| Age | Commit message (Collapse) | Author |
|---|
|
TODO: this affects API (syscall return type is long)
so breaks portability and requires doc updates.
|
|
from arm optimized-routines morello branch.
|
|
memset from arm optimized-routines morello branch.
|
|
|
|
|
|
|
|
Modified rawmemchr to support Arm Morello Capabilities.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
avoids out of bound access of the generic implementation.
|
|
avoids out of bounds access of the generic implementation.
|
|
Add macro definitions for purecap ABI in sysdep.h.
|
|
morello purecap gcc in some cases inlines 16byte memcpy as a capability
load, which is wrong if the source or dest may be unaligned.
stack guard only needs random for the address portion since only that
part is compared, so 8 byte is enough with 64 bit addresses, but the
current code is only right on little endian systems.
TODO: drop when gcc is fixed
|
|
There is no ideal ABI macro, so we assume __CHERI_PURE_CAPABILITY__
implies 64 bit long, 64 bit address and 128 bit pointer.
|
|
The CHERI pure capability programming model for C requires special
definition of {u}intptr_t.
Only the pure capability model is supported for hosted compilation,
but for freestanding compilation there is limited support for other
(hybrid capability) programming models too, which require new
{u}intcap_t type definitions.
|
|
The c++ mangling ABI for intptr_t and pthread_t are different on
morello.
|
|
There is no longer PLT reference to matherr in libm.
|
|
The base symbol version is 2.36.
|
|
|
|
Detect default-abi and add aarch64-purecap make variable.
Purecap abi sets HIDDEN_VAR_NEEDS_DYNAMIC_RELOC and unsets
SUPPORT_STATIC_PIE.
|
|
Provide separate directories for lp64 and purecap abi related sysdep
functionality.
purecap may be better name than morello, but we started with morello
and that is more future compatible with alternative cheri-like
extensions on top of aarch64.
|
|
aarch64-linux-gnu compiler is a lp64,purecap multilib gcc and
supported glibc variants:
aarch64-linux-gnu
aarch64-linux-gnu-purecap
aarch64-linux-gnu-purecap-nopie
aarch64-linux-gnu_purecap compiler is a default purecap gcc, with
supported glibc variants:
aarch64-linux-gnu_purecap
aarch64-linux-gnu_purecap-nopie
purecap libgomp and libitm builds fail so disabled for now.
|
|
This simplifies adding the Morello purecap abi target.
|
|
PTR_REG is for ILP32, there is no point using it under __LP64__.
|
|
The size of the reserved space has to be adjusted because it underflows
with 16 byte pointers. With the new value there should be enough space
for 2 more pointers in the struct on CHERI targets.
|
|
nl_langinfo_l ignores its locale argument with NL_CURRENT_INDIRECT
which is wrong when that argument does not match the current thread's
locale.
upstream glibc is not tested with static linking so this is not found.
|
|
switch statement does not work for intptr_t, use a large int type
that's guaranteed to work.
|
|
Use the standard wrapper that kills the test after a timeout.
|
|
ulimit is a variadic function and the second argument must have type
long (or unsigned long).
|
|
The test dlmopens 10 namespaces recursively, which requires a glibc
tunable setting, otherwise it may run out of static TLS.
|
|
sscanf is only defined on nul terminated string input, but '\0' was
missing in this test which caused _IO_str_init_static_internal to
read OOB on the stack when computing the bounds of the string.
|
|
The test used scratch_buffer_dupfree incorrectly:
- The passed in size must be <= buf.length.
- Must be called at most once on a buf object since it frees it.
- After it is called buf.data and buf.length must not be accessed.
All of these were violated, the test happened to work because the
buffer was on the stack, which meant the test copied out-of-bounds
bytes from the stack into a new buffer and then compared those bytes.
Run one test and avoid the issues above.
|
|
The int mods[nmods] array on the stack was overread by one.
|
|
The iconv buffer sizes must not include the \0 string terminator.
When \0 cannot be part of a valid character encoding glibc iconv
would copy it to the output as expected, but then later the explicit
output termination with *outbufpos = '\0' is out of bounds.
|
|
The code assumed unsigned long can represent pointers.
|
|
If dir contains several / then "ln -s . $dir" does not link it to the
current directory. Use the existing rellns.sh script to compute the
correct relative path to .
|
|
The alloca size did not consider the optional width parameter for
padding which could cause buffer underflow. The width is currently used
e.g. by _dl_map_object_from_fd which passes 2 * sizeof(void *) which
can be larger than the alloca buffer size on targets where
sizeof(void *) >= 2 * sizeof(unsigned long).
Even if large width is not used on existing targets it is better to fix
the formatting code to avoid surprises.
|
|
If sizeof(ptrdiff_t) < sizeof(void*) the alignment logic was wrong:
incorrectly assumed that base was already sufficiently aligned.
Use more robust alignment logic: this one should work on any target.
Note: this is an installed header so it must be namespace clean and
portable hence it uses unsigned long for the alignment offset.
|
|
The values represnt pointers and not sizes. The members of struct
alloc_buffer are already uintptr_t.
|
|
Avoid integer casts that assume unsigned long can represent pointers.
|
|
The code assumed unsigned long can represent pointers.
|
|
The src pointer is const and points to a different object, so accessing
dest via src is invalid.
|
|
The src pointer is const and points to a different object, so accessing
dest via src is invalid.
|
|
The extension header is two 32bit words and in the last header both
should be 0. There is plenty space in the __reserved area, but it's
better not to write more than we mean to.
|
