aarch64: Add GCS test with signal handler

Test that when we return from a function that enabled GCS at runtime we get SIGSEGV. Also test that ucontext contains GCS block with the GCS pointer. Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
author: Yury Khrustalev <yury.khrustalev@arm.com> 2025-01-23 10:36:36 +0000
committer: Yury Khrustalev <yury.khrustalev@arm.com> 2025-02-21 16:23:44 +0000
commit: 41f6684557255c8bdb7b5ec5bfe63c4e6c6cd5cf (patch)
tree: 63b47304a604ac4a0923170b5f03043f2bc57c0a /sysdeps/unix/sysv/linux
parent: 15afd01e80dc158c5095b16d458851b6d81b4e13 (diff)
download: glibc-41f6684557255c8bdb7b5ec5bfe63c4e6c6cd5cf.zip
glibc-41f6684557255c8bdb7b5ec5bfe63c4e6c6cd5cf.tar.gz
glibc-41f6684557255c8bdb7b5ec5bfe63c4e6c6cd5cf.tar.bz2
2 files changed, 106 insertions, 0 deletions
diff --git a/sysdeps/unix/sysv/linux/aarch64/Makefile b/sysdeps/unix/sysv/linux/aarch64/Makefile
index ce24f38..0839f0b 100644
--- a/sysdeps/unix/sysv/linux/aarch64/Makefile
+++ b/sysdeps/unix/sysv/linux/aarch64/Makefile
@@ -15,6 +15,7 @@ gcs-tests-dynamic = \
   tst-gcs-dlopen-override \
   tst-gcs-enforced \
   tst-gcs-enforced-abort \
+  tst-gcs-noreturn \
   tst-gcs-optional-off \
   tst-gcs-optional-on \
   tst-gcs-override \
@@ -123,6 +124,10 @@ $(objpfx)tst-gcs-dlopen-optional-on.out: $(objpfx)tst-gcs-mod2.so
 $(objpfx)tst-gcs-dlopen-optional-off.out: $(objpfx)tst-gcs-mod2.so
 $(objpfx)tst-gcs-dlopen-override.out: $(objpfx)tst-gcs-mod2.so
 
+LDFLAGS-tst-gcs-noreturn = -Wl,-z gcs=always
+
+tst-gcs-noreturn-ENV = GLIBC_TUNABLES=glibc.cpu.aarch64_gcs=0
+
 endif # ifeq ($(have-test-cc-gcs),yes)
 
 endif # ifeq ($(subdir),misc)
diff --git a/sysdeps/unix/sysv/linux/aarch64/tst-gcs-noreturn.c b/sysdeps/unix/sysv/linux/aarch64/tst-gcs-noreturn.c
new file mode 100644
index 0000000..f550579
--- /dev/null
+++ b/sysdeps/unix/sysv/linux/aarch64/tst-gcs-noreturn.c
@@ -0,0 +1,101 @@
+/* AArch64 test for GCS abort when returning to non-GCS address.
+   Copyright (C) 2025 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include "tst-gcs-helper.h"
+
+#include <sys/prctl.h>
+#include <stdlib.h>
+
+#include <support/xsignal.h>
+
+# ifndef PR_SET_SHADOW_STACK_STATUS
+#  define PR_SET_SHADOW_STACK_STATUS	75
+#  define PR_SHADOW_STACK_ENABLE	(1UL << 0)
+# endif
+
+static void
+run_with_gcs (void)
+{
+  int r = prctl (PR_SET_SHADOW_STACK_STATUS, PR_SHADOW_STACK_ENABLE, 0, 0, 0);
+  /* Syscall should succeed.  */
+  TEST_VERIFY (r == 0);
+  bool gcs_enabled = __check_gcs_status ();
+  /* Now GCS should be enabled.  */
+  TEST_VERIFY (gcs_enabled);
+  printf ("GCS is %s\n", gcs_enabled ? "enabled" : "disabled");
+}
+
+static struct _aarch64_ctx *
+extension (void *p)
+{
+  return p;
+}
+
+#ifndef GCS_MAGIC
+#define GCS_MAGIC 0x47435300
+#endif
+
+static void
+handler (int sig, siginfo_t *si, void *ctx)
+{
+  TEST_VERIFY (sig == SIGSEGV);
+  ucontext_t *uc = ctx;
+  void *p = uc->uc_mcontext.__reserved;
+  if (extension (p)->magic == FPSIMD_MAGIC)
+    p = (char *)p + extension (p)->size;
+  if (extension (p)->magic == GCS_MAGIC)
+    {
+      struct { uint64_t x, gcspr, y, z; } *q = p;
+      printf ("GCS pointer: %016lx\n", q->gcspr);
+      exit (0);
+    }
+  else
+    exit (3);
+}
+
+static int
+do_test (void)
+{
+  /* Check if GCS could possible by enabled.  */
+  if (!(getauxval (AT_HWCAP) & HWCAP_GCS))
+    {
+      puts ("kernel or CPU does not support GCS");
+      return EXIT_UNSUPPORTED;
+    }
+  bool gcs_enabled = __check_gcs_status ();
+  /* This test should be rung with GCS initially disabled.  */
+  TEST_VERIFY (!gcs_enabled);
+
+  /* We can't use EXPECTED_SIGNAL because of cases when
+     this test runs on a system that does not support GCS
+     which is being detected at runtime.  */
+  struct sigaction sigact;
+  sigemptyset (&sigact.sa_mask);
+  sigact.sa_flags = 0;
+  sigact.sa_flags = sigact.sa_flags | SA_SIGINFO;
+  sigact.sa_sigaction = handler;
+  xsigaction (SIGSEGV, &sigact, NULL);
+
+  run_with_gcs ();
+  /* If we reached this point, then something went wrong.
+     Returning from a function that enabled GCS should result in
+     SIGSEGV that we catch with the handler set up above.  */
+  return 2;
+}
+
+#include <support/test-driver.c>
author	Yury Khrustalev <yury.khrustalev@arm.com>	2025-01-23 10:36:36 +0000
committer	Yury Khrustalev <yury.khrustalev@arm.com>	2025-02-21 16:23:44 +0000
commit	41f6684557255c8bdb7b5ec5bfe63c4e6c6cd5cf (patch)
tree	63b47304a604ac4a0923170b5f03043f2bc57c0a /sysdeps/unix/sysv/linux
parent	15afd01e80dc158c5095b16d458851b6d81b4e13 (diff)
download	glibc-41f6684557255c8bdb7b5ec5bfe63c4e6c6cd5cf.zip glibc-41f6684557255c8bdb7b5ec5bfe63c4e6c6cd5cf.tar.gz glibc-41f6684557255c8bdb7b5ec5bfe63c4e6c6cd5cf.tar.bz2