From patchwork Fri Mar 27 17:44:23 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 132387 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id 15F984BA900F for ; Fri, 27 Mar 2026 17:45:14 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 15F984BA900F Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=FT5Qs+Rx X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-ua1-x930.google.com (mail-ua1-x930.google.com [IPv6:2607:f8b0:4864:20::930]) by sourceware.org (Postfix) with ESMTPS id 94D7C4BA9034 for ; Fri, 27 Mar 2026 17:44:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 94D7C4BA9034 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 94D7C4BA9034 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::930 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1774633480; cv=none; b=msCoxu7mWN5euWwKlDriiOc2DA6crOaAySqt/dVAH+vyBF/2R5hlUX9RfRouTzhEM5UaqewUOew6KjqGVUHXRhOtRhm0kKig6w1GTUH9aHK8mISWMmUgEztki5k1eSDw0dSrmkGbjOVp9Nevt3Ympm8zsdY+uXN4t4EmRLw1Haw= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1774633480; c=relaxed/simple; bh=13SveF37yptrmaumg0KvcZkRRBbv196+7WE1hEXD/Mw=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=fscvXuN+13wiEoSIw/35h4N5aje3/ywC04doIHZFKx1z+aF3PsmSyk5jZ5viP9U3hFlBoNDEFfRQtoGcJGrq76MAK0MRV00WK1QTVyvpj/ZWeV3ZqWtvF2mMlhvmu6YASCdUYUVFn+xIqhrbSRVZlBNPJ+Ul/su63Uy/EfdGbts= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 94D7C4BA9034 Received: by mail-ua1-x930.google.com with SMTP id a1e0cc1a2514c-950b77942deso753644241.1 for ; Fri, 27 Mar 2026 10:44:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1774633480; x=1775238280; darn=sourceware.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=v3Xf+e76qSjKDSVavrqFclRq0Uio7B9FvsbuNEsCC+Q=; b=FT5Qs+Rx0MjKjMI9cMmTiqmOrMuBNAC308vk67ruucCGrLA5gLpRSmMFQXxju4uHIY r4KFPsF5Mf9Ef1oosTxNrmVZ3IoRzigV9T94dGsku8bwaPQX0AkODydSG0UWT2IauJmC 2YFAlo8RVWNcvt36nbIvMHFqiigxBpCV/T4K/ktWjMDo+0ldRBnRW85N6aVPbjC1V6vA 59Yti67BZQOvA16nb3xbKpHMojTDAYxHNd4eLW+bFQXVuXRjM53ufDXWnsMVzAhkt5nu xH4m1afXmXRy4RS9sqkB7bcTLEOJb8UURkRQLnWmo5FdKtGS7wFdguoc1a2wNnja5AsM xzRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774633480; x=1775238280; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=v3Xf+e76qSjKDSVavrqFclRq0Uio7B9FvsbuNEsCC+Q=; b=FxL+vK7lrXx314Or2I1XMGjC9pdFvK7FZWVxzDKRwJeRkt29pzANrci6klw/e8XUuI ZJE40RfybHvJBkZK5wGOwr3Ogb45Gqxyvvsf3pz+V1PvQZOo9UPl29P0EV8rgOBLRPJX A4ULjHkRyN638PyvldRYEzjt6D1VANH1TpqGsaIuStpV4iu0DDsyeTHsN+83xgEYkrfj qzmrux7sBskjGyzbl04mzoF7mpt1z48zvSV5fS/4ktjXTahf6ojyAMQRK/0LyakxSo5h AOeZngJ59h/CCXlsBcXLllsxeGuhqSvLYVOObJcOItgdO1U/pCM0zfsZSKXj3ZzOhFlF TY9g== X-Gm-Message-State: AOJu0Ywab/rA4ez6bBCAOum433ek9ncvEQ7+HMbGs+0/vNmddjkUjllh eDE39JD+QMCS36kEgEn+DmZtNieNnGSgBOUebv0A2Bse1STQcP6yWHLw9HdGegB4eXZ+ROJVg6h 8a6wG X-Gm-Gg: ATEYQzzSqADsQZyZHUfM5r0bA9SsbNRvGXDnV1Vw67i+RGT6LGlzsnDWLlPMJdvTor1 2yAA4tw+PrPab5YikY7/0yTuHYmpRX6lriDvyo6WpCllgmGCEi3Z7Rd0V5NEZcTUtrC1sdzxvqL