From patchwork Fri Jan 3 15:41:19 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103946 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E18EB385840D for ; Fri, 3 Jan 2025 15:42:56 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E18EB385840D X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 5AB0D3858CD1 for ; Fri, 3 Jan 2025 15:41:56 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5AB0D3858CD1 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 5AB0D3858CD1 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918916; cv=none; b=JHwtx06AQmpmqe2ll3Li9TUUr/0InPbrTBb36iZL6PxkTsWNld6MxlVaXUQNpBQqycMl6w9j8iFbphfeIv91XzpLFFSNRT1URuQkDOeJyU8MCJ3FC9+U5ShbcpHB4ui6Dw817jsVJALFrtSd+NBCy5SPuRcZiReadYzfX71XnIs= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918916; c=relaxed/simple; bh=DoW3n9FlE3Lt8ce9+k04CzN4I7gcBiz+rznPWr//ypM=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=RnzJMXMLZYlaMkwFdjL9l7rqSc+9YXeq+LAmxwBtShynXCw4JsFotUgzDUKgrLBSqtQs3RtKkv0c8mD18oqmHcJGhJ71dSwueSZBO/YlFUTeDlZrqWdWdeoGajwYyEwXVrYJo51RV7cOCwy+dcJ/cZedKCLTF+lvpyZ6VCHGGP8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5AB0D3858CD1 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 496481480; Fri, 3 Jan 2025 07:42:24 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 095CB3F6A8; Fri, 3 Jan 2025 07:41:54 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 01/23] aarch64: Add asm helpers for GCS Date: Fri, 3 Jan 2025 15:41:19 +0000 Message-Id: <20250103154141.47731-2-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy The Guarded Control Stack instructions can be present even if the hardware does not support the extension (runtime checked feature), so the asm code should be backward compatible with old assemblers. Reviewed-by: Carlos O'Donell Reviewed-by: Wilco Dijkstra --- sysdeps/aarch64/sysdep.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/sysdeps/aarch64/sysdep.h b/sysdeps/aarch64/sysdep.h index 1b317735a4..4df120ad80 100644 --- a/sysdeps/aarch64/sysdep.h +++ b/sysdeps/aarch64/sysdep.h @@ -74,6 +74,13 @@ strip_pac (void *p) #define PACIASP hint 25 #define AUTIASP hint 29 +/* Guarded Control Stack support. */ +#define CHKFEAT_X16 hint 40 +#define MRS_GCSPR(x) mrs x, s3_3_c2_c5_1 +#define GCSPOPM(x) sysl x, #3, c7, c7, #1 +#define GCSSS1(x) sys #3, c7, c7, #2, x +#define GCSSS2(x) sysl x, #3, c7, c7, #3 + /* GNU_PROPERTY_AARCH64_* macros from elf.h for use in asm code. */ #define FEATURE_1_AND 0xc0000000 #define FEATURE_1_BTI 1 From patchwork Fri Jan 3 15:41:20 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103947 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 3500F385840D for ; Fri, 3 Jan 2025 15:43:04 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 3500F385840D X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id EF7E53858C31 for ; Fri, 3 Jan 2025 15:42:01 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EF7E53858C31 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org EF7E53858C31 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918922; cv=none; b=SQ2MTnU5yY2VdM6X/rp913n0hZ8inIx1lgXjpYJ7QxU7ISflR0IPJW9oLT0z2I6SsFYwUipbLj01GxOjHV9IC46dA8ErYpVt2b/1X0nfW6aaI5wqf8dXDqiVyi1WAL9GI0MTITD3oQym1c0zwjJsagXPsFbiaBC7AL7l0R/iRtM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918922; c=relaxed/simple; bh=GK2v7AVTiFN3MXU2iO/RTYYtRcUZUJAWU7xFj/D+fsw=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=xKIWy460DobZFM59iDMPPvyuRDWxgJP5xmLytAp6vGnK/4/YLm4cHHOsZDVNvAM/SGGUms6qqzyfN4EwN25Z1LiOtAWRFt/Ob0pgRNRXt8dioWWb56192BMPK6G+AKObIA4lP1O5Szr/0ym65DeGjF2Q+xQFEwxkTM3Z6ljXm0o= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EF7E53858C31 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id CD9E71480; Fri, 3 Jan 2025 07:42:29 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id B23D33F6A8; Fri, 3 Jan 2025 07:42:00 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 02/23] elf.h: Define GNU_PROPERTY_AARCH64_FEATURE_1_GCS Date: Fri, 3 Jan 2025 15:41:20 +0000 Message-Id: <20250103154141.47731-3-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Reviewed-by: Carlos O'Donell Reviewed-by: Wilco Dijkstra --- elf/elf.h | 1 + 1 file changed, 1 insertion(+) diff --git a/elf/elf.h b/elf/elf.h index 91b76ab5b6..96df2eec01 100644 --- a/elf/elf.h +++ b/elf/elf.h @@ -1391,6 +1391,7 @@ typedef struct #define GNU_PROPERTY_AARCH64_FEATURE_1_BTI (1U << 0) #define GNU_PROPERTY_AARCH64_FEATURE_1_PAC (1U << 1) +#define GNU_PROPERTY_AARCH64_FEATURE_1_GCS (1U << 2) /* The x86 instruction sets indicated by the corresponding bits are used in program. Their support in the hardware is optional. */ From patchwork Fri Jan 3 15:41:21 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103948 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 03673385840B for ; Fri, 3 Jan 2025 15:43:11 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 03673385840B X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 2D91A3858C32 for ; Fri, 3 Jan 2025 15:42:07 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2D91A3858C32 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 2D91A3858C32 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918927; cv=none; b=IkXt4uWlM/oZYpWgrRZRGgEpWtn3oxOY/SSQNKq2A87Go9tU39LSYX/WvGgmi3NaDZMKkwAspmzQUA0TFDIYh7D+DuxSbhd+vxfhWXp5y2pdUPHbJLgGGHSdA7wQoqTnJlbcRsc+fKWwF9/YV8SAHUKGU/gjFrUCOiP0rAOD3Mc= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918927; c=relaxed/simple; bh=0vGObjzf1HyugOmI8yK4l2yVoojF9DEfm6JIM2Y4Ilg=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=MYj0Xsz2KkmjfbF8fPfzCq8IBrEW6gVDbcOIQfNw9CY0T3zjCCOvmd7iKgUT0anmfQoxgPxtbJUpVbQg79dVI3k6Ll67DTkgtqavus+elcaOoniolH62tz52I0m23N3O7E+Ohll9hon+y9bl+ti6TJanbt7SQ55N66oTOH0neSQ= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2D91A3858C32 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2ED191480; Fri, 3 Jan 2025 07:42:35 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 14EF83F6A8; Fri, 3 Jan 2025 07:42:05 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 03/23] aarch64: Define jmp_buf offset for GCS Date: Fri, 3 Jan 2025 15:41:21 +0000 Message-Id: <20250103154141.47731-4-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy The target specific internal __longjmp is called with a __jmp_buf argument which has its size exposed in the ABI. On aarch64 this has no space left, so GCSPR cannot be restored in longjmp in the usual way, which is needed for the Guarded Control Stack (GCS) extension. setjmp is implemented via __sigsetjmp which has a jmp_buf argument however it is also called with __pthread_unwind_buf_t argument cast to jmp_buf (in cancellation cleanup code built with -fno-exception). The two types, jmp_buf and __pthread_unwind_buf_t, have common bits beyond the __jmp_buf field and there is unused space there which we can use for saving GCSPR. For this to work some bits of those two generic types have to be reserved for target specific use and the generic code in glibc has to ensure that __longjmp is always called with a __jmp_buf that is embedded into one of those two types. Morally __longjmp should be changed to take jmp_buf as argument, but that is an intrusive change across targets. Note: longjmp is never called with __pthread_unwind_buf_t from user code, only the internal __libc_longjmp is called with that type and thus the two types could have separate longjmp implementations on a target. We don't rely on this now (but might in the future given that cancellation unwind does not need to restore GCSPR). Given the above this patch finds an unused slot for GCSPR. This placement is not exposed in the ABI so it may change in the future. This is also very target ABI specific so the generic types cannot be easily changed to clearly mark the reserved fields. Reviewed-by: Carlos O'Donell Reviewed-by: Wilco Dijkstra --- sysdeps/aarch64/jmpbuf-offsets.h | 62 ++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) diff --git a/sysdeps/aarch64/jmpbuf-offsets.h b/sysdeps/aarch64/jmpbuf-offsets.h index 73d51ba4e9..2720526640 100644 --- a/sysdeps/aarch64/jmpbuf-offsets.h +++ b/sysdeps/aarch64/jmpbuf-offsets.h @@ -39,6 +39,68 @@ #define JB_D14 20 #define JB_D15 21 +/* The target specific part of jmp_buf has no space for expansion but + the public jmp_buf ABI type has. Unfortunately there is another type + that is used with setjmp APIs and exposed by thread cancellation (in + binaries built with -fno-exceptions) which complicates the situation. + + // Internal layout of the public jmp_buf type on AArch64. + // This is passed to setjmp, longjmp, sigsetjmp, siglongjmp. + struct + { + uint64_t jmpbuf[22]; // Target specific part. + uint32_t mask_was_saved; // savemask bool used by sigsetjmp/siglongjmp. + uint32_t pad; + uint64_t saved_mask; // sigset_t bits used on linux. + uint64_t unused[15]; // sigset_t bits not used on linux. + }; + + // Internal layout of the public __pthread_unwind_buf_t type. + // This is passed to sigsetjmp with !savemask and to the internal + // __libc_longjmp (currently alias of longjmp on AArch64). + struct + { + uint64_t jmpbuf[22]; // Must match jmp_buf. + uint32_t mask_was_saved; // Must match jmp_buf, always 0. + uint32_t pad; + void *prev; // List for unwinding. + void *cleanup; // Cleanup handlers. + uint32_t canceltype; // 1 bit cancellation type. + uint32_t pad2; + void *pad3; + }; + + Ideally only the target specific part of jmp_buf (A) is accessed by + __setjmp and __longjmp. But that is always embedded into one of the + two types above so the bits that are unused in those types (B) may be + reused for target specific purposes. Setjmp can't distinguish between + jmp_buf and __pthread_unwind_buf_t, but longjmp can: only an internal + longjmp call uses the latter, so state that is not needed for cancel + cleanups can go to fields (C). If generic code is refactored then the + usage of additional fields can be optimized (D). And some fields are + only accessible in the savedmask case (E). Reusability of jmp_buf + fields on AArch64 for target purposes: + + struct + { + uint64_t A[22]; // 0 .. 176 + uint32_t D; // 176 .. 180 + uint32_t B; // 180 .. 184 + uint64_t D; // 184 .. 192 + uint64_t C; // 192 .. 200 + uint32_t C; // 200 .. 204 + uint32_t B; // 204 .. 208 + uint64_t B; // 208 .. 216 + uint64_t E[12]; // 216 .. 