diff options
| author | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2023-12-21 23:05:10 +0000 |
|---|---|---|
| committer | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2024-02-13 10:29:18 +0000 |
| commit | deded666b363b18c93ee6baed7dcf32551158eca (patch) | |
| tree | 12fa0670b0ecba07418fe3394b6091eb7f702c90 | |
| parent | 92cd77cd36137d81ac9500f595f0c4d0c3c6539d (diff) | |
| download | glibc-deded666b363b18c93ee6baed7dcf32551158eca.tar glibc-deded666b363b18c93ee6baed7dcf32551158eca.tar.gz glibc-deded666b363b18c93ee6baed7dcf32551158eca.tar.bz2 glibc-deded666b363b18c93ee6baed7dcf32551158eca.zip | |
aarch64: handling gcs marking
| -rw-r--r-- | sysdeps/aarch64/Makefile | 4 | ||||
| -rw-r--r-- | sysdeps/aarch64/dl-gcs.c | 59 | ||||
| -rw-r--r-- | sysdeps/aarch64/dl-prop.h | 15 | ||||
| -rw-r--r-- | sysdeps/aarch64/linkmap.h | 1 |
4 files changed, 73 insertions, 6 deletions
diff --git a/sysdeps/aarch64/Makefile b/sysdeps/aarch64/Makefile index ca8b96f550..74479604f2 100644 --- a/sysdeps/aarch64/Makefile +++ b/sysdeps/aarch64/Makefile @@ -9,7 +9,9 @@ LDFLAGS-rtld += -Wl,-z,force-bti,--fatal-warnings endif ifeq ($(subdir),elf) -sysdep-dl-routines += dl-bti +sysdep-dl-routines += \ + dl-bti \ + dl-gcs tests += tst-audit26 \ tst-audit27 diff --git a/sysdeps/aarch64/dl-gcs.c b/sysdeps/aarch64/dl-gcs.c new file mode 100644 index 0000000000..a92deb54b5 --- /dev/null +++ b/sysdeps/aarch64/dl-gcs.c @@ -0,0 +1,59 @@ +/* AArch64 GCS functions. + Copyright (C) 2024 Free Software Foundation, Inc. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#include <unistd.h> +#include <errno.h> +#include <libintl.h> +#include <ldsodefs.h> + +static void +fail (struct link_map *l, const char *program) +{ + if (program) + _dl_fatal_printf ("%s: %s: not GCS compatible\n", program, l->l_name); + else + _dl_signal_error (0, l->l_name, "dlopen", N_("not GCS compatible")); +} + +static void +check_gcs (struct link_map *l, const char *program) +{ + if (!l->l_mach.gcs) + { + if (GLRO(dl_aarch64_gcs_policy) == 2 || !program) + fail (l, program); + if (GLRO(dl_aarch64_gcs_policy) == 1 && program) + GL(dl_aarch64_gcs) = 0; + } +} + +/* Apply GCS policy for L and its dependencies. */ + +void +_dl_gcs_check (struct link_map *l, const char *program) +{ + /* GCS is disabled. */ + if (GL(dl_aarch64_gcs) == 0) + return; + /* GCS marking is ignored. */ + if (GLRO(dl_aarch64_gcs_policy) == 0) + return; + + check_gcs (l, program); + for (unsigned int i = 0; i < l->l_searchlist.r_nlist; i++) + check_gcs (l->l_initfini[i], program); +} diff --git a/sysdeps/aarch64/dl-prop.h b/sysdeps/aarch64/dl-prop.h index df05c0211d..72ac11aec0 100644 --- a/sysdeps/aarch64/dl-prop.h +++ b/sysdeps/aarch64/dl-prop.h @@ -24,16 +24,21 @@ extern void _dl_bti_protect (struct link_map *, int) attribute_hidden; extern void _dl_bti_check (struct link_map *, const char *) attribute_hidden; +extern void _dl_gcs_check (struct link_map *, const char *) + attribute_hidden; + static inline void __attribute__ ((always_inline)) _rtld_main_check (struct link_map *m, const char *program) { _dl_bti_check (m, program); + _dl_gcs_check (m, program); } static inline void __attribute__ ((always_inline)) _dl_open_check (struct link_map *m) { _dl_bti_check (m, NULL); + _dl_gcs_check (m, NULL); } static inline void __attribute__ ((always_inline)) @@ -45,10 +50,6 @@ static inline int _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, uint32_t datasz, void *data) { - if (!GLRO(dl_aarch64_cpu_features).bti) - /* Skip note processing. */ - return 0; - if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND) { /* Stop if the property note is ill-formed. */ @@ -57,7 +58,11 @@ _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type, unsigned int feature_1 = *(unsigned int *) data; if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_BTI) - _dl_bti_protect (l, fd); + if (GLRO(dl_aarch64_cpu_features).bti) + _dl_bti_protect (l, fd); + + if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_GCS) + l->l_mach.gcs = 1; /* Stop if we processed the property note. */ return 0; diff --git a/sysdeps/aarch64/linkmap.h b/sysdeps/aarch64/linkmap.h index 56a63fc3dd..423fc0bd8e 100644 --- a/sysdeps/aarch64/linkmap.h +++ b/sysdeps/aarch64/linkmap.h @@ -23,4 +23,5 @@ struct link_map_machine ElfW(Addr) plt; /* Address of .plt */ void *tlsdesc_table; /* Address of TLS descriptor hash table. */ bool bti_fail; /* Failed to enable Branch Target Identification. */ + bool gcs; /* Guarded Control Stack marking. */ }; |