HWYNBJR7UMyqSjnAD7ro71Mk7uoCZmZtVAmr6CgA3GmSYt2xJzYMeZNMzXK+Iv6fsqo6QbCcTtq sCM1dtHgw6K2A91ra08vZazb0nY7GKyvKoJZIdeACpTwF3otP4MzLbfbyxjVcbHeJ2ZcSJFcIIZ 6KB6VLI0L4H+5B6EQ7i/9PI4icSQXPjSAHy6sXHPAIZJGLgsi3kHZAr5L5+FsKtBblGHWJnWwLN fO7/MN4y12sF45I1d/b6+vWxFoTpFWUHPokEIJQxj/6RXJGzOaEMjENJGVOYL2Aze9IJbHbJj+f xBHJy8ulSqLFBoiTep6E+3wQjYrxYfLrnnSis= X-Received: by 2002:a05:6102:14a9:b0:5ff:b403:a36a with SMTP id ada2fe7eead31-604f90e55a3mr1563555137.16.1774633479402; Fri, 27 Mar 2026 10:44:39 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:90ea:62b5:ca73:a5e8:4825]) by smtp.gmail.com with ESMTPSA id a1e0cc1a2514c-951be56f28esm7578251241.10.2026.03.27.10.44.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Mar 2026 10:44:38 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Yury Khrustalev , Wilco Dijkstra Subject: [PATCH 1/2] aarch64: Convert GCS policy states to an enum Date: Fri, 27 Mar 2026 14:44:23 -0300 Message-ID: <20260327174434.2852296-1-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org This patch replaces the raw preprocessor macros used for GCS policies with a strictly typed 'aarch64_gcs_mode' enum. A new header, 'aarch64/dl-gcs.h', is introduced to centralize the GCS mode definitions and enforce internal mode typing. The '_dl_aarch64_gcs' variable is updated to the new 32-bit enum type, and dl-start.S is adjusted to load and test 32-bit w registers 64-bit ones. Checked on aarch64-linux-gnu. --- sysdeps/aarch64/dl-gcs.c | 25 +++--------- sysdeps/aarch64/dl-gcs.h | 38 +++++++++++++++++++ sysdeps/aarch64/dl-start.S | 6 +-- sysdeps/aarch64/ldsodefs.h | 1 + .../unix/sysv/linux/aarch64/dl-procruntime.c | 2 +- sysdeps/unix/sysv/linux/aarch64/libc-start.h | 2 +- 6 files changed, 50 insertions(+), 24 deletions(-) create mode 100644 sysdeps/aarch64/dl-gcs.h diff --git a/sysdeps/aarch64/dl-gcs.c b/sysdeps/aarch64/dl-gcs.c index 4961ad75eb..213ed01382 100644 --- a/sysdeps/aarch64/dl-gcs.c +++ b/sysdeps/aarch64/dl-gcs.c @@ -18,18 +18,6 @@ #include #include -/* GCS is disabled. */ -#define GCS_POLICY_DISABLED 0 - -/* Enable GCS, abort if unmarked binary is found. */ -#define GCS_POLICY_ENFORCED 1 - -/* Optionally enable GCS if all startup dependencies are marked. */ -#define GCS_POLICY_OPTIONAL 2 - -/* Override binary marking and always enabled GCS. */ -#define GCS_POLICY_OVERRIDE 3 - static void fail (struct link_map *l, const char *program) { @@ -96,7 +84,7 @@ check_gcs (struct link_map *l, const char *program, bool enforced, /* Binary is not marked but GSC is optional: disable GCS. */ else { - GL(dl_aarch64_gcs) = 0; + GL(dl_aarch64_gcs) = AARCH64_GCS_POLICY_DISABLED; return false; } __builtin_unreachable (); @@ -124,16 +112,15 @@ check_gcs_depends (struct link_map *l, const char *program, bool enforced, void _dl_gcs_check (struct link_map *l, const char *program, int dlopen_mode) { - unsigned long policy = GL (dl_aarch64_gcs); - switch (policy) + switch (GL(dl_aarch64_gcs)) { - case GCS_POLICY_DISABLED: - case