchlist.r_nlist; - while (i-- > 0) + for (unsigned int i = 0; i < l->l_searchlist.r_nlist; i++) { - struct link_map *dep = l->l_initfini[i]; + struct link_map *dep = l->l_searchlist.r_list[i]; if (dep->l_mach.bti_fail) bti_failed (dep, program); } From patchwork Fri Nov 29 16:37:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102152 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B4E243858C98 for ; Fri, 29 Nov 2024 16:44:22 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B4E243858C98 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id A773F3858404 for ; Fri, 29 Nov 2024 16:39:08 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A773F3858404 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org A773F3858404 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898348; cv=none; b=lTH30taAxAPZmyvntt9LfoGM4liI/EIcCJG61Zl1mV17wh4NgMuZuQ8DjjpWUJl2ROauXX1Lf31dy9s3BK2B5Pz/+emf8l0k1mHFQt84QzbfsW5CUnNaPSQYurahCuXinah8OqCtiWh16unvbfByadFX37HOST+Z1YrgCfuFIRQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898348; c=relaxed/simple; bh=r0RAMTTzcl3QerDPK7GuQhjoSzicULfE+7j1eBgSURE=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=WuO2nt/uNrsxStyp3pdZrx4qJynsJBgsy6EQITEhjyu7IOhq8Ki6l7cm8D70ZilZPR2w9feoKn5XQyOuiJ3LLTC9prF4LPDA90Rs8pX/z2jIHe9KF270X/3ayVm0JX4NQJHh4dzeSJTrGxKOAUV+FQKvpZY9CI6gCqcY31bc/IY= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org A773F3858404 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id DA2B81424; Fri, 29 Nov 2024 08:39:37 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 849613F5A1; Fri, 29 Nov 2024 08:39:07 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 17/22] aarch64: Handle GCS marking Date: Fri, 29 Nov 2024 16:37:16 +0000 Message-Id: <20241129163721.2385847-18-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy - Handle GCS marking - Use l_searchlist.r_list for gcs (allows using the same function for static exe) --- sysdeps/aarch64/Makefile | 4 ++- sysdeps/aarch64/dl-gcs.c | 59 +++++++++++++++++++++++++++++++++++++++ sysdeps/aarch64/dl-prop.h | 15 ++++++---- sysdeps/aarch64/linkmap.h | 1 + 4 files changed, 73 insertions(+), 6 deletions(-) create mode 100644 sysdeps/aarch64/dl-gcs.c diff --git a/sysdeps/aarch64/Makefile b/sysdeps/aarch64/Makefile index ca8b96f550..74479604f2 100644 --- a/sysdeps/aarch64/Makefile +++ b/sysdeps/aarch64/Makefile @@ -9,7 +9,9 @@ LDFLAGS-rtld += -Wl,-z,force-bti,--fatal-warnings endif ifeq ($(subdir),elf) -sysdep-dl-routines += dl-bti +sysdep-dl-routines += \ + dl-bti \ + dl-gcs tests += tst-audit26 \ tst-audit27 diff --git a/sysdeps/aarch64/dl-gcs.c b/sysdeps/aarch64/dl-gcs.c new file mode 100644 index 0000000000..764b8a56e9 --- /dev/null +++ b/sysdeps/aarch64/dl-gcs.c @@ -0,0 +1,59 @@ +/* AArch64 GCS functions. + Copyright (C) 2024 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static void +fail (struct link_map *l, const char *program) +{ + if (program) + _dl_fatal_printf ("%s: %s: not GCS compatible\n", program, l->l_name); + else + _dl_signal_error (0, l->l_name, "dlopen", N_("not GCS compatible")); +} + +static void +check_gcs (struct link_map *l, const char *program) +{ + if (!l->l_mach.gcs) + { + if (GLRO(dl_aarch64_gcs_policy) == 2 || !program) + fail (l, program); + if (GLRO(dl_aarch64_gcs_policy) == 1 && program) + GL(dl_aarch64_gcs) = 0; + } +} + +/* Apply GCS policy for L and its