312 + } + + The B fields can be used with minimal glibc code changes. We need a + 64 bit field for the Guarded Control Stack pointer (GCSPR_EL0) which + can use a C field too as cancellation cleanup does not execute RET + for a previous BL of the cancelled thread, but that would require a + custom __libc_longjmp. This layout can change in the future. */ +#define JB_GCSPR 208 + #ifndef __ASSEMBLER__ #include #include From patchwork Fri Jan 3 15:41:22 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103949 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 14DF53858428 for ; Fri, 3 Jan 2025 15:43:29 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 14DF53858428 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 00D783858CD1 for ; Fri, 3 Jan 2025 15:42:12 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 00D783858CD1 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 00D783858CD1 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918933; cv=none; b=THMNi+JLMKO9Y9Vl59tfoYkNLgIDOh47aJ+IJfURd7fsxLfJk8myU53E3yMvwnMQW96WcmLnCjB0CH225VvMvIp+FYFpncNs3/eGuKSNZpRtjDbXr+4oZ+XvNJIJF0Mt6eCFELvdX/SHjLKIXWbhFrzou9X3zl1wyK3+C/S9Wvw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918933; c=relaxed/simple; bh=gCgBbNy6Z985d27XvUiJ/J+kIb0XtCHjKUUTff4GzU8=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=vWDEjwGKwdOHfejJiyDotVdTCr8RpW4AVwC0OPZ4GcRRbsE6C3ZS7TauB+Vb0WOsHH9F4zFUmedhAXsx2bgPj+WZA8Tn7kN9E5foJUENsD9GjODGxDXFQhXKITwKrLSKvdCAft+vk0dfKl8z2h2DW7YuNwkYV6euDv0+0yR6mu8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 00D783858CD1 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E53E41480; Fri, 3 Jan 2025 07:42:40 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id A4BC13F6A8; Fri, 3 Jan 2025 07:42:11 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 04/23] aarch64: Add GCS support to longjmp Date: Fri, 3 Jan 2025 15:41:22 +0000 Message-Id: <20250103154141.47731-5-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy This implementations ensures that longjmp across different stacks works: it scans for GCS cap token and switches GCS if necessary then the target GCSPR is restored with a GCSPOPM loop once the current GCSPR is on the same GCS. This makes longjmp linear time in the number of jumped over stack frames when GCS is enabled. Reviewed-by: Carlos O'Donell Reviewed-by: Wilco Dijkstra --- sysdeps/aarch64/__longjmp.S | 30 ++++++++++++++++++++++++++++++ sysdeps/aarch64/setjmp.S | 10 ++++++++++ 2 files changed, 40 insertions(+) diff --git a/sysdeps/aarch64/__longjmp.S b/sysdeps/aarch64/__longjmp.S index 2ef09112d7..38efddbbae 100644 --- a/sysdeps/aarch64/__longjmp.S +++ b/sysdeps/aarch64/__longjmp.S @@ -91,6 +91,36 @@ ENTRY (__longjmp) ldp d12, d13, [x0, #JB_D12<<3] ldp d14, d15, [x0, #JB_D14<<3] + /* GCS support. */ + mov x16, 1 + CHKFEAT_X16 + tbnz x16, 0, L(gcs_done) + MRS_GCSPR (x2) + ldr x3, [x0, #JB_GCSPR] + mov x4, x3 + /* x2: GCSPR now. x3, x4: target GCSPR. x5, x6: tmp regs. */ +L(gcs_scan): + cmp x2, x4 + b.eq L(gcs_pop) + sub x4, x4, 8 + /* Check for a cap token. */ + ldr x5, [x4] + and x6, x4, 0xfffffffffffff000 + orr x6, x6, 1 + cmp x5, x6 + b.ne L(gcs_scan) +L(gcs_switch): + add x2, x4, 8 + GCSSS1 (x4) + GCSSS2 (xzr) +L(gcs_pop): + cmp x2, x3 + b.eq L(gcs_done) + GCSPOPM (xzr) + add x2, x2, 8 + b L(gcs_pop) +L(gcs_done): + /* Originally this was implemented with a series of .cfi_restore() directives. diff --git a/sysdeps/aarch64/setjmp.S b/sysdeps/aarch64/setjmp.S index 4c968ae506..b630ca099a 100644 --- a/sysdeps/aarch64/setjmp.S +++ b/sysdeps/aarch64/setjmp.S @@ -57,6 +57,16 @@ ENTRY (__sigsetjmp) stp d10, d11, [x0, #JB_D10<<3] stp d12, d13, [x0, #JB_D12<<3] stp d14, d15, [x0, #JB_D14<<3] + + /* GCS support. */ + mov x16, 1 + CHKFEAT_X16 + tbnz x16, 0, L(gcs_done) + MRS_GCSPR (x2) + add x2, x2, 8 /* GCS state right after setjmp returns. */ + str x2, [x0, #JB_GCSPR] +L(gcs_done): + #ifdef PTR_MANGLE mov x4, sp PTR_MANGLE (5, 4, 3, 2) From patchwork Fri Jan 3 15:41:23 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103950 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id EEFF93858423 for ; Fri, 3 Jan 2025 15:45:30 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EEFF93858423 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id C37363858402 for ; Fri, 3 Jan 2025 15:42:18 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org C37363858402 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org C37363858402 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918938; cv=none; b=HnxgBuYJukOnic6hn/WFNe0mAjf5CNLp9Sn5+TkvVlp+qBs29iTRgvFEUANuiRB/ftTD8bBvUpp2hDMNRUbQFEC8VkCUINnd/QG6jU1BhMIZPKzXCtaPE3isRVMT+VcGdxwuFvZpg+gujlARO22wBCaw+yNDTXWVAlaod9HgCI0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918938; c=relaxed/simple; bh=tWJ11wtMlAO3PB4S5H43P+HS4pKBGLEPe2QVQORR1XI=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=g1IWxU27ZnAhUI1KqQpdkckKPgRsJWRx5uml2j3Opa2RjLuAlrTiD2s/EahK8vO4gPCDl52NVm5kRWLG8NJ+F7OQ4Ci5eSy3PQSKCv6qNVBzuf1p41H3aBFQZjngg3UpDkXrHDqTtBaiLyspor9Z/NyDqaRdxtiOOUzzTZwdd2o= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C37363858402 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id C3F071480; Fri, 3 Jan 2025 07:42:46 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 83B573F6A8; Fri, 3 Jan 2025 07:42:17 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 05/23] aarch64: Add GCS support to vfork Date: Fri, 3 Jan 2025 15:41:23 +0000 Message-Id: <20250103154141.47731-6-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Reviewed-by: Wilco Dijkstra Reviewed-by: Carlos O'Donell --- sysdeps/unix/sysv/linux/aarch64/vfork.S | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/sysdeps/unix/sysv/linux/aarch64/vfork.S b/sysdeps/unix/sysv/linux/aarch64/vfork.S index 27618567f1..d5943a7485 100644 --- a/sysdeps/unix/sysv/linux/aarch64/vfork.S +++ b/sysdeps/unix/sysv/linux/aarch64/vfork.S @@ -33,8 +33,13 @@ ENTRY (__vfork) cmn x0, #4095 b.cs .Lsyscall_error + cbz x0, L(child) RET - +L(child): + /* Return with indirect branch in the child to support GCS. + Compilers insert BTI instruction after vfork() to make + sure return via BR works on systems with BTI. */ + br x30 PSEUDO_END (__vfork) libc_hidden_def (__vfork) From patchwork Fri Jan 3 15:41:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103955 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E760B3858C3A for ; Fri, 3 Jan 2025 15:47:34 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org E760B3858C3A X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 52F9E3858D28 for ; Fri, 3 Jan 2025 15:42:24 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 52F9E3858D28 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 52F9E3858D28 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918944; cv=none; b=BWQwpubzgUHRBfwykOUNOt4hxXhmDEdc/jInh4qns6vhkpuZ/i3wUVMXxEHzkJDgQI3cIdepN7XajTx9UCVAOFyLrnJXb5mHabU6s2R+uBiNsxme3Z9EMzyQUIV7CSmnXfnhOlBvRTKtGNfYbujSrnjWy/wICOyGu0XAnYUKDQM= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918944; c=relaxed/simple; bh=fssr+Wbo+NI9aFlBuP+DFLQr+MZkS8AKzw78Nx+CaEM=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=fsOJuqhtzkJeoRn69Hc//iuJvRtrU0IL8jnouh6UAKO2T+MaqDCxveh0MjBGj8pKJEJ+/ELixIhhO1cAm+w2klw8uW44dwQ44kdoJwOyqUzpFKih5pNvVzjmOomq0hgvNetcjXTBHRHK4hSdDctxGNfoQyYkgseDe/lfU9pO/ug= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 52F9E3858D28 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 4DC88150C; Fri, 3 Jan 2025 07:42:52 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 33C863F6A8; Fri, 3 Jan 2025 07:42:23 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 06/23] aarch64: Add GCS support for setcontext Date: Fri, 3 Jan 2025 15:41:24 +0000 Message-Id: <20250103154141.47731-7-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-12.6 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_STOCKGEN, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Userspace ucontext needs to store GCSPR, it does not have to be compatible with the kernel ucontext. For now we use the linux struct gcs_context layout but only use the gcspr field from it. Similar implementation to the longjmp code, supports switching GCS if the target GCS is capped, and unwinding a continuous GCS to a previous state. Reviewed-by: Wilco Dijkstra Reviewed-by: Carlos O'Donell --- sysdeps/unix/sysv/linux/aarch64/getcontext.S | 17 ++++++++- sysdeps/unix/sysv/linux/aarch64/setcontext.S | 38 +++++++++++++++++++ sysdeps/unix/sysv/linux/aarch64/swapcontext.S | 32 ++++++++++++---- .../sysv/linux/aarch64/ucontext-internal.h | 5 +++ 4 files changed, 83 insertions(+), 9 deletions(-) diff --git a/sysdeps/unix/sysv/linux/aarch64/getcontext.S b/sysdeps/unix/sysv/linux/aarch64/getcontext.S index 8b18d859a0..d9dd066051 100644 --- a/sysdeps/unix/sysv/linux/aarch64/getcontext.S +++ b/sysdeps/unix/sysv/linux/aarch64/getcontext.S @@ -83,9 +83,24 @@ ENTRY(__getcontext) mrs x4, fpcr str w4, [x3, oFPCR - oFPSR] - /* Write the termination context extension header. */ add x2, x2, #FPSIMD_CONTEXT_SIZE + /* Save the GCSPR. */ + mov x16, 1 /* _CHKFEAT_GCS */ + CHKFEAT_X16 + tbnz x16, 0, L(gcs_done) + mov w3, #(GCS_MAGIC & 0xffff) + movk w3, #(GCS_MAGIC >> 16), lsl #16 + str w3, [x2, #oHEAD + oMAGIC] + mov w3, #GCS_CONTEXT_SIZE + str w3, [x2, #oHEAD + oSIZE] + MRS_GCSPR (x4) + add x4, x4, 8 /* GCS state right after getcontext returns. */ + str x4, [x2, #oGCSPR] + add x2, x2, #GCS_CONTEXT_SIZE +L(gcs_done): + + /* Write the termination context extension header. */ str wzr, [x2, #oHEAD + oMAGIC] str wzr, [x2, #oHEAD + oSIZE] diff --git a/sysdeps/unix/sysv/linux/aarch64/setcontext.S b/sysdeps/unix/sysv/linux/aarch64/setcontext.S index 633442ecf6..848229ff26 100644 --- a/sysdeps/unix/sysv/linux/aarch64/setcontext.S +++ b/sysdeps/unix/sysv/linux/aarch64/setcontext.S @@ -130,6 +130,44 @@ ENTRY (__setcontext) ldr w4, [x3, oFPCR - oFPSR] msr fpcr, x4 + /* Restore the GCS. */ + mov x16, 1 /* _CHKFEAT_GCS */ + CHKFEAT_X16 + tbnz x16, 0, L(gcs_done) + /* Get target GCS from GCS context. */ + ldr w1, [x2, #oHEAD + oSIZE] + add x2, x2, x1 + mov w3, #(GCS_MAGIC & 0xffff) + movk w3, #(GCS_MAGIC >> 16), lsl #16 + ldr w1, [x2, #oHEAD + oMAGIC] + cmp w1, w3 + b.ne L(gcs_done) + ldr x3, [x2, #oGCSPR] + MRS_GCSPR (x2) + mov x4, x3 + /* x2: GCSPR now. x3, x4: target GCSPR. x5, x6: tmp regs. */ +L(gcs_scan): + cmp x2, x4 + b.eq L(gcs_pop) + sub x4, x4, 8 + /* Check for a cap token. */ + ldr x5, [x4] + and x6, x4, 0xfffffffffffff000 + orr x6, x6, 1 + cmp x5, x6 + b.ne L(gcs_scan) +L(gcs_switch): + add x2, x4, 8 + GCSSS1 (x4) + GCSSS2 (xzr) +L(gcs_pop): + cmp x2, x3 + b.eq L(gcs_done) + GCSPOPM (xzr) + add x2, x2, 8 + b L(gcs_pop) +L(gcs_done): + 2: ldr x16, [x0, oPC] /* Restore arg registers. */ diff --git a/sysdeps/unix/sysv/linux/aarch64/swapcontext.S b/sysdeps/unix/sysv/linux/aarch64/swapcontext.S index 2a68d38521..893a902866 100644 --- a/sysdeps/unix/sysv/linux/aarch64/swapcontext.S +++ b/sysdeps/unix/sysv/linux/aarch64/swapcontext.S @@ -32,8 +32,15 @@ ENTRY(__swapcontext) And set up x1 to become the return address of the caller, so we can return there with a normal RET instead of an indirect jump. */ stp xzr, x30, [x0, oX0 + 0 * SZREG] + + /* With GCS, swapcontext calls are followed by BTI J, otherwise + we have to be compatible with old BTI enabled binaries. */ + mov x16, 1 /* _CHKFEAT_GCS */ + CHKFEAT_X16 + tbz x16, 0, L(skip_x30_redirect) /* Arrange the oucp context to return to 2f. */ adr x30, 2f +L(skip_x30_redirect): stp x18, x19, [x0, oX0 + 18 * SZREG] stp x20, x21, [x0, oX0 + 20 * SZREG] @@ -72,14 +79,27 @@ ENTRY(__swapcontext) mrs x4, fpcr str w4, [x3, #oFPCR - oFPSR] - /* Write the termination context extension header. */ add x2, x2, #FPSIMD_CONTEXT_SIZE + /* Save the GCSPR. */ + tbnz x16, 0, L(gcs_done) + mov w3, #(GCS_MAGIC & 0xffff) + movk w3, #(GCS_MAGIC >> 16), lsl #16 + str w3, [x2, #oHEAD + oMAGIC] + mov w3, #GCS_CONTEXT_SIZE + str w3, [x2, #oHEAD + oSIZE] + MRS_GCSPR (x4) + add x4, x4, 8 /* GCSPR of the caller. */ + str x4, [x2, #oGCSPR] + add x2, x2, #GCS_CONTEXT_SIZE +L(gcs_done): + + /* Write the termination context extension header. */ str wzr, [x2, #oHEAD + oMAGIC] str wzr, [x2, #oHEAD + oSIZE] /* Preserve ucp. */ - mov x21, x1 + mov x9, x1 /* rt_sigprocmask (SIG_SETMASK, &ucp->uc_sigmask, &oucp->uc_sigmask, _NSIG8) */ @@ -93,12 +113,8 @@ ENTRY(__swapcontext) svc 0 cbnz x0, 1f - mov x22, x30 - mov x0, x21 - bl JUMPTARGET (__setcontext) - mov x30, x22 - RET - + mov x0, x9 + b JUMPTARGET (__setcontext) 1: b C_SYMBOL_NAME(__syscall_error) 2: diff --git a/sysdeps/unix/sysv/linux/aarch64/ucontext-internal.h b/sysdeps/unix/sysv/linux/aarch64/ucontext-internal.h index d8e88c2f9f..8419842231 100644 --- a/sysdeps/unix/sysv/linux/aarch64/ucontext-internal.h +++ b/sysdeps/unix/sysv/linux/aarch64/ucontext-internal.h @@ -43,3 +43,8 @@ #define oX21 (oX0 + 21*8) #define oFP (oX0 + 29*8) #define oLR (oX0 + 30*8) + +/* Use kernel layout for saving GCSPR in ucontext. */ +#define GCS_MAGIC 0x47435300 +#define GCS_CONTEXT_SIZE 32 +#define oGCSPR 8 From patchwork Fri Jan 3 15:41:25 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103953 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 2FCBB3858283 for ; Fri, 3 Jan 2025 15:45:46 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2FCBB3858283 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 52FD23858C51 for ; Fri, 3 Jan 2025 15:42:30 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 52FD23858C51 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 52FD23858C51 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918950; cv=none; b=qyzakHylGMxKCgrmQbWqB3waq6dJySSORlK7G7/7YG3ryXUxkECxBPiikOzZY/AhmFXgYK3IOaycHRj2k3PgJ4Y4c7CBJ1Pw6vrt8p39N0+YiWcjH+6AgyHfFHqB9UeKEGlSGDo/z4+Bu5vHdLVmWUP246DwKBLgdCue90gAwk4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918950; c=relaxed/simple; bh=QOpWzsJkhh3vzUgIMPOD3FxBKSbqs2rf+nO+/uf+wRU=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=IMuLLzFb7HiEwiINjOjwA9Z1qCy8Uy8pNK4HlDO6EhvloLaQINMSp406R8OU4XF2HyaRhsR35aZhQ2wQnT6dM5dsF3uUx8dG4ywmXA3yfKcCBaN9omWEefxLC3blqlgEKLLiMLYkjn1iqvvMsUDc+/ClZ1k9xWvXXmZEmEQFVG8= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 52FD23858C51 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 437D21480; Fri, 3 Jan 2025 07:42:58 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 0304A3F6A8; Fri, 3 Jan 2025 07:42:28 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 07/23] aarch64: Mark swapcontext with indirect_return Date: Fri, 3 Jan 2025 15:41:25 +0000 Message-Id: <20250103154141.47731-8-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Reviewed-by: Wilco Dijkstra Reviewed-by: Carlos O'Donell --- sysdeps/aarch64/bits/indirect-return.h | 36 ++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 sysdeps/aarch64/bits/indirect-return.h diff --git a/sysdeps/aarch64/bits/indirect-return.h b/sysdeps/aarch64/bits/indirect-return.h new file mode 100644 index 0000000000..f0c4d2aca8 --- /dev/null +++ b/sysdeps/aarch64/bits/indirect-return.h @@ -0,0 +1,36 @@ +/* Definition of __INDIRECT_RETURN. AArch64 version. + Copyright (C) 2024-2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _UCONTEXT_H +# error "Never include directly; use instead." +#endif + +/* __INDIRECT_RETURN indicates that swapcontext may return via + an indirect branch. This happens when GCS is enabled, so + add the attribute if available, otherwise returns_twice has + a similar effect, but it prevents some code transformations + that can cause build failures in some rare cases so it is + only used when GCS is enabled. */ +#if __glibc_has_attribute (__indirect_return__) +# define __INDIRECT_RETURN __attribute__ ((__indirect_return__)) +#elif __glibc_has_attribute (__returns_twice__) \ + && defined __ARM_FEATURE_GCS_DEFAULT +# define __INDIRECT_RETURN __attribute__ ((__returns_twice__)) +#else +# define __INDIRECT_RETURN +#endif From patchwork Fri Jan 3 15:41:26 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103952 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CB47B385840A for ; Fri, 3 Jan 2025 15:45:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CB47B385840A X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 1FA5E3858405 for ; Fri, 3 Jan 2025 15:42:36 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 1FA5E3858405 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 1FA5E3858405 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918956; cv=none; b=LmY0Jh//x5vq2ehEJD71lcJgaHBtUhPplpehuYk0Q8sslAyApqgvCgThFIvSOHRlw8nq/BXgXmVf69PJ6hT0fxPcGcm1B1LXsCRGJ/H7sgorx7NXpBNANHHHX7E8CU4l3odXx1YHLDMGUAQyDcfKKYRZs4u0NxXZfIQhvAizZW0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918956; c=relaxed/simple; bh=QHqtccGFmgQ2KDk4BgixCqfITMynOqjnyE54R3P9haM=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=kvaeV7cxtWDk1aneaXKwEBxi7Gs79kJzM4rvDEbOq04FTljA0+rb5byFu8ctAWyBtCosyc82GDbJyyoWsJsrsCI4XsqSrBzKcxuBNa3HLjLWwnc169RyMEnwyMxF0PSANn4APJHzNkunO9S1lFV+q6ipX5ht7dN2I7QlIz/V3qw= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1FA5E3858405 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 171851480; Fri, 3 Jan 2025 07:43:04 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id CB3F63F6A8; Fri, 3 Jan 2025 07:42:34 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 08/23] aarch64: Add GCS support for makecontext Date: Fri, 3 Jan 2025 15:41:26 +0000 Message-Id: <20250103154141.47731-9-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Changed the makecontext logic: previously the first setcontext jumped straight to the user callback function and the return address is set to __startcontext. This does not work when GCS is enabled as the integrity of the return address is protected, so instead the context is setup such that setcontext jumps to __startcontext which calls the user callback (passed in x20). The map_shadow_stack syscall is used to allocate a suitably sized GCS (which includes some reserved area to account for altstack signal handlers and otherwise supports maximum number of 16 byte aligned stack frames on the given stack) however the GCS is never freed as the lifetime of ucontext and related stack is user managed. Reviewed-by: Wilco Dijkstra Reviewed-by: Carlos O'Donell --- sysdeps/unix/sysv/linux/aarch64/makecontext.c | 61 ++++++++++++++++++- sysdeps/unix/sysv/linux/aarch64/setcontext.S | 4 ++ 2 files changed, 63 insertions(+), 2 deletions(-) diff --git a/sysdeps/unix/sysv/linux/aarch64/makecontext.c b/sysdeps/unix/sysv/linux/aarch64/makecontext.c index 11516b79b9..99ba5b3f7c 100644 --- a/sysdeps/unix/sysv/linux/aarch64/makecontext.c +++ b/sysdeps/unix/sysv/linux/aarch64/makecontext.c @@ -22,6 +22,52 @@ #include #include +#define GCS_MAGIC 0x47435300 + +static struct _aarch64_ctx *extension (void *p) +{ + return p; +} + +#ifndef __NR_map_shadow_stack +# define __NR_map_shadow_stack 453 +#endif +#ifndef SHADOW_STACK_SET_TOKEN +# define SHADOW_STACK_SET_TOKEN (1UL << 0) +# define SHADOW_STACK_SET_MARKER (1UL << 1) +#endif + +static void * +map_shadow_stack (void *addr, size_t size, unsigned long flags) +{ + return (void *) INLINE_SYSCALL_CALL (map_shadow_stack, addr, size, flags); +} + +#define GCS_MAX_SIZE (1UL << 31) +#define GCS_ALTSTACK_RESERVE 160 + +static void * +alloc_makecontext_gcs (size_t stack_size) +{ + size_t size = (stack_size / 2 + GCS_ALTSTACK_RESERVE) & -8UL; + if (size > GCS_MAX_SIZE) + size = GCS_MAX_SIZE; + + unsigned long flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN; + void *base = map_shadow_stack (NULL, size, flags); + if (base == (void *) -1) + /* ENOSYS, bad size or OOM. */ + abort (); + uint64_t *gcsp = (uint64_t *) ((char *) base + size); + /* Skip end of GCS token. */ + gcsp--; + /* Verify GCS cap token. */ + gcsp--; + if (((uint64_t)gcsp & 0xfffffffffffff000) + 1 != *gcsp) + abort (); + /* Return the target GCS pointer for context switch. */ + return gcsp + 1; +} /* makecontext sets up a stack and the registers for the user context. The stack looks like this: @@ -56,10 +102,21 @@ __makecontext (ucontext_t *ucp, void (*func) (void), int argc, ...) sp = (uint64_t *) (((uintptr_t) sp) & -16L); ucp->uc_mcontext.regs[19] = (uintptr_t) ucp->uc_link; + ucp->uc_mcontext.regs[20] = (uintptr_t) func; ucp->uc_mcontext.sp = (uintptr_t) sp; - ucp->uc_mcontext.pc = (uintptr_t) func; + ucp->uc_mcontext.pc = (uintptr_t) __startcontext; ucp->uc_mcontext.regs[29] = (uintptr_t) 0; - ucp->uc_mcontext.regs[30] = (uintptr_t) &__startcontext; + ucp->uc_mcontext.regs[30] = (uintptr_t) 0; + + void *p = ucp->uc_mcontext.__reserved; + if (extension (p)->magic == FPSIMD_MAGIC) + p = (char *)p + extension (p)->size; + if (extension (p)->magic == GCS_MAGIC) + { + /* Using the kernel struct gcs_context layout. */ + struct { uint64_t x, gcspr, y, z; } *q = p; + q->gcspr = (uint64_t) alloc_makecontext_gcs (ucp->uc_stack.ss_size); + } va_start (ap, argc); for (i = 0; i < argc; ++i) diff --git a/sysdeps/unix/sysv/linux/aarch64/setcontext.S b/sysdeps/unix/sysv/linux/aarch64/setcontext.S index 848229ff26..695fc5b9b5 100644 --- a/sysdeps/unix/sysv/linux/aarch64/setcontext.S +++ b/sysdeps/unix/sysv/linux/aarch64/setcontext.S @@ -180,7 +180,11 @@ L(gcs_done): PSEUDO_END (__setcontext) weak_alias (__setcontext, setcontext) +/* makecontext start function: receives uc_link in x19 and func in x20. + Arguments of func, x29, x30 and sp are set up by the caller. */ ENTRY (__startcontext) + cfi_undefined (x30) + blr x20 mov x0, x19 cbnz x0, __setcontext 1: b HIDDEN_JUMPTARGET (exit) From patchwork Fri Jan 3 15:41:27 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103958 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 1F6093858C33 for ; Fri, 3 Jan 2025 15:47:44 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1F6093858C33 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 8CCCC3858408 for ; Fri, 3 Jan 2025 15:42:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8CCCC3858408 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 8CCCC3858408 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918961; cv=none; b=eNAeaBscVI3GOq/gpRgwMTjJSIFA/qJY9QcDSqLRBA14ahnfHfw3yg7ITp6Tr1filurpWsoM0lZaHg/vjpy3uT02PxlohsoStFS0ymXMLe2Sh0zpPpaoZbh8QUbvisOwCeKSvdER84fykrLS0yGnJa/ExvcSWJvSGeZ8aUJP9vI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918961; c=relaxed/simple; bh=pA+4z3peJUmlvWBZ02tli42t4it0bMTxyQwLRLYyUDM=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=qQiI1YxmL74BcSvCxVJ8g11htLoCjQEjPTewJFTbYEnG6WRcO2jFDrraZHk4KKv2YchQat/rmPvu4byokb6+nSViPFQ5OyrFVv0oBYeinCj7cb69nrUHbawAPsIsOPpLnAecZyA3xxmxIm+rEFyBK2Vc06fZgZyCDjOzEv5tkPM= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8CCCC3858408 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8DC911480; Fri, 3 Jan 2025 07:43:09 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 7182D3F6A8; Fri, 3 Jan 2025 07:42:40 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 09/23] aarch64: Try to free the GCS of makecontext Date: Fri, 3 Jan 2025 15:41:27 +0000 Message-Id: <20250103154141.47731-10-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Free GCS after a makecontext start func returns and at thread exit, so assume makecontext cannot outlive the thread where it was created. This is an attempt to bound the lifetime of the GCS allocated for makecontext, but it is still possible to have significant GCS leaks, new GCS aware APIs could solve that, but that would not allow using GCS with existing code transparently. --- include/set-freeres.h | 2 + malloc/thread-freeres.c | 9 +++ sysdeps/unix/sysv/linux/aarch64/makecontext.c | 65 +++++++++++++++++++ sysdeps/unix/sysv/linux/aarch64/setcontext.S | 19 +++++- sysdeps/unix/sysv/linux/aarch64/sysdep.h | 6 +- 5 files changed, 97 insertions(+), 4 deletions(-) diff --git a/include/set-freeres.h b/include/set-freeres.h index bb1d0a8f72..0f81344e43 100644 --- a/include/set-freeres.h +++ b/include/set-freeres.h @@ -78,6 +78,8 @@ extern void __nss_database_freeres (void) attribute_hidden; extern int _IO_cleanup (void) attribute_hidden;; /* From dlfcn/dlerror.c */ extern void __libc_dlerror_result_free (void) attribute_hidden; +/* From libc.so, arch specific. */ +extern void ARCH_THREAD_FREERES (void) attribute_hidden; /* From either libc.so or libpthread.so */ extern void __libpthread_freeres (void) attribute_hidden; diff --git a/malloc/thread-freeres.c b/malloc/thread-freeres.c index c7ec9f99e9..5ed5df1a3f 100644 --- a/malloc/thread-freeres.c +++ b/malloc/thread-freeres.c @@ -22,6 +22,14 @@ #include #include +/* Define empty function if no arch-specific clean-up + function has been defined. */ +#ifndef ARCH_THREAD_FREERES +void __always_inline +__libc_arch_thread_freeres (void) {} +#define ARCH_THREAD_FREERES __libc_arch_thread_freeres +#endif + /* Thread shutdown function. Note that this function must be called for threads during shutdown for correctness reasons. Unlike __libc_freeres, skipping calls to it is not a valid optimization. @@ -29,6 +37,7 @@ void __libc_thread_freeres (void) { + call_function_static_weak (ARCH_THREAD_FREERES); #if SHLIB_COMPAT (libc, GLIBC_2_0, GLIBC_2_32) __rpc_thread_destroy (); #endif diff --git a/sysdeps/unix/sysv/linux/aarch64/makecontext.c b/sysdeps/unix/sysv/linux/aarch64/makecontext.c index 99ba5b3f7c..f43fc45c76 100644 --- a/sysdeps/unix/sysv/linux/aarch64/makecontext.c +++ b/sysdeps/unix/sysv/linux/aarch64/makecontext.c @@ -20,7 +20,9 @@ #include #include #include +#include #include +#include #define GCS_MAGIC 0x47435300 @@ -29,6 +31,47 @@ static struct _aarch64_ctx *extension (void *p) return p; } +struct gcs_list { + struct gcs_list *next; + void *base; + size_t size; +}; + +static __thread struct gcs_list *gcs_list_head = NULL; + +static void +record_gcs (void *base, size_t size) +{ + struct gcs_list *p = malloc (sizeof *p); + if (p == NULL) + abort (); + p->base = base; + p->size = size; + p->next = gcs_list_head; + gcs_list_head = p; +} + +static void +free_gcs_list (void) +{ + for (;;) + { + struct gcs_list *p = gcs_list_head; + if (p == NULL) + break; + gcs_list_head = p->next; + __munmap (p->base, p->size); + free (p); + } +} + +/* Called during thread shutdown to free resources. */ +void +__libc_aarch64_thread_freeres (void) +{ + free_gcs_list (); +} + #ifndef __NR_map_shadow_stack # define __NR_map_shadow_stack 453 #endif @@ -58,6 +101,9 @@ alloc_makecontext_gcs (size_t stack_size) if (base == (void *) -1) /* ENOSYS, bad size or OOM. */ abort (); + + record_gcs (base, size); + uint64_t *gcsp = (uint64_t *) ((char *) base + size); /* Skip end of GCS token. */ gcsp--; @@ -69,6 +115,25 @@ alloc_makecontext_gcs (size_t stack_size) return gcsp + 1; } +void +__free_makecontext_gcs (void *gcs) +{ + struct gcs_list *p = gcs_list_head; + struct gcs_list **q = &gcs_list_head; + for (;;) + { + if (p == NULL) + abort (); + if (gcs == p->base + p->size - 8) + break; + q = &p->next; + p = p->next; + } + *q = p->next; + __munmap (p->base, p->size); + free (p); +} + /* makecontext sets up a stack and the registers for the user context. The stack looks like this: diff --git a/sysdeps/unix/sysv/linux/aarch64/setcontext.S b/sysdeps/unix/sysv/linux/aarch64/setcontext.S index 695fc5b9b5..f926a5dd84 100644 --- a/sysdeps/unix/sysv/linux/aarch64/setcontext.S +++ b/sysdeps/unix/sysv/linux/aarch64/setcontext.S @@ -34,6 +34,9 @@ .text ENTRY (__setcontext) + /* If x10 is set then old GCS is freed. */ + mov x10, 0 +__setcontext_internal: PTR_ARG (0) /* Save a copy of UCP. */ mov x9, x0 @@ -145,7 +148,8 @@ ENTRY (__setcontext) ldr x3, [x2, #oGCSPR] MRS_GCSPR (x2) mov x4, x3 - /* x2: GCSPR now. x3, x4: target GCSPR. x5, x6: tmp regs. */ + mov x1, x2 + /* x1, x2: GCSPR now. x3, x4: target GCSPR. x5, x6: tmp regs. */ L(gcs_scan): cmp x2, x4 b.eq L(gcs_pop) @@ -162,10 +166,18 @@ L(gcs_switch): GCSSS2 (xzr) L(gcs_pop): cmp x2, x3 - b.eq L(gcs_done) + b.eq L(gcs_free_old) GCSPOPM (xzr) add x2, x2, 8 b L(gcs_pop) +L(gcs_free_old): + cbz x10, L(gcs_done) + mov x28, x0 + mov x0, x1 + bl __free_makecontext_gcs + mov x0, x28 + ldp x28, x29, [x0, oX0 + 28 * SZREG] + ldr x30, [x0, oX0 + 30 * SZREG] L(gcs_done): 2: @@ -186,6 +198,7 @@ ENTRY (__startcontext) cfi_undefined (x30) blr x20 mov x0, x19 - cbnz x0, __setcontext + mov x10, 1 + cbnz x0, __setcontext_internal 1: b HIDDEN_JUMPTARGET (exit) END (__startcontext) diff --git a/sysdeps/unix/sysv/linux/aarch64/sysdep.h b/sysdeps/unix/sysv/linux/aarch64/sysdep.h index b813805931..e2fc7e21a6 100644 --- a/sysdeps/unix/sysv/linux/aarch64/sysdep.h +++ b/sysdeps/unix/sysv/linux/aarch64/sysdep.h @@ -29,8 +29,12 @@ #include -/* In order to get __set_errno() definition in INLINE_SYSCALL. */ #ifndef __ASSEMBLER__ +/* Thread cleanup function. */ +#define ARCH_THREAD_FREERES __libc_aarch64_thread_freeres +void __libc_aarch64_thread_freeres (void) attribute_hidden; + +/* In order to get __set_errno() definition in INLINE_SYSCALL. */ #include #endif From patchwork Fri Jan 3 15:41:28 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103961 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 6BD563858420 for ; Fri, 3 Jan 2025 15:49:04 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6BD563858420 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 009A73858C32 for ; Fri, 3 Jan 2025 15:42:46 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 009A73858C32 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 009A73858C32 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918967; cv=none; b=IjTTqa00PQ3IIYyQErh2JvHDxrOsAWeHFw0R6vf8dBsr0+04RhBC3dNKlCuevxcmyquydoH3KUIekHYmsqpMKcFljRFZ2smtW9SuEiNmH1SQSN6+BxAOCn5gNp0kooY+qBoSKI6UkCiiNddWyf77nHS1hOMVxyy4/q6idKAjM4A= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918967; c=relaxed/simple; bh=fpk939XZX2ZZsittnAYD75u77Iu3BpKjjzE0+4IJl7I=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=bpWmzo5SJ6Yy+MDrNu5ipHlLdMJyMJ3BR6QrgM3ogQp7z0jijGkGK7xVcpljrsRZv38vYex/rRtdieyVidnTkBXQmUGswZbphc6gJ59+b6PBgG+Rj6uLu7ckAo9odi5wZG4AjOvycydsujQB3+fucsp9pmfkrcXQnZzD1aQeruQ= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 009A73858C32 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id ECFB01480; Fri, 3 Jan 2025 07:43:14 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D303A3F6A8; Fri, 3 Jan 2025 07:42:45 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 10/23] aarch64: Add glibc.cpu.aarch64_gcs tunable Date: Fri, 3 Jan 2025 15:41:28 +0000 Message-Id: <20250103154141.47731-11-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy This tunable is for controlling the GCS status. It is the argument to the PR_SET_SHADOW_STACK_STATUS prctl, by default 0, so GCS is disabled. The status is stored into GL(dl_aarch64_gcs) early and only applied later, since enabling GCS is tricky: it must happen on a top level stack frame. Using GL instead of GLRO because it may need updates depending on loaded libraries that happen after readonly protection is applied, however library marking based GCS setting is not yet implemented. Reviewed-by: Wilco Dijkstra --- sysdeps/aarch64/dl-tunables.list | 5 +++ .../unix/sysv/linux/aarch64/cpu-features.c | 8 ++++ .../unix/sysv/linux/aarch64/dl-procruntime.c | 37 +++++++++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c diff --git a/sysdeps/aarch64/dl-tunables.list b/sysdeps/aarch64/dl-tunables.list index 5c1a172559..4b28341b72 100644 --- a/sysdeps/aarch64/dl-tunables.list +++ b/sysdeps/aarch64/dl-tunables.list @@ -21,5 +21,10 @@ glibc { name { type: STRING } + aarch64_gcs { + type: UINT_64 + minval: 0 + default: 0 + } } } diff --git a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c index 26cf6d4a56..97f61e05fe 100644 --- a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c +++ b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c @@ -176,4 +176,12 @@ init_cpu_features (struct cpu_features *cpu_features) /* Check if MOPS is supported. */ cpu_features->mops = GLRO (dl_hwcap2) & HWCAP2_MOPS; + +#ifndef HWCAP_GCS +#define HWCAP_GCS (1UL << 32) +#endif + + if (GLRO (dl_hwcap) & HWCAP_GCS) + /* GCS status may be updated later by binary compatibility checks. */ + GL (dl_aarch64_gcs) = TUNABLE_GET (glibc, cpu, aarch64_gcs, uint64_t, 0); } diff --git a/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c b/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c new file mode 100644 index 0000000000..044544aa78 --- /dev/null +++ b/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c @@ -0,0 +1,37 @@ +/* Data for processor runtime information. AArch64 version. + Copyright (C) 2024-2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef PROCINFO_CLASS +# define PROCINFO_CLASS +#endif + +#if !IS_IN (ldconfig) +# if !defined PROCINFO_DECL && defined SHARED + ._dl_aarch64_gcs +# else +PROCINFO_CLASS unsigned long _dl_aarch64_gcs +# endif +# ifndef PROCINFO_DECL += 0 +# endif +# if !defined SHARED || defined PROCINFO_DECL +; +# else +, +# endif +#endif From patchwork Fri Jan 3 15:41:29 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103951 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id CA0B13858408 for ; Fri, 3 Jan 2025 15:45:40 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org CA0B13858408 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 6F5C73858D20 for ; Fri, 3 Jan 2025 15:42:52 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6F5C73858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6F5C73858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918972; cv=none; b=JMOJi/VCGyJexdKXFrvA9Mqi8a46yA7dt2C/7zNTwPC/GiaKC9/bwMS3UGkJbeLFW0xZb7jks2PwHpBHLDveXHXTU1Bo8x49KBW2V2dVA0aE9CwX9WP+weA0fDrHDGcRTh6GitSFMUYGPkJAGNIW+lK0iuAt6OGTiAbxmdz7jOg= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918972; c=relaxed/simple; bh=atg/o1WqgfRqds0TiHwSgXR/x7pfUgw+dh55Jz9OWC0=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=jjq0sISsOSFmLmakNVPanMqI922SJKmFlQrMn599h8ONq2jMchDjtwitDQW5SoliMIUMTgK2RuPXchRJRM4qw1jnj6wv1ZVGQo9mHiX0+V/uSyL/vqA5AHxWKYuye/gBUY1wZHLyzGq898PPLvcUq+LNcXcoK/5CqAO9jqEdDKs= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 6F5C73858D20 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 684BF150C; Fri, 3 Jan 2025 07:43:20 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 4E1253F6A8; Fri, 3 Jan 2025 07:42:51 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 11/23] manual: Add glibc.cpu.aarch64_gcs tunable Date: Fri, 3 Jan 2025 15:41:29 +0000 Message-Id: <20250103154141.47731-12-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Reviewed-by: Wilco Dijkstra Reviewed-by: Carlos O'Donell --- manual/tunables.texi | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manual/tunables.texi b/manual/tunables.texi index 1ac58b9ae9..ca92bc980d 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -669,6 +669,12 @@ This tunable is specific to x86-64 and effective only when the lazy binding is disabled. @end deftp +@deftp Tunable glibc.cpu.aarch64_gcs +This tunable name is reserved for future use. + +This tunable is specific to AArch64. +@end deftp + @node Memory Related Tunables @section Memory Related Tunables @cindex memory related tunables From patchwork Fri Jan 3 15:41:30 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103965 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 369013858C5F for ; Fri, 3 Jan 2025 15:50:37 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 369013858C5F X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 28D483858416 for ; Fri, 3 Jan 2025 15:42:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 28D483858416 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 28D483858416 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918978; cv=none; b=BQlFDwQMrAmHihZdk9QaZmHF+zfc7IytRH/qiH73iOhS0CV+9zuaYA4UkHU6S5WrH2C3Nu52bBRXZ8RnyLA6Vm3rjNCZNgnpk2q/+DNdIUai8i+vVmkc0hK5eLmGsKHbw2iz7Hh7snGkEnixYemL7AxubsXn4oBFbpiaeLGHOuY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918978; c=relaxed/simple; bh=fkKzzCz3H1kmgEYjPHR9qplygt2lW1QBaDBK6/0AsJ4=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=GoTROqoGlShenHgD4aYI9Lx+SVE+NQi1/rMVpl05mgOfpz6QhA2/0BMML1VbjlPTFNFOcnjvb/DNTACViAeHu60veCRQRsIGuA/dwpgBF273HhaEJOtRNLQy3a++mxAyRcPl3XBRZCnoMexqh4g8EoqMQaDh0uTVBTdfNt+A7cI= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 28D483858416 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 2A8B91480; Fri, 3 Jan 2025 07:43:26 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id DE96B3F6A8; Fri, 3 Jan 2025 07:42:56 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 12/23] aarch64: Enable GCS in static linked exe Date: Fri, 3 Jan 2025 15:41:30 +0000 Message-Id: <20250103154141.47731-13-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-12.9 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Use the ARCH_SETUP_TLS hook to enable GCS in the static linked case. The system call must be inlined and then GCS is enabled on a top level stack frame that does not return and has no exception handlers above it. Reviewed-by: Wilco Dijkstra --- sysdeps/unix/sysv/linux/aarch64/libc-start.h | 46 ++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 sysdeps/unix/sysv/linux/aarch64/libc-start.h diff --git a/sysdeps/unix/sysv/linux/aarch64/libc-start.h b/sysdeps/unix/sysv/linux/aarch64/libc-start.h new file mode 100644 index 0000000000..735076c086 --- /dev/null +++ b/sysdeps/unix/sysv/linux/aarch64/libc-start.h @@ -0,0 +1,46 @@ +/* AArch64 definitions for libc main startup. + Copyright (C) 2024-2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _LIBC_START_H +#define _LIBC_START_H + +#ifndef SHARED + +# ifndef PR_SET_SHADOW_STACK_STATUS +# define PR_SET_SHADOW_STACK_STATUS 75 +# define PR_SHADOW_STACK_ENABLE (1UL << 0) +# endif + +/* Must be on a top-level stack frame that does not return. */ +static inline void __attribute__((always_inline)) +aarch64_libc_setup_tls (void) +{ + __libc_setup_tls (); + + uint64_t s = GL(dl_aarch64_gcs); + if (s != 0) + INLINE_SYSCALL_CALL (prctl, PR_SET_SHADOW_STACK_STATUS, + PR_SHADOW_STACK_ENABLE, 0, 0, 0); +} + +# define ARCH_SETUP_IREL() apply_irel () +# define ARCH_SETUP_TLS() aarch64_libc_setup_tls () +# define ARCH_APPLY_IREL() +#endif /* ! SHARED */ + +#endif /* _LIBC_START_H */ From patchwork Fri Jan 3 15:41:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103954 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 795D83858430 for ; Fri, 3 Jan 2025 15:46:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 795D83858430 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id EBF013858417 for ; Fri, 3 Jan 2025 15:43:03 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org EBF013858417 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org EBF013858417 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918984; cv=none; b=o70bAFvk7rpjEyO7Bvc9y1KJJL/BZsD4MoVJp05+NG4q+/YVb8Pc0jZbOTA6Ce3c10B/yGkbFH4pneHf1eXUo3soOIPX1I/5T3LBPBDBw3HTx0zHuyZmm/goS9K14hFfwgq9B/3CDXWnoxgEqo2P6kVqLjoQuDpYYFfkPqB4GC8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918984; c=relaxed/simple; bh=qqYrC1xgSOqGvpH8CuQwMczkzOGFTdsKPFcNMGHRTcU=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=W6Jnmv3XKye293wS7RPMuhHrfHmTO+1hd9WnQNJk2jCCryiqBls+uc78BFOcgS1FUJ4z0qiCym7JNcpcUYEA3FCpPXV356AP1yigZtBD+gXRCexy1bPp8P8U3eNRLjnmneXZQ54p/movHbCjlqnjssFjvv583tKSiWiRkGraS1M= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org EBF013858417 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id E46E41480; Fri, 3 Jan 2025 07:43:31 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id C9B9A3F6A8; Fri, 3 Jan 2025 07:43:02 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 13/23] aarch64: Enable GCS in dynamic linked exe Date: Fri, 3 Jan 2025 15:41:31 +0000 Message-Id: <20250103154141.47731-14-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Use the dynamic linker start code to enable GCS in the dynamic linked case after _dl_start returns and before _dl_start_user which marks the point after which user code may run. Like in the static linked case this ensures that GCS is enabled on a top level stack frame. Reviewed-by: Wilco Dijkstra --- sysdeps/aarch64/Makefile | 4 +++- sysdeps/aarch64/dl-start.S | 25 +++++++++++++++++++++++-- sysdeps/aarch64/rtld-global-offsets.sym | 5 +++++ 3 files changed, 31 insertions(+), 3 deletions(-) diff --git a/sysdeps/aarch64/Makefile b/sysdeps/aarch64/Makefile index 141d7d9cc2..ca8b96f550 100644 --- a/sysdeps/aarch64/Makefile +++ b/sysdeps/aarch64/Makefile @@ -35,7 +35,9 @@ endif ifeq ($(subdir),elf) sysdep-rtld-routines += dl-start sysdep-dl-routines += tlsdesc dl-tlsdesc -gen-as-const-headers += dl-link.sym +gen-as-const-headers += \ + dl-link.sym \ + rtld-global-offsets.sym tests-internal += tst-ifunc-arg-1 tst-ifunc-arg-2 diff --git a/sysdeps/aarch64/dl-start.S b/sysdeps/aarch64/dl-start.S index 3b8eff0acd..3f9faf9d57 100644 --- a/sysdeps/aarch64/dl-start.S +++ b/sysdeps/aarch64/dl-start.S @@ -18,6 +18,7 @@ . */ #include +#include ENTRY (_start) /* Create an initial frame with 0 LR and FP */ @@ -25,11 +26,32 @@ ENTRY (_start) mov x29, #0 mov x30, #0 + /* Load and relocate all library dependencies. */ mov x0, sp PTR_ARG (0) bl _dl_start /* Returns user entry point in x0. */ mov PTR_REG (21), PTR_REG (0) + + /* Use GL(dl_aarch64_gcs) to set the shadow stack status. */ + adrp x16, _rtld_local + add PTR_REG (16), PTR_REG (16), :lo12:_rtld_local + ldr x1, [x16, GL_DL_AARCH64_GCS_OFFSET] + cbz x1, L(skip_gcs_enable) + + /* Enable GCS before user code runs. Note that IFUNC resolvers and + LD_AUDIT hooks may run before, but should not create threads. */ +#define PR_SET_SHADOW_STACK_STATUS 75 +#define PR_SHADOW_STACK_ENABLE (1UL << 0) + mov x0, PR_SET_SHADOW_STACK_STATUS + mov x1, PR_SHADOW_STACK_ENABLE + mov x2, 0 + mov x3, 0 + mov x4, 0 + mov x8, #SYS_ify(prctl) + svc 0x0 +L(skip_gcs_enable): + .globl _dl_start_user .type _dl_start_user, %function _dl_start_user: @@ -40,8 +62,7 @@ _dl_start_user: /* Compute envp. */ add PTR_REG (3), PTR_REG (2), PTR_REG (1), lsl PTR_LOG_SIZE add PTR_REG (3), PTR_REG (3), PTR_SIZE - adrp x16, _rtld_local - add PTR_REG (16), PTR_REG (16), :lo12:_rtld_local + /* Run the init functions of the loaded modules. */ ldr PTR_REG (0), [x16] bl _dl_init /* Load the finalizer function. */ diff --git a/sysdeps/aarch64/rtld-global-offsets.sym b/sysdeps/aarch64/rtld-global-offsets.sym index 23cdaf7d9e..6c0690bb95 100644 --- a/sysdeps/aarch64/rtld-global-offsets.sym +++ b/sysdeps/aarch64/rtld-global-offsets.sym @@ -3,8 +3,13 @@ #include #define GLRO_offsetof(name) offsetof (struct rtld_global_ro, _##name) +#define GL_offsetof(name) offsetof (struct rtld_global, _##name) -- Offsets of _rtld_global_ro in libc.so GLRO_DL_HWCAP_OFFSET GLRO_offsetof (dl_hwcap) GLRO_DL_HWCAP2_OFFSET GLRO_offsetof (dl_hwcap2) + +-- Offsets of _rtld_global in libc.so + +GL_DL_AARCH64_GCS_OFFSET GL_offsetof (dl_aarch64_gcs) From patchwork Fri Jan 3 15:41:32 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103970 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 1E9DF3858429 for ; Fri, 3 Jan 2025 15:52:02 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1E9DF3858429 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 7839B3858D39 for ; Fri, 3 Jan 2025 15:43:09 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7839B3858D39 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 7839B3858D39 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918989; cv=none; b=pBSaDoFBqgPmVE8B707SSCpnYf5cQc6cZN5loGjmQXb3lgvxUAzrqW0A8I0kj4579974jawTTVqoI2DbtnDH8zDBxfnEq11VLcxFFHjRhM5ILzeNI+aYNhQQVaf8KQ2wC0tl6JG7f9PGZDI/GL+trO62s6KbjDfqNH/MRd3MrDo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918989; c=relaxed/simple; bh=tsGAgBTvU2B9AOKdp4MU/MqAbPsqaZSuK7FnSPfyNjk=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=v2/L0pljc43FCM9iGKSmu2vy+QyF3jkYRUAsPBr74lS//iI3jLKNL48tdeSqL5iVqNopfJUdc2VvtHd/+T7qb2RqwFaGBcte1w4QhKnHPGfDxQ5SfEKuUVgJRNvUc5cQdUbD4cGZyHJvgb1qUisAnPHkSv51OIMb3yi+9cDHctI= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7839B3858D39 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7619B150C; Fri, 3 Jan 2025 07:43:37 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 5C2823F6A8; Fri, 3 Jan 2025 07:43:08 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 14/23] aarch64: Mark objects with GCS property note Date: Fri, 3 Jan 2025 15:41:32 +0000 Message-Id: <20250103154141.47731-15-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Reviewed-by: Wilco Dijkstra Reviewed-by: Carlos O'Donell --- sysdeps/aarch64/sysdep.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sysdeps/aarch64/sysdep.h b/sysdeps/aarch64/sysdep.h index 4df120ad80..036eb12527 100644 --- a/sysdeps/aarch64/sysdep.h +++ b/sysdeps/aarch64/sysdep.h @@ -85,6 +85,7 @@ strip_pac (void *p) #define FEATURE_1_AND 0xc0000000 #define FEATURE_1_BTI 1 #define FEATURE_1_PAC 2 +#define FEATURE_1_GCS 4 /* Add a NT_GNU_PROPERTY_TYPE_0 note. */ #define GNU_PROPERTY(type, value) \ @@ -103,9 +104,9 @@ strip_pac (void *p) /* Add GNU property note with the supported features to all asm code where sysdep.h is included. */ #if HAVE_AARCH64_BTI && HAVE_AARCH64_PAC_RET -GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_PAC) +GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_PAC|FEATURE_1_GCS) #elif HAVE_AARCH64_BTI -GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI) +GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_GCS) #endif /* Define an entry point visible from C. */ From patchwork Fri Jan 3 15:41:33 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103962 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id C4AB9385840E for ; Fri, 3 Jan 2025 15:49:17 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org C4AB9385840E X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 8AF2B3858D3C for ; Fri, 3 Jan 2025 15:43:15 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8AF2B3858D3C Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 