GCS_POLICY_OVERRIDE: + case AARCH64_GCS_POLICY_DISABLED: + case AARCH64_GCS_POLICY_OVERRIDE: return; - case GCS_POLICY_ENFORCED: + case AARCH64_GCS_POLICY_ENFORCED: check_gcs_depends (l, program, true, dlopen_mode); return; - case GCS_POLICY_OPTIONAL: + case AARCH64_GCS_POLICY_OPTIONAL: check_gcs_depends (l, program, false, dlopen_mode); return; default: diff --git a/sysdeps/aarch64/dl-gcs.h b/sysdeps/aarch64/dl-gcs.h new file mode 100644 index 0000000000..bee3c94432 --- /dev/null +++ b/sysdeps/aarch64/dl-gcs.h @@ -0,0 +1,38 @@ +/* Internal AArch64 GCS definitions. + Copyright (C) 2026 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#ifndef _DL_GCS_H +#define _DL_GCS_H + +#include + +typedef enum +{ + /* GCS is disabled. */ + AARCH64_GCS_POLICY_DISABLED = 0, + /* Enable GCS, abort if unmarked binary is found. */ + AARCH64_GCS_POLICY_ENFORCED = 1, + /* Optionally enable GCS if all startup dependencies are marked. */ + AARCH64_GCS_POLICY_OPTIONAL = 2, + /* Override binary marking and always enabled GCS. */ + AARCH64_GCS_POLICY_OVERRIDE = 3 +} aarch64_gcs_mode; + +/* dl-start.S assumes aarch64_gcs_mode is representable as uint32_t. */ +verify (sizeof (aarch64_gcs_mode) == 4); + +#endif diff --git a/sysdeps/aarch64/dl-start.S b/sysdeps/aarch64/dl-start.S index c278485cd3..78b30b709e 100644 --- a/sysdeps/aarch64/dl-start.S +++ b/sysdeps/aarch64/dl-start.S @@ -35,8 +35,8 @@ ENTRY (_start) /* Use GL(dl_aarch64_gcs) to set the shadow stack status. */ adrp x16, _rtld_local add x16, x16, :lo12:_rtld_local - ldr x22, [x16, GL_DL_AARCH64_GCS_OFFSET] - cbz x22, L(skip_gcs_enable) + ldr w22, [x16, GL_DL_AARCH64_GCS_OFFSET] + cbz w22, L(skip_gcs_enable) /* Enable GCS before user code runs. Note that IFUNC resolvers and LD_AUDIT hooks may run before, but should not create threads. */ @@ -53,7 +53,7 @@ ENTRY (_start) cbnz w0, L(failed_gcs_enable) /* Check if we need to lock GCS features. */ /* If the aarch64_gcs tunable is either 0 or 2 do not lock GCS. */ - tst x22, #-3 + tst w22, #-3 beq L(skip_gcs_enable) mov x0, PR_LOCK_SHADOW_STACK_STATUS /* Lock everything including future operations. */ diff --git a/sysdeps/aarch64/ldsodefs.h b/sysdeps/aarch64/ldsodefs.h index 03b35ce20a..d29569593a 100644 --- a/sysdeps/aarch64/ldsodefs.h +++ b/sysdeps/aarch64/ldsodefs.h @@ -21,6 +21,7 @@ #include #include +#include struct La_aarch64_regs; struct La_aarch64_retval; diff --git a/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c b/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c index 1f3b58d0fc..d49bb6cf5d 100644 --- a/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c +++ b/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c @@ -24,7 +24,7 @@ # if !defined PROCINFO_DECL && defined SHARED ._dl_aarch64_gcs # else -PROCINFO_CLASS unsigned long _dl_aarch64_gcs +PROCINFO_CLASS aarch64_gcs_mode _dl_aarch64_gcs # endif # ifndef PROCINFO_DECL = 0 diff --git a/sysdeps/unix/sysv/linux/aarch64/libc-start.h