diff options
| author | Szabolcs Nagy <szabolcs.nagy@arm.com> | 2023-07-17 08:31:05 +0100 |
|---|---|---|
| committer | Yury Khrustalev <yury.khrustalev@arm.com> | 2025-01-20 09:31:33 +0000 |
| commit | 9ad3d9267d1e0ddda264e54cd4176fa927e2e0ca (patch) | |
| tree | 0b416a4cd414fce3f2983f95ed6ba0159286c61a /sysdeps/unix/sysv | |
| parent | 3ac237fb716b86ba7967edb84eb85d15364aaebc (diff) | |
| download | glibc-9ad3d9267d1e0ddda264e54cd4176fa927e2e0ca.zip glibc-9ad3d9267d1e0ddda264e54cd4176fa927e2e0ca.tar.gz glibc-9ad3d9267d1e0ddda264e54cd4176fa927e2e0ca.tar.bz2 | |
aarch64: Add glibc.cpu.aarch64_gcs tunable
This tunable controls Guarded Control Stack (GCS) for the process.
0 = disabled: do not enable GCS
1 = enforced: check markings and fail if any binary is not marked
2 = optional: check markings but keep GCS off if a binary is unmarked
3 = override: enable GCS, markings are ignored
By default it is 0, so GCS is disabled, value 1 will enable GCS.
The status is stored into GL(dl_aarch64_gcs) early and only applied
later, since enabling GCS is tricky: it must happen on a top level
stack frame. Using GL instead of GLRO because it may need updates
depending on loaded libraries that happen after readonly protection
is applied, however library marking based GCS setting is not yet
implemented.
Describe new tunable in the manual.
Co-authored-by: Yury Khrustalev <yury.khrustalev@arm.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Diffstat (limited to 'sysdeps/unix/sysv')
| -rw-r--r-- | sysdeps/unix/sysv/linux/aarch64/cpu-features.c | 8 | ||||
| -rw-r--r-- | sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c | 37 |
2 files changed, 45 insertions, 0 deletions
diff --git a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c index 7ac2283..1ecf6cd 100644 --- a/sysdeps/unix/sysv/linux/aarch64/cpu-features.c +++ b/sysdeps/unix/sysv/linux/aarch64/cpu-features.c @@ -176,4 +176,12 @@ init_cpu_features (struct cpu_features *cpu_features) /* Check if MOPS is supported. */ cpu_features->mops = GLRO (dl_hwcap2) & HWCAP2_MOPS; + +#ifndef HWCAP_GCS +#define HWCAP_GCS (1UL << 32) +#endif + + if (GLRO (dl_hwcap) & HWCAP_GCS) + /* GCS status may be updated later by binary compatibility checks. */ + GL (dl_aarch64_gcs) = TUNABLE_GET (glibc, cpu, aarch64_gcs, uint64_t, 0); } diff --git a/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c b/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c new file mode 100644 index 0000000..044544a --- /dev/null +++ b/sysdeps/unix/sysv/linux/aarch64/dl-procruntime.c @@ -0,0 +1,37 @@ +/* Data for processor runtime information. AArch64 version. + Copyright (C) 2024-2025 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + <https://www.gnu.org/licenses/>. */ + +#ifndef PROCINFO_CLASS +# define PROCINFO_CLASS +#endif + +#if !IS_IN (ldconfig) +# if !defined PROCINFO_DECL && defined SHARED + ._dl_aarch64_gcs +# else +PROCINFO_CLASS unsigned long _dl_aarch64_gcs +# endif +# ifndef PROCINFO_DECL += 0 +# endif +# if !defined SHARED || defined PROCINFO_DECL +; +# else +, +# endif +#endif |