dependencies. */ + +void +_dl_gcs_check (struct link_map *l, const char *program) +{ + /* GCS is disabled. */ + if (GL(dl_aarch64_gcs) == 0) + return; + /* GCS marking is ignored. */ + if (GLRO(dl_aarch64_gcs_policy) == 0) + return; + + check_gcs (l, program); + for (unsigned int i = 0; i < l->l_searchlist.r_nlist; i++) + check_gcs (l->l_searchlist.r_list[i], program); +} diff --git a/sysdeps/aarch64/dl-prop.h b/sysdeps/aarch64/dl-prop.h index df05c0211d..72ac11aec0 100644 --- a/sysdeps/aarch64/dl-prop.h +++ b/sysdeps/aarch64/dl-prop.h @@ -24,16 +24,21 @@ extern void _dl_bti_protect (struct link_map *, int) attribute_hidden; extern void _dl_bti_check (struct link_map *, const char *) attribute_hidden; +extern void _dl_gcs_check (struct link_map *, const char *) + attribute_hidden; + static inline void __attribute__ ((always_inline)) _rtld_main_check (struct link_map *m, const char *program) { _dl_bti_check (m, program); + _dl_gcs_check (m, program); } static inline void __attribute__ ((always_inline)) _dl_open_check (struct link_map *m) { _dl_bti_check (m, NULL); + _dl_gcs_check (m, NULL); } static inline void __attribute__ ((always_inline)) @@ -45,10 +50,6 @@ static inline int _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { - if (!GLRO(dl_aarch64_cpu_features).bti) - /* Skip note processing. */ - return 0; - if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) { /* Stop if the property note is ill-formed. */ @@ -57,7 +58,11 @@ _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, unsigned int feature_1 = *(unsigned int *) data; if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) - _dl_bti_protect (l, fd); + if (GLRO(dl_aarch64_cpu_features).bti) + _dl_bti_protect (l, fd); + + if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_GCS) + l->l_mach.gcs = 1; /* Stop if we processed the property note. */ return 0; diff --git a/sysdeps/aarch64/linkmap.h b/sysdeps/aarch64/linkmap.h index 56a63fc3dd..423fc0bd8e 100644 --- a/sysdeps/aarch64/linkmap.h +++ b/sysdeps/aarch64/linkmap.h @@ -23,4 +23,5 @@ struct link_map_machine ElfW(Addr) plt; /* Address of .plt */ void *tlsdesc_table; /* Address of TLS descriptor hash table. */ bool bti_fail; /* Failed to enable Branch Target Identification. */ + bool gcs; /* Guarded Control Stack marking. */ }; From patchwork Fri Nov 29 16:37:17 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102158 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 62F163858D29 for ; Fri, 29 Nov 2024 16:48:34 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 62F163858D29 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id C892F3858C35 for ; Fri, 29 Nov 2024 16:39:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C892F3858C35 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C892F3858C35 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898357; cv=none; b=DrCDyClM4mLr/wG80qdehlhiN5O9edadb9riiFC2tO/tMHm3D6uswEbFBRMyHLVD5Co1xG6jKyMclGDF5zixei0S9smCSDWpUITjpj3xrxuQurZ1nkBkRbMVPVRWkGcXF70d2sneOr+Y0OMGMU+SLKEA5qVr10KNmc09iM55BV8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898357; c=relaxed/simple; bh=pgGt1V0e6j9TXRuUGoKKPsFBocHqTbLU7Z2kO0A2P1g=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=WlQFO+HynTrsuaGjQDzHj323Le6+ZyFdOsXCrt2V89dPHRVzskUGR+gGdkQmyefIyR8u9FMUS4Unf/GLwQAyqh8SDIRtopPs3K7jgX24+EUvXuVXrxj8XNvxoY7f6vtq5n/NgLEDMBt3E5s1uXnHglQBwBAalzpjGXD3Jea5n7g= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C892F3858C35 