b/sysdeps/unix/sysv/linux/aarch64/libc-start.h index 4ccd13741b..293c8a90b2 100644 --- a/sysdeps/unix/sysv/linux/aarch64/libc-start.h +++ b/sysdeps/unix/sysv/linux/aarch64/libc-start.h @@ -54,7 +54,7 @@ aarch64_libc_setup_tls (void) _rtld_main_check (main_map, _dl_argv[0]); - uint64_t gcs = GL (dl_aarch64_gcs); + aarch64_gcs_mode gcs = GL(dl_aarch64_gcs); if (gcs != GCS_POLICY_DISABLED) { int ret; From patchwork Fri Mar 27 17:44:24 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adhemerval Zanella Netto X-Patchwork-Id: 132388 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from vm01.sourceware.org (localhost [127.0.0.1]) by sourceware.org (Postfix) with ESMTP id 331B44BA9026 for ; Fri, 27 Mar 2026 17:46:16 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 331B44BA9026 Authentication-Results: sourceware.org; dkim=pass (2048-bit key, unprotected) header.d=linaro.org header.i=@linaro.org header.a=rsa-sha256 header.s=google header.b=ePaQzGS/ X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-vs1-xe2b.google.com (mail-vs1-xe2b.google.com [IPv6:2607:f8b0:4864:20::e2b]) by sourceware.org (Postfix) with ESMTPS id B4B954BA900F for ; Fri, 27 Mar 2026 17:44:42 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org B4B954BA900F Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=linaro.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=linaro.org ARC-Filter: OpenARC Filter v1.0.0 sourceware.org B4B954BA900F Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::e2b ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1774633482; cv=none; b=Dyy0ZaRw7lbMhqdecTwpOxcq1v3iNwYrHlqAVwy9oDceS9kuR7/ia6weo6xao3ZSNWDcfoT6py2h8C7YlPspsJLRRGb2zL/XDcIh6xTNZU9bvXsPcq94n1vO8PdVYGgWV1J//uuMXhPAKB5JKu1DgovV/wXhgfp7Whb7GVtiOe8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1774633482; c=relaxed/simple; bh=J13VxDZcjfHSsw5ipcGepfiSAVxr0XU21xU5VLc+IRA=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=OProKu23rtfGmUK5AKQ6GKLX5QCDt6qLWxHEme5S1UAf/oF23HvXHvL2JAw5MIvZZT1gYuSZzRepXjt8ngsaCA+3h9SNkGw5yKN/amke6Bj/5ItbdJ0qVOwCnoS691/7U1GaRFBkcCbmbk4GKDdi40z5z4Vz51L4LApnbUtx23o= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B4B954BA900F Received: by mail-vs1-xe2b.google.com with SMTP id ada2fe7eead31-602903ad849so816452137.3 for ; Fri, 27 Mar 2026 10:44:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1774633482; x=1775238282; darn=sourceware.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=KozdqQlKLIAvVgfuA5qoWrZZ+hcnV2CSGwwqzoLoB6c=; b=ePaQzGS/tPiIbQZI/vtZ8vhEFomYSZn0X0cCaDdqGvVTzTUQXOtITBteatCYcR933a 2dFMgzx4EWIjNOBpI2gyNTBX5nLmrO5FHwH+0F4DsNcMCj8nrSV8NpKKYuTt6iRTaQJp dj4Y8D/Un+SuJotNAWta7EdyY3CJx3PiZqUuEYgpqMkyOBq5C4GTrGdatf9jcOO4+GUR QCpM3SbuMDeNhoOBBKiIFmH5VQF0UY5MBJKuHfLG7jvPAxJLGdpxsLxQJid4XS72/W9o rMV8kVLR0+AKM/ZAVleaYCpE8xi2+x6vIy4U2jpo9QRWujaIRpVbu4Q0InV79FuwAkg0 