8AF2B3858D3C Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918995; cv=none; b=fXuD93Y7SfF6t9+3q9qVIUH9zbwtEDaU5oiS7QEtTeR5nxNXzj5ogfNIKHkCQ8Os0u+n+skqWTLEM1jQ1+H3VMjKVhWqzuqx+or95Gwogj6HJJqxzXahLVvhcFDMNtn36E20kLc2K6m1dCpVp4gknbUZDuPqCIUKlRPLTNgZ/CI= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735918995; c=relaxed/simple; bh=ZH+0gi97f5FC0WjJ1EZTc72kkTpxXv1tA/Qt6cK2KfY=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=tlZLezc7oNnNKJQLGg0vqLbZaiRsORpM+q58/vq9reUzXRjjdiDhyzra3bU1ZfEwraj1aGMgxP6t45vaeQFb8d8J0aVPCK8oUQLg+eMYz8SZPWVSScNRkVMslT4yyftjhvBA9SoEBlz6O/TIzH4HVGsujLpHGm9CyFXQzzhsOkQ= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8AF2B3858D3C Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8C8731480; Fri, 3 Jan 2025 07:43:43 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 725103F6A8; Fri, 3 Jan 2025 07:43:14 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 15/23] aarch64: Add glibc.cpu.aarch64_gcs_policy tunable Date: Fri, 3 Jan 2025 15:41:33 +0000 Message-Id: <20250103154141.47731-16-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP, T_FILL_THIS_FORM_SHORT autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy policy sets how gcs tunable and gcs marking turns into gcs state: 0: state = tunable 1: state = marking ? tunable : (tunable && dlopen ? err : 0) 2: state = marking ? tunable : (tunable ? err : 0) Reviewed-by: Wilco Dijkstra Reviewed-by: Carlos O'Donell --- sysdeps/aarch64/dl-tunables.list | 5 +++++ sysdeps/unix/sysv/linux/aarch64/cpu-features.c | 9 +++++++-- sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c | 13 +++++++++++++ 3 files changed, 25 insertions(+), 2 deletions(-) diff --git a/sysdeps/aarch64/dl-tunables.list b/sysdeps/aarch64/dl-tunables.list index 4b28341b72..7fbd77a41b 100644 --- a/sysdeps/aarch64/dl-tunables.list +++ b/sysdeps/aarch64/dl-tunables.list @@ -26,5 +26,10 @@ glibc { minval: 0 default: 0 } + aarch64_gcs_policy { + type: UINT_64 + minval: 0 + default: 0 + } } } diff --git a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c index 97f61e05fe..1ee96213cd 100644 --- a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c +++ b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c @@ -182,6 +182,11 @@ init_cpu_features (struct cpu_features *cpu_features) #endif if (GLRO (dl_hwcap) & HWCAP_GCS) - /* GCS status may be updated later by binary compatibility checks. */ - GL (dl_aarch64_gcs) = TUNABLE_GET (glibc, cpu, aarch64_gcs, uint64_t, 0); + { + /* GCS status may be updated later by binary compatibility checks. */ + GL (dl_aarch64_gcs) = TUNABLE_GET (glibc, cpu, aarch64_gcs, uint64_t, 0); + /* Fixed GCS policy. */ + GLRO (dl_aarch64_gcs_policy) = + TUNABLE_GET (glibc, cpu, aarch64_gcs_policy, uint64_t, 0); + } } diff --git a/sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c b/sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c index 66287b4216..bcfc3fe030 100644 --- a/sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c +++ b/sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c @@ -54,6 +54,19 @@ PROCINFO_CLASS struct cpu_features _dl_aarch64_cpu_features # else , # endif +# if !defined PROCINFO_DECL && defined SHARED + ._dl_aarch64_gcs_policy +# else +PROCINFO_CLASS uint64_t _dl_aarch64_gcs_policy +# endif +# ifndef PROCINFO_DECL += 0 +# endif +# if !defined SHARED || defined PROCINFO_DECL +; +# else +, +# endif #endif /* Number of HWCAP bits set. */ From patchwork Fri Jan 3 15:41:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103957 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 4A2BA385841D for ; Fri, 3 Jan 2025 15:47:42 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 4A2BA385841D X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 691753858C31 for ; Fri, 3 Jan 2025 15:43:21 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 691753858C31 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 691753858C31 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919001; cv=none; b=ZnJ+pKkYnwbKFzv2FWrqkaMO/gxLOV43H1DfUfiudSzcMzoIt/k9TVimNsjA75LR2Kmy/X4B0Se4P5FLMy4NbmoCBClqCiys+xvH4E61k3MN+oEoLWNdyGxHv9LHeWExvHdnQ/w7Pgc0+5GFZrhIGL6y7kOC6rXxyEFeUOf6AKE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919001; c=relaxed/simple; bh=vl8RbJQZY5c+u/nhTqrafltNkWKeE9u2oYq3wsklS6A=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=laCMxsCIF4/ZSy0j4UJKVAFYT0MwYtMsIlSQPjq/RMFqqaGPFA8BFOMohwJMu/n7ijgObdaw+ih4WhYO5mWbGpOINH+aclwrq/NVWJWnDdEbPNBYrN2r4FST4SKRKADrxpKLr+59t5XN6CUNsbRSp4rtNT20IOCmMHWReh11z6w= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 691753858C31 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 6AF1F1480; Fri, 3 Jan 2025 07:43:49 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 2B5CF3F6A8; Fri, 3 Jan 2025 07:43:20 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 16/23] manual: Add glibc.cpu.aarch64_gcs_policy tunable Date: Fri, 3 Jan 2025 15:41:34 +0000 Message-Id: <20250103154141.47731-17-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org Reviewed-by: Wilco Dijkstra Reviewed-by: Carlos O'Donell --- manual/tunables.texi | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/manual/tunables.texi b/manual/tunables.texi index ca92bc980d..2440920b75 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -675,6 +675,12 @@ This tunable name is reserved for future use. This tunable is specific to AArch64. @end deftp +@deftp Tunable glibc.cpu.aarch64_gcs_policy +This tunable name is reserved for future use. + +This tunable is specific to AArch64. +@end deftp + @node Memory Related Tunables @section Memory Related Tunables @cindex memory related tunables From patchwork Fri Jan 3 15:41:35 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103956 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 501E2385840D for ; Fri, 3 Jan 2025 15:47:37 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 501E2385840D X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 2ED31385840A for ; Fri, 3 Jan 2025 15:43:27 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 2ED31385840A Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 2ED31385840A Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919007; cv=none; b=SvgVEqTz0NkpHXZsK3IxTkmuCWj2v4toS3bk+vey3iQ3zzH77xSn+p0f3QHoIQ8iMLHD/ZU1xAU23ZMUvVkiY5UB3pT3kroEnO4JidMEqobwxff8X2AfJpAj3ud5uXwvALD/TBNTFmRkZ0/Igyrf+u+IdW6daC4eKYTdYFkdYBY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919007; c=relaxed/simple; bh=z1qm+ESlCmwOfH1U+Nfch3jp46177DnJ27PnjygQU2o=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=IWvoukaJcmjK0XSLyr0D9iVGY9rVkzxSCaE26b+N0+fx/546aTfwkQPy/Z7O/OYxyRDAJEM5AS7oACnIK70YIJQo2s0+PVdM0nQjAkVb2vcPRaGfZoimnurF69PkncIluN1FT5/WrGp/FWucKfbYfBYdVAEOx6GjjbiHm4mPBgw= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 2ED31385840A Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 30633150C; Fri, 3 Jan 2025 07:43:55 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id DD4B33F6A8; Fri, 3 Jan 2025 07:43:25 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 17/23] aarch64: Use l_searchlist.r_list for bti Date: Fri, 3 Jan 2025 15:41:35 +0000 Message-Id: <20250103154141.47731-18-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Allows using the same function for static exe. Reviewed-by: Wilco Dijkstra --- sysdeps/aarch64/dl-bti.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/sysdeps/aarch64/dl-bti.c b/sysdeps/aarch64/dl-bti.c index 196a043929..de6130470e 100644 --- a/sysdeps/aarch64/dl-bti.c +++ b/sysdeps/aarch64/dl-bti.c @@ -84,10 +84,9 @@ _dl_bti_check (struct link_map *l, const char *program) if (l->l_mach.bti_fail) bti_failed (l, program); - unsigned int i = l->l_searchlist.r_nlist; - while (i-- > 0) + for (unsigned int i = 0; i < l->l_searchlist.r_nlist; i++) { - struct link_map *dep = l->l_initfini[i]; + struct link_map *dep = l->l_searchlist.r_list[i]; if (dep->l_mach.bti_fail) bti_failed (dep, program); } From patchwork Fri Jan 3 15:41:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103966 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 36E283858408 for ; Fri, 3 Jan 2025 15:50:39 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 36E283858408 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 9C1783858D33 for ; Fri, 3 Jan 2025 15:43:32 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9C1783858D33 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9C1783858D33 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919012; cv=none; b=ZMNHUWzGncqPHn2o1cW6eags9Ios7Jf6d9g1uS77lUkjXU9Z/BdsyttCBAhv/b11hVYeuJDFXpfsptzxR0YEXJIR7Ti/yraH1xyYTrgkph17WETGu3YQH8dZlS5zFaaBziwqQeUuxeS2t5D4VbwHTcj8NkCRHg+RAVBb8K2eNc4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919012; c=relaxed/simple; bh=2ugsR6wkJk5kIYC+LP5u1TXspW4WuF1bmLKKYMvXh5o=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=V/nkjH4JVxx+zVjq4KYun+HMqrkBlOIGtmtIir9CL/p6TUfARXA1Nw4lvXWzqduGDlojzP0EP4fM06rEn7USauZlOk7B11U+J1urhOOp+EtjvpyUD/XXNq16RoUaj13C0XPIadOJYB8uv40m6uz7Q1dXzJoGNm0EWJjMyeYWW58= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9C1783858D33 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 9DCCF1480; Fri, 3 Jan 2025 07:44:00 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 828543F6A8; Fri, 3 Jan 2025 07:43:31 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 18/23] aarch64: Handle GCS marking Date: Fri, 3 Jan 2025 15:41:36 +0000 Message-Id: <20250103154141.47731-19-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy - Handle GCS marking - Use l_searchlist.r_list for gcs (allows using the same function for static exe) Reviewed-by: Wilco Dijkstra --- sysdeps/aarch64/Makefile | 4 ++- sysdeps/aarch64/dl-gcs.c | 71 +++++++++++++++++++++++++++++++++++++++ sysdeps/aarch64/dl-prop.h | 15 ++++++--- sysdeps/aarch64/linkmap.h | 1 + 4 files changed, 85 insertions(+), 6 deletions(-) create mode 100644 sysdeps/aarch64/dl-gcs.c diff --git a/sysdeps/aarch64/Makefile b/sysdeps/aarch64/Makefile index ca8b96f550..74479604f2 100644 --- a/sysdeps/aarch64/Makefile +++ b/sysdeps/aarch64/Makefile @@ -9,7 +9,9 @@ LDFLAGS-rtld += -Wl,-z,force-bti,--fatal-warnings endif ifeq ($(subdir),elf) -sysdep-dl-routines += dl-bti +sysdep-dl-routines += \ + dl-bti \ + dl-gcs tests += tst-audit26 \ tst-audit27 diff --git a/sysdeps/aarch64/dl-gcs.c b/sysdeps/aarch64/dl-gcs.c new file mode 100644 index 0000000000..dc62908d13 --- /dev/null +++ b/sysdeps/aarch64/dl-gcs.c @@ -0,0 +1,71 @@ +/* AArch64 GCS functions. + Copyright (C) 2024-2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include + +static void +fail (struct link_map *l, const char *program) +{ + if (program && program[0]) + _dl_fatal_printf ("%s: %s: %s\n", program, l->l_name, N_("not GCS compatible")); + else if (program) + _dl_fatal_printf ("%s\n", N_("not GCS compatible")); + else + _dl_signal_error (0, l->l_name, "dlopen", N_("not GCS compatible")); +} + +static void +unsupported (void) +{ + _dl_fatal_printf ("%s\n", N_("unsupported GCS policy")); +} + +static void +check_gcs (struct link_map *l, const char *program) +{ + bool for_dlopen = program == NULL; + if (!l->l_mach.gcs) + { + if (GLRO(dl_aarch64_gcs_policy) == 2 || for_dlopen) + fail (l, program); + if (GLRO(dl_aarch64_gcs_policy) == 1) + GL(dl_aarch64_gcs) = 0; + else + unsupported (); + } +} + +/* Apply GCS policy for L and its dependencies. + PROGRAM is NULL when this check is invoked for dl_open. */ + +void +_dl_gcs_check (struct link_map *l, const char *program) +{ + /* GCS is disabled. */ + if (GL(dl_aarch64_gcs) == 0) + return; + /* GCS marking is ignored. */ + if (GLRO(dl_aarch64_gcs_policy) == 