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8539F1570; Fri, 29 Nov 2024 08:39:43 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2180A3F5A1; Fri, 29 Nov 2024 08:39:13 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 18/22] aarch64: Ignore GCS property of ld.so Date: Fri, 29 Nov 2024 16:37:17 +0000 Message-Id: <20241129163721.2385847-19-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy check_gcs is called for each dependency of a DSO, but the GNU property of the ld.so is not processed so ldso->l_mach.gcs may not be correct. Just assume ld.so is GCS compatible independently of the ELF marking. --- sysdeps/aarch64/dl-gcs.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sysdeps/aarch64/dl-gcs.c b/sysdeps/aarch64/dl-gcs.c index 764b8a56e9..b81aa30787 100644 --- a/sysdeps/aarch64/dl-gcs.c +++ b/sysdeps/aarch64/dl-gcs.c @@ -32,6 +32,11 @@ fail (struct link_map *l, const char *program) static void check_gcs (struct link_map *l, const char *program) { +#ifdef SHARED + /* Ignore GCS marking on ld.so: its properties are not processed. */ + if (l->l_real == &GL(dl_rtld_map)) + return; +#endif if (!l->l_mach.gcs) { if (GLRO(dl_aarch64_gcs_policy) == 2 || !program) From patchwork Fri Nov 29 16:37:18 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102148 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 87DBB3858417 for ; Fri, 29 Nov 2024 16:42:05 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 87DBB3858417 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 9E2843858435 for ; Fri, 29 Nov 2024 16:39:20 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9E2843858435 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9E2843858435 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898360; cv=none; b=OxWkue0fgWL0QZ54Zp4eloJlwUdC1Z/AgkhhXenkwxrvkwrXeZ8VOiVAzA/4hOZJ/rfhUQtBEPTmJRguZFji+8kJZbeYPQp4UmIAD3cC/tBH6T0l1oZ8nJgUzTADMpnYT2U0esWkTp4MSZdnS97lr31UfXNSe9OfNni97/veg+0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898360; c=relaxed/simple; bh=Q8HslczlT64puxqYjZNDWc4qXOvaRIUoFjvqx8w5sSY=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=KP1oo4zpobYyxTAHJJSq8klo3v+a/9tTYqLwPEcJbvvC3538OkDV4s49FAUxic+XxBSbQ2wQu21H3so14jn2Q9tF92EkB9BW+VxIBHicT9Eh4GhwiRUdum/YKNVssPAyMOCJDOSQgU1+BSR6lfzB30CVadWfCxDX+q/4rqFUQA4= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9E2843858435 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0DDC612FC; Fri, 29 Nov 2024 08:39:49 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id AA9943F5A1; Fri, 29 Nov 2024 08:39:18 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 19/22] aarch64: Process gnu properties in static exe Date: Fri, 29 Nov 2024 16:37:18 +0000 Message-Id: <20241129163721.2385847-20-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Unlike for BTI, the kernel does not process GCS properties so update GL(dl_aarch64_gcs) before the GCS status is set. --- sysdeps/unix/sysv/linux/aarch64/libc-start.h | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/sysdeps/unix/sysv/linux/aarch64/libc-start.h b/sysdeps/unix/sysv/linux/aarch64/libc-start.h index 0dd102c374..1cc4dab818 100644 --- a/sysdeps/unix/sysv/linux/aarch64/libc-start.h +++ b/sysdeps/unix/sysv/linux/aarch64/libc-start.h @@ -21,6 +21,8 @@ #ifndef SHARED +# include + # ifndef