hP+A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1774633482; x=1775238282; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=KozdqQlKLIAvVgfuA5qoWrZZ+hcnV2CSGwwqzoLoB6c=; b=gxfG2bYOyNJoi9LiV3fBlqV1nl6nwlp1IyG70ALR/x/mhsnXWuAIsAb0SWg/RPWkcY nq2yUaOD9lZY4zA7cHvC/iEEE85u65SCFUfLJMZznkGFUMUB7Y8nDlGa2KL1tUCMwiy8 w9w/2ITBC6v+vtXq+lr6/EaTtmCRnEQUkHAXQzPH4GKRdbzoQKfQQuNhtkYa246/SZjT 7xBdrdC5dB0C1ZkdsV5JKIhYpGiriIKnzQXJiLkVH0OMDiI4umv2rRDmaOAyYRkVx4lW DJiAwhFHa87qJ/NfIsVDyFCfqpALezqOE06UKIj0DJwveP9qbkPb7qGxY8IRP73qOcFK WeyQ== X-Gm-Message-State: AOJu0Ywrvas1VSb3PcHRNxFdEfwN2C3rGfdtTYqjR5GFpXcM9KSuGYtp sy9tQ4cLs4HF1foD+EL1V8jIZ/Qc3tfdJRfdfTD9tUZibK0HwE3mHeAebXeYSVA6zjGdBiZtuIn ldKEb X-Gm-Gg: ATEYQzy4YGpDShK2qdvvJWWdsEtPohR4Y33Bhnj48opV1gyst/dFvkXhcMp1X4BpJ8k wGJ2Gc1uKAxIPwsF+/4kqj390O1HRfV16sZNd9fP0SD69yzW7Ex0i1btKjIOKQKT86NPsTS1EjS TLP8HNmpWy2Bn82/vOF9vdsdDa/7b9sWPTVC/Qr5p7E/i6Wr+bynsSgk0g3fG1GaDg/QFjSJhoA TFYtw0FpLuQ74uhI9VlrrEJlvpu8a0gdpNjrqFFzOhuRVKMnIxgdFDVUwDnFlPBlAmUTwz8EOdW tMlWWY2ssxqzllP+SbUHqFcqCX/uyDAJrSIX0HzA//M6IZ3WINcYOVkYp34mFTgzchDo/8SLwA3 oMEkIbirdwY4XrPycgkROhTiy45NdxWBXkPQvWwKuZOa1Rc3zlZj5MPI9SZj98/zenl23nBGcZS 5J73X3cJF/+bCD31TX3rjjZkQl4IVNbKdxm7s67yXD8mdHFA== X-Received: by 2002:a05:6102:2c17:b0:5ff:f366:dbe1 with SMTP id ada2fe7eead31-604f90f12f8mr1429114137.15.1774633481655; Fri, 27 Mar 2026 10:44:41 -0700 (PDT) Received: from mandiga.. ([2804:1b3:a7c1:90ea:62b5:ca73:a5e8:4825]) by smtp.gmail.com with ESMTPSA id a1e0cc1a2514c-951be56f28esm7578251241.10.2026.03.27.10.44.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 27 Mar 2026 10:44:41 -0700 (PDT) From: Adhemerval Zanella To: libc-alpha@sourceware.org Cc: Yury Khrustalev , Wilco Dijkstra Subject: [PATCH 2/2] aarch64: Accept string values for glibc.cpu.aarch64_gcs tunable Date: Fri, 27 Mar 2026 14:44:24 -0300 Message-ID: <20260327174434.2852296-2-adhemerval.zanella@linaro.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260327174434.2852296-1-adhemerval.zanella@linaro.org> References: <20260327174434.2852296-1-adhemerval.zanella@linaro.org> MIME-Version: 1.0 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_BLOCKED, SPF_HELO_NONE, SPF_PASS, TXREP, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces~patchwork=sourceware.org@sourceware.org This patch updates the glibc.cpu.aarch64_gcs tunable to accept human-readable strings in addition to its standard numerical values. The tunable now accepts the strings 'disabled', 'enforced', 'optional', and 'override', mapping them to their corresponding 0, 1, 2, and 3 internal enum states. To support custom parsing in architecture-specific code, the 'tunable_parse_num' function is moved to the generic dl-tunables-parse.h as an inline function. The '__tunable_print_error' function is exposed globally so that invalid string inputs caught in the newly added 'aarch64_gcs' callback can trigger standard tunable warnings. Checked on aarch64-linux-gnu. --- elf/dl-tunables.c | 29 +++++++++---------- elf/dl-tunables.h | 3 ++ manual/tunables.texi | 8 ++--- sysdeps/aarch64/dl-tunables.list | 5 +--- sysdeps/generic/dl-tunables-parse.h | 13 +++++++++ .../unix/sysv/linux/aarch64/cpu-features.c | 28 +++++++++++++++++- 6 files changed, 61 insertions(+), 25 deletions(-) diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c index bdb1de4ceb..7fd6894ec9 100644 --- a/elf/dl-tunables.c +++ b/elf/dl-tunables.c @@ -36,6 +36,7 @@ #define TUNABLES_INTERNAL 1 #include "dl-tunables.h" +#include static char ** get_next_env (char **envp, char **name, char **val, char ***prev_envp) @@ -119,17 +120,6 @@ do_tunable_update_val (tunable_t *cur, const tunable_val_t *valp, cur->initialized = true; } -static bool -tunable_parse_num (const char *strval, size_t len, tunable_num_t *val) -{ - char *endptr = NULL; - uint64_t numval = _dl_strtoul (strval, &endptr); - if (endptr != strval + len) - return false; - *val = (tunable_num_t) numval; - return true; -} - /* Validate range of the input value and initialize the tunable CUR if it looks good. */ static bool @@ -239,14 +229,21 @@ parse_tunables_string (const char *valstring, struct tunable_toset_t *tunables) return ntunables; } -static void -parse_tunable_print_error (const struct tunable_toset_t *toset) + +void +__tunable_print_error (const char *value, size_t len, const char *name) { _dl_error_printf ("WARNING: ld.so: invalid GLIBC_TUNABLES value `%.*s' " "for option `%s': ignored.\n", - (int) toset->len, - toset->value, - toset->t->name); + (int) len, + value, + name); +} + +static inline void +parse_tunable_print_error (const struct tunable_toset_t *toset) +{ + __tunable_print_error (toset->value, toset->len, toset->t->name); } static void diff --git a/elf/dl-tunables.h b/elf/dl-tunables.h index 45aeed47bc..9a1d12922e 100644 --- a/elf/dl-tunables.h +++ b/elf/dl-tunables.h @@ -61,6 +61,9 @@ rtld_hidden_proto (__tunable_get_val) rtld_hidden_proto (__tunable_set_val) rtld_hidden_proto (__tunable_get_default) +extern void __tunable_print_error (const char *, size_t, const char *) + attribute_hidden; + /* Define TUNABLE_GET and TUNABLE_SET in short form if TOP_NAMESPACE and TUNABLE_NAMESPACE are defined. This is useful shorthand to get and set tunables within a module. */ diff --git a/manual/tunables.texi b/manual/tunables.texi index 72769428e8..b8befde341 100644 --- a/manual/tunables.texi +++ b/manual/tunables.texi @@ -605,12 +605,12 @@ This tunable controls Guarded Control Stack (GCS) for the process. Accepted values are: @itemize @bullet -@item @code{0} = disabled: do not enable GCS. -@item @code{1} = enforced: check markings and abort if any binary is not +@item @code{0} or @code{disabled}: do not enable GCS. +@item @code{1} or @code{enforced}: check markings and abort if any binary is not marked, otherwise enable GCS and lock all GCS features. -@item @code{2} = optional: check markings but keep GCS off if any binary +@item @code{2} or @code{optional}: check markings but keep GCS off if any binary is unmarked, otherwise enable GCS but do not lock any GCS