0) + return; + + check_gcs (l, program); + for (unsigned int i = 0; i < l->l_searchlist.r_nlist; i++) + check_gcs (l->l_searchlist.r_list[i], program); +} diff --git a/sysdeps/aarch64/dl-prop.h b/sysdeps/aarch64/dl-prop.h index 361fc593da..abca2be7fa 100644 --- a/sysdeps/aarch64/dl-prop.h +++ b/sysdeps/aarch64/dl-prop.h @@ -24,16 +24,21 @@ extern void _dl_bti_protect (struct link_map *, int) attribute_hidden; extern void _dl_bti_check (struct link_map *, const char *) attribute_hidden; +extern void _dl_gcs_check (struct link_map *, const char *) + attribute_hidden; + static inline void __attribute__ ((always_inline)) _rtld_main_check (struct link_map *m, const char *program) { _dl_bti_check (m, program); + _dl_gcs_check (m, program); } static inline void __attribute__ ((always_inline)) _dl_open_check (struct link_map *m) { _dl_bti_check (m, NULL); + _dl_gcs_check (m, NULL); } static inline void __attribute__ ((always_inline)) @@ -45,10 +50,6 @@ static inline int _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { - if (!GLRO(dl_aarch64_cpu_features).bti) - /* Skip note processing. */ - return 0; - if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) { /* Stop if the property note is ill-formed. */ @@ -57,7 +58,11 @@ _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, unsigned int feature_1 = *(unsigned int *) data; if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) - _dl_bti_protect (l, fd); + if (GLRO(dl_aarch64_cpu_features).bti) + _dl_bti_protect (l, fd); + + if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_GCS) + l->l_mach.gcs = 1; /* Stop if we processed the property note. */ return 0; diff --git a/sysdeps/aarch64/linkmap.h b/sysdeps/aarch64/linkmap.h index df6d3c66e8..e56c890aea 100644 --- a/sysdeps/aarch64/linkmap.h +++ b/sysdeps/aarch64/linkmap.h @@ -23,4 +23,5 @@ struct link_map_machine ElfW(Addr) plt; /* Address of .plt */ void *tlsdesc_table; /* Address of TLS descriptor hash table. */ bool bti_fail; /* Failed to enable Branch Target Identification. */ + bool gcs; /* Guarded Control Stack marking. */ }; From patchwork Fri Jan 3 15:41:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103969 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 881A13858428 for ; Fri, 3 Jan 2025 15:51:56 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 881A13858428 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 0C5043858414 for ; Fri, 3 Jan 2025 15:43:38 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0C5043858414 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 0C5043858414 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919018; cv=none; b=mQOA+W93WadKpmwcltwGpF7xszqP163Qr/DMbqeyH3dUQPg8M9jPslr5DTbl5pKi4S4DTZu6ReiO0Qr9yrY67uU6yG0OnSh4POQolB9hbM4+JSULPFoEmglYrv/OoJQmvt3OtmOY9bckSKoM6iFOUGDjk/pWlyc1iavojk7Oq7o= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919018; c=relaxed/simple; bh=olEFHpFdpRGWawLpspEC+zpmVbOcqHl0ynn6np8pdcE=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=Jd0n7C1pwueC8QFRLeUbSKNcWCoVN8CNY6Qh2uEhMugJp+poyaq6IMG/BU1zaO9cyuZTKVbWyvgBdDooB337WI8t8GuAR3aI7sf07M/f1hlrHbcIakCRLX9p1vw/T7Gjk7Ji5//wsUcphB7L+8RmXBiZFiV3ETaIoUPGr5aLl9E= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0C5043858414 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 0E3D11480; Fri, 3 Jan 2025 07:44:06 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id E4BBE3F6A8; Fri, 3 Jan 2025 07:43:36 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 19/23] aarch64: Ignore GCS property of ld.so Date: Fri, 3 Jan 2025 15:41:37 +0000 Message-Id: <20250103154141.47731-20-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy check_gcs is called for each dependency of a DSO, but the GNU property of the ld.so is not processed so ldso->l_mach.gcs may not be correct. Just assume ld.so is GCS compatible independently of the ELF marking. Reviewed-by: Wilco Dijkstra --- sysdeps/aarch64/dl-gcs.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/sysdeps/aarch64/dl-gcs.c b/sysdeps/aarch64/dl-gcs.c index dc62908d13..c4751ec3e8 100644 --- a/sysdeps/aarch64/dl-gcs.c +++ b/sysdeps/aarch64/dl-gcs.c @@ -40,6 +40,11 @@ unsupported (void) static void check_gcs (struct link_map *l, const char *program) { +#ifdef SHARED + /* Ignore GCS marking on ld.so: its properties are not processed. */ + if (is_rtld_link_map (l->l_real)) + return; +#endif bool for_dlopen = program == NULL; if (!l->l_mach.gcs) { From patchwork Fri Jan 3 15:41:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103960 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 43BF03858C60 for ; Fri, 3 Jan 2025 15:49:04 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 43BF03858C60 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 8C3E43858C60 for ; Fri, 3 Jan 2025 15:43:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8C3E43858C60 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 8C3E43858C60 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919023; cv=none; b=Gn8Nfq5CaE8cQeSw3bpFrtQEJUf5/A2dwGKrV/Uv/vLK5bRmVl8UhGfRvdw7UQtd+TayK0CARmYHLkgIZA8sxVQtseGqKCoCcwe1RKbdmTcBdIFX4S8R3ARdaTWJtbwHxpU/1cAC2/Z1aGrhsWzUVnU+q4as8B3MhXzoFwd852o= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919023; c=relaxed/simple; bh=bCusDRHVOXx17EGRKGy8xlyZ5Wf65I/hD/bMtoGpN58=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=ZkjAo6s4gNnAwBNYerx6HfsWLm4BzZzIHYGlphui7yj0zpjKTR4aOk4GApbIxuFelVWUHvlyv03pY+BH2mWTuHVSBgV2AEi/tKxeu7cGREWpaHS/Edb2ZUOdl4ZVE/U013RFBf+lkQ9oVkeJWiX9GZWwcxC9U9HCC0JHOiJDoVA= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8C3E43858C60 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 8D9CF150C; Fri, 3 Jan 2025 07:44:11 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 72D6F3F6A8; Fri, 3 Jan 2025 07:43:42 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 20/23] aarch64: Process gnu properties in static exe Date: Fri, 3 Jan 2025 15:41:38 +0000 Message-Id: <20250103154141.47731-21-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Unlike for BTI, the kernel does not process GCS properties so update GL(dl_aarch64_gcs) before the GCS status is set. Co-authored-by: Yury Khrustalev --- csu/libc-start.c | 12 ++++++++++++ sysdeps/generic/libc-start.h | 1 + sysdeps/unix/sysv/linux/aarch64/libc-start.h | 19 +++++++++++++++++++ 3 files changed, 32 insertions(+) diff --git a/csu/libc-start.c b/csu/libc-start.c index 6f3d52e223..325ef010d4 100644 --- a/csu/libc-start.c +++ b/csu/libc-start.c @@ -206,6 +206,10 @@ call_fini (void *unused) #include +#ifndef ARCH_PROCESS_NOTES +# define ARCH_PROCESS_NOTES() +#endif + STATIC int LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL), int argc, @@ -219,6 +223,11 @@ STATIC int LIBC_START_MAIN (int (*main) (int, char **, char ** void *stack_end) __attribute__ ((noreturn)); +void +__libc_process_notes (void) +{ + +} /* Note: The init and fini parameters are no longer used. fini is completely unused, init is still called if not NULL, but the @@ -276,6 +285,9 @@ LIBC_START_MAIN (int (*main) (int, char **, char ** MAIN_AUXVEC_DECL), /* Perform IREL{,A} relocations. */ ARCH_SETUP_IREL (); + /* Process notes: PT_NOTE / PT_GNU_PROPERTY. */ + ARCH_PROCESS_NOTES (); + /* The stack guard goes into the TCB, so initialize it early. */ ARCH_SETUP_TLS (); diff --git a/sysdeps/generic/libc-start.h b/sysdeps/generic/libc-start.h index 0b107cf2a1..1a421626b5 100644 --- a/sysdeps/generic/libc-start.h +++ b/sysdeps/generic/libc-start.h @@ -24,6 +24,7 @@ initialization, and this means you cannot, without machine knowledge, access TLS from an IFUNC resolver. */ #define ARCH_SETUP_IREL() apply_irel () +#define ARCH_PROCESS_NOTES() __libc_process_notes () #define ARCH_SETUP_TLS() __libc_setup_tls () #define ARCH_APPLY_IREL() #endif /* ! SHARED */ diff --git a/sysdeps/unix/sysv/linux/aarch64/libc-start.h b/sysdeps/unix/sysv/linux/aarch64/libc-start.h index 735076c086..0f80a8abe9 100644 --- a/sysdeps/unix/sysv/linux/aarch64/libc-start.h +++ b/sysdeps/unix/sysv/linux/aarch64/libc-start.h @@ -21,6 +21,24 @@ #ifndef SHARED +# include + +/* Must be on a top-level stack frame that does not return. */ +static inline void __attribute__((always_inline)) +aarch64_libc_process_notes (void) +{ + struct link_map *main_map = _dl_get_dl_main_map (); + const ElfW(Phdr) *phdr = GL(dl_phdr); + const ElfW(Phdr) *ph; + for (ph = phdr; ph < phdr + GL(dl_phnum); ph++) + if (ph->p_type == PT_GNU_PROPERTY) + { + _dl_process_pt_gnu_property (main_map, -1, ph); + _rtld_main_check (main_map, _dl_argv[0]); + break; + } +} + # ifndef PR_SET_SHADOW_STACK_STATUS # define PR_SET_SHADOW_STACK_STATUS 75 # define PR_SHADOW_STACK_ENABLE (1UL << 0) @@ -39,6 +57,7 @@ aarch64_libc_setup_tls (void) } # define ARCH_SETUP_IREL() apply_irel () +# define ARCH_PROCESS_NOTES() aarch64_libc_process_notes () # define ARCH_SETUP_TLS() aarch64_libc_setup_tls () # define ARCH_APPLY_IREL() #endif /* ! SHARED */ From patchwork Fri Jan 3 15:41:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103963 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 8C8A03858D33 for ; Fri, 3 Jan 2025 15:50:27 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 8C8A03858D33 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 903413858424 for ; Fri, 3 Jan 2025 15:43:49 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 903413858424 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 903413858424 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919029; cv=none; b=HOs7WcU5W2Zzjvd9TwIb0VgXTzBUqjzHZJ7Ztt9QsPwmw32VMF+MkPiM/4plX70y1w01xntnboVWM6RpNzTc1HTh4ZZdMIPp+mHWpCJcAKYBPI01a0OOSLs4Ly/7NmubiB1plNbNKBEhHKtoWQwxDHsgHMPbjbYNwiu6zT+Ahe4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919029; c=relaxed/simple; bh=WLwnqY4EUueRcBwL6vQObltzDOxC+LHVY2FCAUsn3TE=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=eOpJ317Po1VPkR7owQgOPHA9mn6Epnl3ggL90M7JkQyCzglyKiNAGcthBq7aGzoJ1kJQ4xTZdgRkcVsSzUZkExIFd9egnrxrUtQilNPpnCQ97KTsW72l2tk9rIeTf/zpr8t80YsvlCfAXhnceYifU0ciknjZS7Ksfti7VZ+kzMI= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 903413858424 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7EAF11480; Fri, 3 Jan 2025 07:44:17 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3E8373F6A8; Fri, 3 Jan 2025 07:43:48 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 21/23] aarch64: Add GCS user-space allocation logic Date: Fri, 3 Jan 2025 15:41:39 +0000 Message-Id: <20250103154141.47731-22-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Allocate GCS based on the stack size, this can be used for coroutines (makecontext) and thread creation (if the kernel allows user allocated GCS). Reviewed-by: Wilco Dijkstra --- sysdeps/aarch64/Makefile | 3 +- sysdeps/aarch64/__alloc_gcs.c | 66 +++++++++++++++++++++++++++++++++++ sysdeps/aarch64/aarch64-gcs.h | 28 +++++++++++++++ 3 files changed, 96 insertions(+), 1 deletion(-) create mode 100644 sysdeps/aarch64/__alloc_gcs.c create mode 100644 sysdeps/aarch64/aarch64-gcs.h diff --git a/sysdeps/aarch64/Makefile b/sysdeps/aarch64/Makefile index 74479604f2..4b7f8a5c07 100644 --- a/sysdeps/aarch64/Makefile +++ b/sysdeps/aarch64/Makefile @@ -71,7 +71,8 @@ sysdep_headers += sys/ifunc.h sysdep_routines += \ __mtag_tag_zero_region \ __mtag_tag_region \ - __arm_za_disable + __arm_za_disable \ + __alloc_gcs tests += \ tst-sme-jmp