PR_SET_SHADOW_STACK_STATUS # define PR_GET_SHADOW_STACK_STATUS 74 # define PR_SET_SHADOW_STACK_STATUS 75 @@ -36,6 +38,16 @@ aarch64_libc_setup_tls (void) { __libc_setup_tls (); + struct link_map *main_map = _dl_get_dl_main_map (); + const ElfW(Phdr) *phdr = GL(dl_phdr); + const ElfW(Phdr) *ph; + for (ph = phdr; ph < phdr + GL(dl_phnum); ph++) + if (ph->p_type == PT_GNU_PROPERTY) + { + _dl_process_pt_gnu_property (main_map, -1, ph); + _rtld_main_check (main_map, _dl_argv[0]); + break; + } uint64_t s = GL(dl_aarch64_gcs); if (s != 0) INLINE_SYSCALL_CALL (prctl, PR_SET_SHADOW_STACK_STATUS, s, 0, 0, 0); From patchwork Fri Nov 29 16:37:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102154 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id B23C03858C56 for ; Fri, 29 Nov 2024 16:45:43 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B23C03858C56 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 23D24385840F for ; Fri, 29 Nov 2024 16:39:26 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 23D24385840F Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 23D24385840F Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898366; cv=none; b=jv19vvUa7LXqKmpkSvBuB3p4P98tD9i6odcI2I61MyILHSm7OG3/iueqxrLg8+Y9yCG9Enl6kJTgWFlOazLFTVhWX96Ba/cufqpPlAVi+bQWDiWYSHyOkRCYXOV1Q8rIgSJPaxNpMw+k+/mK6AmLY+aHR48g67Gc/zM0XT7AnAY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898366; c=relaxed/simple; bh=8Iw5rQsiZbL+jLZO63amAwGFryK7ll/KvJhJauRYqYs=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=FrCMQjbszyq147XgmYiaSCXSir4Bif4QtU4P6QT8IC/XIw3YdJIGWFcECwnn7G1GK9y+0t09HbbfrQ4CWe1T+0GCfpgmU9H1I8LCTw7yYm0rtOxve0u1/V5zoW+a9zbeMOdekFf14gXdzco87xGu+TCyJMRAzyw70qcezYal2Xg= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 628E912FC; Fri, 29 Nov 2024 08:39:55 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B9C323F5A1; Fri, 29 Nov 2024 08:39:24 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 20/22] aarch64: Add GCS user-space allocation logic Date: Fri, 29 Nov 2024 16:37:19 +0000 Message-Id: <20241129163721.2385847-21-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Allocate GCS based on the stack size, this can be used for coroutines (makecontext) and thread creation (if the kernel allows user allocated GCS). --- sysdeps/aarch64/Makefile | 3 +- sysdeps/aarch64/__alloc_gcs.c | 66 +++++++++++++++++++++++++++++++++++ sysdeps/aarch64/aarch64-gcs.h | 36 +++++++++++++++++++ 3 files changed, 104 insertions(+), 1 deletion(-) create mode 100644 sysdeps/aarch64/__alloc_gcs.c create mode 100644 sysdeps/aarch64/aarch64-gcs.h diff --git a/sysdeps/aarch64/Makefile b/sysdeps/aarch64/Makefile index 74479604f2..4b7f8a5c07 100644 --- a/sysdeps/aarch64/Makefile +++ b/sysdeps/aarch64/Makefile @@ -71,7 +71,8 @@ sysdep_headers += sys/ifunc.h sysdep_routines += \ __mtag_tag_zero_region \ __mtag_tag_region \ - __arm_za_disable + __arm_za_disable \ + __alloc_gcs tests += \ tst-sme-jmp diff --git a/sysdeps/aarch64/__alloc_gcs.c b/sysdeps/aarch64/__alloc_gcs.c new file mode 100644 index 0000000000..62b7b6f396 --- /dev/null +++ b/sysdeps/aarch64/__alloc_gcs.c @@ -0,0 +1,66 @@ +/* AArch64 GCS allocation. + Copyright (C) 2024 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +#ifndef __NR_map_shadow_stack +# define __NR_map_shadow_stack 453 +#endif +#ifndef SHADOW_STACK_SET_TOKEN +# define SHADOW_STACK_SET_TOKEN (1UL << 0) +# define SHADOW_STACK_SET_MARKER (1UL << 1) +#endif + +static void * +map_shadow_stack (void *addr, size_t size, unsigned long flags) +{ + return (void *) INLINE_SYSCALL_CALL (map_shadow_stack, addr, size, flags); +} + +#define GCS_MAX_SIZE (1UL << 31) +#define GCS_ALTSTACK_RESERVE 160 + +void * +__alloc_gcs (size_t stack_size, void **ss_base, size_t *ss_size) +{ + size_t size = (stack_size / 2 + GCS_ALTSTACK_RESERVE) & -8UL; + if (size > GCS_MAX_SIZE) + size = GCS_MAX_SIZE; + + unsigned long flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN; + void *base = map_shadow_stack (NULL, size, flags); + if (base == (void *) -1) + return NULL; + + *ss_base = base; + *ss_size = size; + + uint64_t *gcsp = (uint64_t *) ((char *) base + size); + /* Skip end of GCS token. */ + gcsp--; + /* Verify GCS cap token. */ + gcsp--; + if (((uint64_t)gcsp & 0xfffffffffffff000) + 1 != *gcsp) + { + __munmap (base, size); + return NULL; + } + /* Return the target GCS pointer for context switch. */ + return gcsp + 1; +} diff --git a/sysdeps/aarch64/aarch64-gcs.h b/sysdeps/aarch64/aarch64-gcs.h new file mode 100644 index 0000000000..cbd1065a5d --- /dev/null +++ b/sysdeps/aarch64/aarch64-gcs.h @@ -0,0 +1,36 @@ +/* AArch64 GCS (Guarded Control Stack) declarations. + This file is part of the GNU C Library. + Copyright (C) 2024 Free Software Foundation, Inc. + Copyright The GNU Toolchain Authors. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _AARCH64_GCS_H +#define _AARCH64_GCS_H + +#include +#include + +void *__alloc_gcs (size_t, void **, size_t *) attribute_hidden; + +static inline bool +has_gcs (void) +{ + register unsigned long x16 asm ("x16") = 1; + asm ("hint 40" /* chkfeat x16 */ : "+r" (x16)); + return x16 == 0; +} + +#endif From patchwork Fri Nov 29 16:37:20 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102156 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E1CCE3858CD9 for ; Fri, 29 Nov 2024 16:46:57 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E1CCE3858CD9 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 202483858408 for ; Fri, 29 Nov 2024 16:39:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 202483858408 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 202483858408 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898372; cv=none; b=fSs3fEG8nb2i9etk4itaYZzseEsVp8of8/PR/I2+z277vet3DPW2fGYZJ4Td9EdKx/6f3/MAcWiz4PqS+Qx77x8PYaL+vBTMLMZ15TbguG0wOIB8sQeJWKFVUbeFyUSrn109zUltTVWrsRcDB8cGQZTGlKpigzVTJ8aP7k6Olz4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898372; c=relaxed/simple; bh=jbcaNgigrOYvU0NtWMUQs+c8RQF/78bBfNqzudtjWp0=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=nIpX/7lyuX94rMVEY45CVnV778AbXX0OdtBmHnc3PU4uVIsEl/7OR4ckMghrhMt9T/XTJsxIOG/N6JkxsYbIUlPgNtf8nxmutnn8DW8uAShQYljSXFYnug4Z1CoOQlOGrLWg+6ZOs4Rb8HBZxfktlbHsk+Dvmwzqua2nPDfYyE8= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 53D1E1424; Fri, 29 Nov 2024 08:40:01 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id CF5F63F5A1; Fri, 29 Nov 2024 08:39:30 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 21/22] aarch64: Use __alloc_gcs in makecontext Date: Fri, 29 Nov 2024 16:37:20 +0000 Message-Id: <20241129163721.2385847-22-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy --- sysdeps/unix/sysv/linux/aarch64/makecontext.c | 41 +++---------------- 1 file changed, 6 insertions(+), 