features. -@item @code{3} = override: enable GCS and lock all GCS features, markings +@item @code{3} or @code{override}: enable GCS and lock all GCS features, markings are ignored. @end itemize diff --git a/sysdeps/aarch64/dl-tunables.list b/sysdeps/aarch64/dl-tunables.list index a2ccba0b29..302cbac437 100644 --- a/sysdeps/aarch64/dl-tunables.list +++ b/sysdeps/aarch64/dl-tunables.list @@ -28,10 +28,7 @@ glibc { default: 0 } aarch64_gcs { - type: UINT_64 - minval: 0 - maxval: 3 - default: 0 + type: STRING } } } diff --git a/sysdeps/generic/dl-tunables-parse.h b/sysdeps/generic/dl-tunables-parse.h index 8ac49bff0b..f021036bbd 100644 --- a/sysdeps/generic/dl-tunables-parse.h +++ b/sysdeps/generic/dl-tunables-parse.h @@ -131,4 +131,17 @@ tunable_str_comma_strcmp (const struct tunable_str_comma_t *t, const char *str, #define tunable_str_comma_strcmp_cte(__t, __str) \ tunable_str_comma_strcmp (__t, __str, sizeof (__str) - 1) +static inline bool +tunable_parse_num (const char *strval, size_t len, tunable_num_t *val) +{ + char *endptr = NULL; + uint64_t numval = _dl_strtoul (strval, &endptr); + if (endptr != strval + len) + return false; + *val = (tunable_num_t) numval; + return true; +} +#define tunable_parse_num_tun(__tunable, __ret) \ + tunable_parse_num (__tunable->strval.str, __tunable->strval.len, __ret) + #endif diff --git a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c index 1e4f8a86b1..fe634cbded 100644 --- a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c +++ b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c @@ -65,6 +65,31 @@ get_midr_from_mcpu (const struct tunable_str_t *mcpu) return UINT64_MAX; } +static void +TUNABLE_CALLBACK (aarch64_gcs) (tunable_val_t *valp) +{ + tunable_num_t val; + if (tunable_parse_num_tun (valp, &val)) + { + if (tunable_val_lt (val, AARCH64_GCS_POLICY_DISABLED, true)) + val = AARCH64_GCS_POLICY_DISABLED; + if (tunable_val_gt (val, AARCH64_GCS_POLICY_OVERRIDE, true)) + val = AARCH64_GCS_POLICY_OVERRIDE; + GL(dl_aarch64_gcs) = val; + } + else if (tunable_strcmp_cte (valp, "disabled")) + GL(dl_aarch64_gcs) = AARCH64_GCS_POLICY_DISABLED; + else if (tunable_strcmp_cte (valp, "enforced")) + GL(dl_aarch64_gcs) = AARCH64_GCS_POLICY_ENFORCED; + else if (tunable_strcmp_cte (valp, "optional")) + GL(dl_aarch64_gcs) = AARCH64_GCS_POLICY_OPTIONAL; + else if (tunable_strcmp_cte (valp, "override")) + GL(dl_aarch64_gcs) = AARCH64_GCS_POLICY_OVERRIDE; + else + __tunable_print_error (valp->strval.str, valp->strval.len, + "glibc.cpu.aarch64_gcs"); +} + static inline void init_cpu_features (struct cpu_features *cpu_features) { @@ -136,5 +161,6 @@ init_cpu_features (struct cpu_features *cpu_features) if (GLRO (dl_hwcap) & HWCAP_GCS) /* GCS status may be updated later by binary compatibility checks. */ - GL (dl_aarch64_gcs) = TUNABLE_GET (glibc, cpu, aarch64_gcs, uint64_t, 0); + TUNABLE_GET (glibc, cpu, aarch64_gcs, tunable_val_t *, + TUNABLE_CALLBACK (aarch64_gcs)); }