diff --git a/sysdeps/aarch64/__alloc_gcs.c b/sysdeps/aarch64/__alloc_gcs.c new file mode 100644 index 0000000000..8268c78abd --- /dev/null +++ b/sysdeps/aarch64/__alloc_gcs.c @@ -0,0 +1,66 @@ +/* AArch64 GCS allocation. + Copyright (C) 2024-2025 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include + +#ifndef __NR_map_shadow_stack +# define __NR_map_shadow_stack 453 +#endif +#ifndef SHADOW_STACK_SET_TOKEN +# define SHADOW_STACK_SET_TOKEN (1UL << 0) +# define SHADOW_STACK_SET_MARKER (1UL << 1) +#endif + +static void * +map_shadow_stack (void *addr, size_t size, unsigned long flags) +{ + return (void *) INLINE_SYSCALL_CALL (map_shadow_stack, addr, size, flags); +} + +#define GCS_MAX_SIZE (1UL << 31) +#define GCS_ALTSTACK_RESERVE 160 + +void * +__alloc_gcs (size_t stack_size, void **ss_base, size_t *ss_size) +{ + size_t size = (stack_size / 2 + GCS_ALTSTACK_RESERVE) & -8UL; + if (size > GCS_MAX_SIZE) + size = GCS_MAX_SIZE; + + unsigned long flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN; + void *base = map_shadow_stack (NULL, size, flags); + if (base == (void *) -1) + return NULL; + + *ss_base = base; + *ss_size = size; + + uint64_t *gcsp = (uint64_t *) ((char *) base + size); + /* Skip end of GCS token. */ + gcsp--; + /* Verify GCS cap token. */ + gcsp--; + if (((uint64_t)gcsp & 0xfffffffffffff000) + 1 != *gcsp) + { + __munmap (base, size); + return NULL; + } + /* Return the target GCS pointer for context switch. */ + return gcsp + 1; +} diff --git a/sysdeps/aarch64/aarch64-gcs.h b/sysdeps/aarch64/aarch64-gcs.h new file mode 100644 index 0000000000..162ef18726 --- /dev/null +++ b/sysdeps/aarch64/aarch64-gcs.h @@ -0,0 +1,28 @@ +/* AArch64 GCS (Guarded Control Stack) declarations. + This file is part of the GNU C Library. + Copyright (C) 2024-2025 Free Software Foundation, Inc. + Copyright The GNU Toolchain Authors. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _AARCH64_GCS_H +#define _AARCH64_GCS_H + +#include +#include + +void *__alloc_gcs (size_t, void **, size_t *) attribute_hidden; + +#endif From patchwork Fri Jan 3 15:41:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103971 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 7A9AB3858D20 for ; Fri, 3 Jan 2025 15:54:36 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 7A9AB3858D20 X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 787FF3858401 for ; Fri, 3 Jan 2025 15:43:55 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 787FF3858401 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 787FF3858401 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919035; cv=none; b=iJCTdPk2A574mQ9mNvH9uigU2ivs+O2OB+OR8zIKbKl/1BE7H8wS9BvjP2HioKe/r6r7oq6VyOaaasAW4Ycu/mMBFYDPOC6iqrp2WhoWeNRaxl4z7ydTLF8BKm7ClfJSql3zbtGm8E+Ddd8ooMOhj0IlgFiqUvkfbnPOjEhkImE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919035; c=relaxed/simple; bh=m1aIm9ofAoiXJrgpSmO0O3S7qbdqHTftkfrXbSdW4mc=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=ZT4cAfAbg6s174w1GhPcCTpIDF+pTevyD0MPgT4nzeImIoXLtVsc53JU203xo02feUbeHx8Dp5rursh6njLhLIUtoWGlrTtAEPPmlhAdnutWtAD4SybqnHZMxQGwZIqZbwZBvy/JgfLN19cW+DJl/F8P3/JkD7C6kUit/WhEVU0= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 787FF3858401 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id 7A5FE1480; Fri, 3 Jan 2025 07:44:23 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id 3A4373F6A8; Fri, 3 Jan 2025 07:43:54 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 22/23] aarch64: Use __alloc_gcs in makecontext Date: Fri, 3 Jan 2025 15:41:40 +0000 Message-Id: <20250103154141.47731-23-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org From: Szabolcs Nagy Reviewed-by: Wilco Dijkstra --- sysdeps/unix/sysv/linux/aarch64/makecontext.c | 41 +++---------------- 1 file changed, 6 insertions(+), 35 deletions(-) diff --git a/sysdeps/unix/sysv/linux/aarch64/makecontext.c b/sysdeps/unix/sysv/linux/aarch64/makecontext.c index f43fc45c76..8a91fed3fc 100644 --- a/sysdeps/unix/sysv/linux/aarch64/makecontext.c +++ b/sysdeps/unix/sysv/linux/aarch64/makecontext.c @@ -23,6 +23,7 @@ #include #include #include +#include "aarch64-gcs.h" #define GCS_MAGIC 0x47435300 @@ -72,47 +73,17 @@ __libc_aarch64_thread_freeres (void) free_gcs_list (); } -#ifndef __NR_map_shadow_stack -# define __NR_map_shadow_stack 453 -#endif -#ifndef SHADOW_STACK_SET_TOKEN -# define SHADOW_STACK_SET_TOKEN (1UL << 0) -# define SHADOW_STACK_SET_MARKER (1UL << 1) -#endif - -static void * -map_shadow_stack (void *addr, size_t size, unsigned long flags) -{ - return (void *) INLINE_SYSCALL_CALL (map_shadow_stack, addr, size, flags); -} - -#define GCS_MAX_SIZE (1UL << 31) -#define GCS_ALTSTACK_RESERVE 160 - static void * alloc_makecontext_gcs (size_t stack_size) { - size_t size = (stack_size / 2 + GCS_ALTSTACK_RESERVE) & -8UL; - if (size > GCS_MAX_SIZE) - size = GCS_MAX_SIZE; - - unsigned long flags = SHADOW_STACK_SET_MARKER | SHADOW_STACK_SET_TOKEN; - void *base = map_shadow_stack (NULL, size, flags); - if (base == (void *) -1) + void *base; + size_t size; + void *gcsp = __alloc_gcs (stack_size, &base, &size); + if (gcsp == NULL) /* ENOSYS, bad size or OOM. */ abort (); - record_gcs (base, size); - - uint64_t *gcsp = (uint64_t *) ((char *) base + size); - /* Skip end of GCS token. */ - gcsp--; - /* Verify GCS cap token. */ - gcsp--; - if (((uint64_t)gcsp & 0xfffffffffffff000) + 1 != *gcsp) - abort (); - /* Return the target GCS pointer for context switch. */ - return gcsp + 1; + return gcsp; } void From patchwork Fri Jan 3 15:41:41 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yury Khrustalev X-Patchwork-Id: 103968 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 67EB7385842C for ; Fri, 3 Jan 2025 15:51:47 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 67EB7385842C X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from foss.arm.com (foss.arm.com [217.140.110.172]) by sourceware.org (Postfix) with ESMTP id 0203E3858C98 for ; Fri, 3 Jan 2025 15:44:01 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 0203E3858C98 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=arm.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=arm.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 0203E3858C98 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=217.140.110.172 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919041; cv=none; b=lwHq9RLpT21KvH+VJnHtJkpAjV1XfCHofL42d9PqEDA4heHDtuCCQrPcUQauk2zaH/Hp8gP3C/VGJbNTbBwkfdlUZQm9E/QgJYcC2AvQ6N4NqwsP11gSz3jcyoSTZloh6oNDOuo952823lrnk2UfD6zXKXKUYg8z/dLlEpEzxK0= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1735919041; c=relaxed/simple; bh=2noXdGYb3HM1EkIdXjXbKitX8WXKKUjyjKM4GhcnSis=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=h4Uop3Scp3rXnEJMgOvvIhYDodKUWNlZrK7AU8BMe2xgVQgCTafgAbjeaN38AV5NNTostw98um9FZVq0xnDkseCRhah3k3/WbeSbHUiRZ6y050dS1TOkQZbElaQcW2DEjVkLt4bZTbJur+wh0v2LHN+GdhheplY0+7MetLYi22g= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 0203E3858C98 Received: from usa-sjc-imap-foss1.foss.arm.com (unknown [10.121.207.14]) by usa-sjc-mx-foss1.foss.arm.com (Postfix) with ESMTP id EEE60150C; Fri, 3 Jan 2025 07:44:28 -0800 (PST) Received: from udebian.localdomain (unknown [10.57.3.206]) by usa-sjc-imap-foss1.foss.arm.com (Postfix) with ESMTPSA id D447C3F6A8; Fri, 3 Jan 2025 07:43:59 -0800 (PST) From: Yury Khrustalev To: libc-alpha@sourceware.org Cc: fweimer@redhat.com, adhemerval.zanella@linaro.org, codonell@redhat.com, nsz@gcc.gnu.org, schwab@suse.de, wilco.dijkstra@arm.com Subject: [PATCH v7 23/23] aarch64: Fix tests not compatible with targets supporting GCS Date: Fri, 3 Jan 2025 15:41:41 +0000 Message-Id: <20250103154141.47731-24-yury.khrustalev@arm.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20250103154141.47731-1-yury.khrustalev@arm.com> References: <20250103154141.47731-1-yury.khrustalev@arm.com> MIME-Version: 1.0 X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00, GIT_PATCH_0, KAM_DMARC_NONE, KAM_DMARC_STATUS, KAM_LAZY_DOMAIN_SECURITY, KAM_SHORT, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org - Add GCS marking to some of the tests when target supports GCS - Fix tst-ro-dynamic-mod.map linker script to avoid removing GNU properties - Add header with macros for GNU properties Reviewed-by: Wilco Dijkstra --- elf/tst-asm-helper.h | 49 ++++++++++++++++++++++++++++++++++ elf/tst-big-note-lib.S | 2 ++ elf/tst-ro-dynamic-mod.map | 7 +++-- sysdeps/aarch64/tst-vpcs-mod.S | 4 ++- 4 files changed, 57 insertions(+), 5 deletions(-) create mode 100644 elf/tst-asm-helper.h diff --git a/elf/tst-asm-helper.h b/elf/tst-asm-helper.h new file mode 100644 index 0000000000..6f91ac2ddc --- /dev/null +++ b/elf/tst-asm-helper.h @@ -0,0 +1,49 @@ +/* Test header that defines macros for GNU properties that need to be + used in some test assembly files where sysdep.h cannot be included + for some reason. + Copyright (C) 2024-2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include + +/* GNU_PROPERTY_AARCH64_* macros from elf.h for use in asm code. */ +#define FEATURE_1_AND 0xc0000000 +#define FEATURE_1_BTI 1 +#define FEATURE_1_PAC 2 +#define FEATURE_1_GCS 4 + +/* Add a NT_GNU_PROPERTY_TYPE_0 note. */ +#define GNU_PROPERTY(type, value) \ + .section .note.gnu.property, "a"; \ + .p2align 3; \ + .word 4; \ + .word 16; \ + .word 5; \ + .asciz "GNU"; \ + .word type; \ + .word 4; \ + .word value; \ + .word 0; \ + .text + +/* Add GNU property note with the supported features to all asm code + where sysdep.h is included. */ +#if HAVE_AARCH64_BTI && HAVE_AARCH64_PAC_RET +GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_PAC|FEATURE_1_GCS) +#elif HAVE_AARCH64_BTI +GNU_PROPERTY (FEATURE_1_AND, FEATURE_1_BTI|FEATURE_1_GCS) +#endif diff --git a/elf/tst-big-note-lib.S b/elf/tst-big-note-lib.S index 244ca40628..3608686ebb 100644 --- a/elf/tst-big-note-lib.S +++ b/elf/tst-big-note-lib.S @@ -20,6 +20,8 @@ On a typical Linux system with 8MiB "ulimit -s", that was enough to trigger stack overflow in open_verify. */ +#include "tst-asm-helper.h" + #define NOTE_SIZE 8*1024*1024 .pushsection .note.big,"a" diff --git a/elf/tst-ro-dynamic-mod.map b/elf/tst-ro-dynamic-mod.map index 2fe4a2998c..2a158480c0 100644 --- a/elf/tst-ro-dynamic-mod.map +++ b/elf/tst-ro-dynamic-mod.map @@ -3,14 +3,13 @@ SECTIONS . = SIZEOF_HEADERS; .dynamic : { *(.dynamic) } :text :dynamic .rodata : { *(.data*) *(.bss*) } :text - /DISCARD/ : { - *(.note.gnu.property) - } - .note : { *(.note.*) } :text :note + .note : { *(.note) } :text :note + .note.gnu.property : { *(.note.gnu.property) } :text :gnu_property } PHDRS { text PT_LOAD FLAGS(5) FILEHDR PHDRS; dynamic PT_DYNAMIC FLAGS(4); note PT_NOTE FLAGS(4); + gnu_property PT_GNU_PROPERTY FLAGS(4); } diff --git a/sysdeps/aarch64/tst-vpcs-mod.S b/sysdeps/aarch64/tst-vpcs-mod.S index 972e1a6603..613a4d1398 100644 --- a/sysdeps/aarch64/tst-vpcs-mod.S +++ b/sysdeps/aarch64/tst-vpcs-mod.S @@ -17,6 +17,8 @@ License along with the GNU C Library. If not, see . */ +#include "tst-asm-helper.h" + .variant_pcs vpcs_call .global vpcs_call .type vpcs_call, %function @@ -121,7 +123,7 @@ vpcs_call_regs: /* Emulate a BL using B, but save x30 before the branch. */ adr x30, .L_return_addr stp x30, x29, [x1, 240] - b vpcs_call + bl vpcs_call .L_return_addr: /* Restore callee-saved registers. */