35 deletions(-) diff --git a/sysdeps/unix/sysv/linux/aarch64/makecontext.c b/sysdeps/unix/sysv/linux/aarch64/makecontext.c index 779f7e55aa..33824ae614 100644 --- a/sysdeps/unix/sysv/linux/aarch64/makecontext.c +++ b/sysdeps/unix/sysv/linux/aarch64/makecontext.c @@ -23,6 +23,7 @@ #include #include #include +#include "aarch64-gcs.h" #define GCS_MAGIC 0x47435300 @@ -72,47 +73,17 @@ __libc_aarch64_thread_freeres (void) free_gcs_list (); } -#ifndef __NR_map_shadow_stack -# define __NR_map_shadow_stack 453 -#endif -#ifndef SHADOW_STACK_SET_TOKEN -# define SHADOW_STACK_SET_TOKEN (1UL << 0) -# define SHADOW_STACK_SET_MARKER (1UL << 1) -#endif - -static void * -map_shadow_stack (void *addr, size_t size, unsigned long flags) -{ - return (void *) INLINE_SYSCALL_CALL (map_shadow_stack, addr, size, flags); -} - -#define GCS_MAX_SIZE (1UL << 31) -#define GCS_ALTSTACK_RESERVE 160 - static void * alloc_makecontext_gcs (size_t stack_size) { - size_t size = (stack_size / 2 + GCS_ALTSTACK_RESERVE) & -8UL; - if (size > GCS_MAX_SIZE) - size = GCS_MAX_SIZE; - - unsigned long flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN; - void *base = map_shadow_stack (NULL, size, flags); - if (base == (void *) -1) + void *base; + size_t size; + void *gcsp = __alloc_gcs (stack_size, &base, &size); + if (gcsp == NULL) /* ENOSYS, bad size or OOM. */ abort (); - record_gcs (base, size); - - uint64_t *gcsp = (uint64_t *) ((char *) base + size); - /* Skip end of GCS token. */ - gcsp--; - /* Verify GCS cap token. */ - gcsp--; - if (((uint64_t)gcsp & 0xfffffffffffff000) + 1 != *gcsp) - abort (); - /* Return the target GCS pointer for context switch. */ - return gcsp + 1; + return gcsp; } void From patchwork Fri Nov 29 16:37:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 102159 X-Patchwork-Delegate: carlos@redhat.com Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C635D3858C48 for ; Fri, 29 Nov 2024 16:49:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C635D3858C48 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 28EF63858D33 for ; Fri, 29 Nov 2024 16:39:39 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 28EF63858D33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 28EF63858D33 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898379; cv=none; b=OFI+xi5snZgj4M29EHUA0d4ecjq78MiUaj1zfNvpudTD6I/rbkVDBnaD5o32hjR6AFm0Wn68PjqZEudqXyDEkjJK2f59EIY2d2dF4XHd8ztCaMYMQ7u3Q5poci2TX0V8plBCdThT4QnD70DPSYgTJd/dxDHIWIHA6CPSfDg19b4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1732898379; c=relaxed/simple; bh=xJbf0VTOtVv6gUH2k4eE6tsEPx0KkHWf5vw9JbvAbtU=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=eyCMHKHBogmk5LfjKNUA3cfZeiwU5fZuEDPZWeiY5lADM0SX6z8x/m8EJ/zUonKKTtHW5VmkZ+h+5L1M98UQgp3z+USGjrh0vtOxrm/A4uJ+Yj5VArD6iv1MKP/TIR/rtCvmunVHOAAyv+0SPV0BTWJngMBaWYfZENz1sGtnn9M= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 5DFE812FC; Fri, 29 Nov 2024 08:40:07 -0800 (PST) Received: from udebian.localdomain (unknown [10.1.35.24]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D9F503F5A1; Fri, 29 Nov 2024 08:39:36 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de Subject: [PATCH v4 22/22] aarch64: Fix tests not compatible with targets supporting GCS Date: Fri, 29 Nov 2024 16:37:21 +0000 Message-Id: <20241129163721.2385847-23-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241129163721.2385847-1-yury.khrustalev@arm.com> References: <20241129163721.2385847-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.1 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org - Add GCS marking to some of the tests when target supports GCS - Fix tst-ro-dynamic-mod.map linker script to avoid removing GNU properties - Add header with macros for GNU properties --- elf/tst-asm-helper.h | 49 ++++++++++++++++++++++++++++++++++ elf/tst-big-note-lib.S | 2 ++ elf/tst-ro-dynamic-mod.map | 7 +++-- sysdeps/aarch64/tst-vpcs-mod.S | 4 ++- 4 files changed, 57 insertions(+), 5 deletions(-) create mode 100644 elf/tst-asm-helper.h diff --git a/elf/tst-asm-helper.h b/elf/tst-asm-helper.h new file mode 100644 index 0000000000..23c82369ae --- /dev/null +++ b/elf/tst-asm-helper.h @@ -0,0 +1,49 @@ +/* Test header that defines macros for GNU properties that need to be + used in some test assembly files where sysdep.h cannot be included + for some reason. + Copyright (C) 2021-2024 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* GNU_PROPERTY_AARCH64_* macros from elf.h for use in asm code. */ +#define FEATURE_1_AND 0xc0000000 +#define FEATURE_1_BTI 1 +#define FEATURE_1_PAC 2 +#define FEATURE_1_GCS 4 + +/* Add a NT_GNU_PROPERTY_TYPE_0 note. */ +#define GNU_PROPERTY(type, value) \ + .section .note.gnu.property, "a"; \ + .p2align 3; \ + .word 4; \ + .word 16; \ + .word 5; \ + .asciz "GNU"; \ + .word type; \ + .word 4; \ + .word value; \ + .word 0; \ + .text + +/* Add GNU property note with the supported features to all asm code + where sysdep.h is included. */ +#if HAVE_AARCH64_BTI && HAVE_AARCH64_PAC_RET +GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_PAC|FEATURE_1_GCS) +#elif HAVE_AARCH64_BTI +GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_GCS) +#endif diff --git a/elf/tst-big-note-lib.S b/elf/tst-big-note-lib.S index 5eb1e03cfb..cfd31137e8 100644 --- a/elf/tst-big-note-lib.S +++ b/elf/tst-big-note-lib.S @@ -20,6 +20,8 @@ On a typical Linux system with 8MiB "ulimit -s", that was enough to trigger stack overflow in open_verify. */ +#include "tst-asm-helper.h" + #define NOTE_SIZE 8*1024*1024 .pushsection .note.big,"a" diff --git a/elf/tst-ro-dynamic-mod.map b/elf/tst-ro-dynamic-mod.map index 2fe4a2998c..2a158480c0 100644 --- a/elf/tst-ro-dynamic-mod.map +++ b/elf/tst-ro-dynamic-mod.map @@ -3,14 +3,13 @@ SECTIONS . = SIZEOF_HEADERS; .dynamic : { *(.dynamic) } :text :dynamic .rodata : { *(.data*) *(.bss*) } :text - /DISCARD/ : { - *(.note.gnu.property) - } - .note : { *(.note.*) } :text :note + .note : { *(.note) } :text :note + .note.gnu.property : { *(.note.gnu.property) } :text :gnu_property } PHDRS { text PT_LOAD FLAGS(5) FILEHDR PHDRS; dynamic PT_DYNAMIC FLAGS(4); note PT_NOTE FLAGS(4); + gnu_property PT_GNU_PROPERTY FLAGS(4); } diff --git a/sysdeps/aarch64/tst-vpcs-mod.S b/sysdeps/aarch64/tst-vpcs-mod.S index 19b01c3c38..b3b5824eda 100644 --- a/sysdeps/aarch64/tst-vpcs-mod.S +++ b/sysdeps/aarch64/tst-vpcs-mod.S @@ -17,6 +17,8 @@ License along with the GNU C Library. If not, see . */ +#include "tst-asm-helper.h" + .variant_pcs vpcs_call .global vpcs_call .type vpcs_call, %function @@ -121,7 +123,7 @@ vpcs_call_regs: /* Emulate a BL using B, but save x30 before the branch. */ adr x30, .L_return_addr stp x30, x29, [x1, 240] - b vpcs_call + bl vpcs_call .L_return_addr: /* Restore callee-saved registers. */