| Age | Commit message (Collapse) | Author |
|---|
|
TODO: Remove this once morello has vdso gettimeofday.
|
|
TODO: drop this once linux brk always fails.
|
|
Current clone_args does not support 128 bit pointers.
TODO: the fix is incomplete (missing clone3 abi checks) and has to be
aligned with purecap clone3 struct layout.
|
|
Specifies the prot flags a mapping may gain via mprotect or MAP_FIXED.
On CHERI targets this is used to get capability with more permissions
than the original mmap protection would imply.
|
|
In fcntl va_arg is currently used even if the caller did not pass
any variadic arguments. This is undefined behaviour and does not
work with the Morello purecap ABI, so use a helper macro.
When the argument is missing, the result of the helper macro is
arbitrary as it will be ignored by the kernel, we just have to
ensure it does not cause a runtime crash.
|
|
prctl is a variadic function and on morello args that were not passed
cannot be accessed so the generic code does not work.
|
|
No need to set the child stack to sp, 0 means the parent stack is used.
This avoids purecap specific ifdefs in vfork.
|
|
Support the Morello Linux purecap syscall ABI. The macro definitions
are moved to a morello specific sysdep.h to avoid cluttering the
aarch64 one.
|
|
New syscall ABI requires different VDSO support code.
|
|
TODO: this affects API (syscall return type is long)
so breaks portability and requires doc updates.
|
|
from arm optimized-routines morello branch.
|
|
memset from arm optimized-routines morello branch.
|
|
|
|
|
|
|
|
Modified rawmemchr to support Arm Morello Capabilities.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
avoids out of bound access of the generic implementation.
|
|
avoids out of bounds access of the generic implementation.
|
|
Add macro definitions for purecap ABI in sysdep.h.
|
|
morello purecap gcc in some cases inlines 16byte memcpy as a capability
load, which is wrong if the source or dest may be unaligned.
stack guard only needs random for the address portion since only that
part is compared, so 8 byte is enough with 64 bit addresses, but the
current code is only right on little endian systems.
TODO: drop when gcc is fixed
|
|
There is no ideal ABI macro, so we assume __CHERI_PURE_CAPABILITY__
implies 64 bit long, 64 bit address and 128 bit pointer.
|
|
The CHERI pure capability programming model for C requires special
definition of {u}intptr_t.
Only the pure capability model is supported for hosted compilation,
but for freestanding compilation there is limited support for other
(hybrid capability) programming models too, which require new
{u}intcap_t type definitions.
|
|
The c++ mangling ABI for intptr_t and pthread_t are different on
morello.
|
|
There is no longer PLT reference to matherr in libm.
|
|
The base symbol version is 2.36.
|
|
|
|
Detect default-abi and add aarch64-purecap make variable.
Purecap abi sets HIDDEN_VAR_NEEDS_DYNAMIC_RELOC and unsets
SUPPORT_STATIC_PIE.
|
|
Provide separate directories for lp64 and purecap abi related sysdep
functionality.
purecap may be better name than morello, but we started with morello
and that is more future compatible with alternative cheri-like
extensions on top of aarch64.
|
|
aarch64-linux-gnu compiler is a lp64,purecap multilib gcc and
supported glibc variants:
aarch64-linux-gnu
aarch64-linux-gnu-purecap
aarch64-linux-gnu-purecap-nopie
aarch64-linux-gnu_purecap compiler is a default purecap gcc, with
supported glibc variants:
aarch64-linux-gnu_purecap
aarch64-linux-gnu_purecap-nopie
purecap libgomp and libitm builds fail so disabled for now.
|
|
This simplifies adding the Morello purecap abi target.
|
|
PTR_REG is for ILP32, there is no point using it under __LP64__.
|
|
The size of the reserved space has to be adjusted because it underflows
with 16 byte pointers. With the new value there should be enough space
for 2 more pointers in the struct on CHERI targets.
|
|
nl_langinfo_l ignores its locale argument with NL_CURRENT_INDIRECT
which is wrong when that argument does not match the current thread's
locale.
upstream glibc is not tested with static linking so this is not found.
|
|
switch statement does not work for intptr_t, use a large int type
that's guaranteed to work.
|
|
Use the standard wrapper that kills the test after a timeout.
|
|
ulimit is a variadic function and the second argument must have type
long (or unsigned long).
|
|
The test dlmopens 10 namespaces recursively, which requires a glibc
tunable setting, otherwise it may run out of static TLS.
|
|
sscanf is only defined on nul terminated string input, but '\0' was
missing in this test which caused _IO_str_init_static_internal to
read OOB on the stack when computing the bounds of the string.
|
|
The test used scratch_buffer_dupfree incorrectly:
- The passed in size must be <= buf.length.
- Must be called at most once on a buf object since it frees it.
- After it is called buf.data and buf.length must not be accessed.
All of these were violated, the test happened to work because the
buffer was on the stack, which meant the test copied out-of-bounds
bytes from the stack into a new buffer and then compared those bytes.
Run one test and avoid the issues above.
|
|
The int mods[nmods] array on the stack was overread by one.
|
|
The iconv buffer sizes must not include the \0 string terminator.
When \0 cannot be part of a valid character encoding glibc iconv
would copy it to the output as expected, but then later the explicit
output termination with *outbufpos = '\0' is out of bounds.
|
|
The code assumed unsigned long can represent pointers.
|
