This patch adds support for memory protection keys on AArch64 systems with
enabled Stage 1 permission overlays feature introduced in Armv8.9 / 9.4
(FEAT_S1POE) [1].
1. Internal functions "pkey_read" and "pkey_write" to access data
associated with memory protection keys.
2. Implementation of API functions "pkey_get" and "pkey_set" for
the AArch64 target.
3. AArch64-specific PKEY flags for READ and EXECUTE (see below).
4. New target-specific test that checks behaviour of pkeys on
AArch64 targets.
5. This patch also extends existing generic test for pkeys.
6. HWCAP constant for Permission Overlay Extension feature.
To support more accurate mapping of underlying permissions to the
PKEY flags, we introduce additional AArch64-specific flags. The full
list of flags is:
- PKEY_UNRESTRICTED: 0x0 (for completeness)
- PKEY_DISABLE_ACCESS: 0x1 (existing flag)
- PKEY_DISABLE_WRITE: 0x2 (existing flag)
- PKEY_DISABLE_EXECUTE: 0x4 (new flag, AArch64 specific)
- PKEY_DISABLE_READ: 0x8 (new flag, AArch64 specific)
The problem here is that PKEY_DISABLE_ACCESS has unusual semantics as
it overlaps with existing PKEY_DISABLE_WRITE and new PKEY_DISABLE_READ.
For this reason mapping between permission bits RWX and "restrictions"
bits awxr (a for disable access, etc) becomes complicated:
- PKEY_DISABLE_ACCESS disables both R and W
- PKEY_DISABLE_{WRITE,READ} disables W and R respectively
- PKEY_DISABLE_EXECUTE disables X
Combinations like the one below are accepted although they are redundant:
- PKEY_DISABLE_ACCESS | PKEY_DISABLE_READ | PKEY_DISABLE_WRITE
Reverse mapping tries to retain backward compatibility and ORs
PKEY_DISABLE_ACCESS whenever both flags PKEY_DISABLE_READ and
PKEY_DISABLE_WRITE would be present.
This will break code that compares pkey_get output with == instead
of using bitwise operations. The latter is more correct since PKEY_*
constants are essentially bit flags.
It should be noted that PKEY_DISABLE_ACCESS does not prevent execution.
[1] https://developer.arm.com/documentation/ddi0487/ka/ section D8.4.1.4
Co-authored-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Linux 6.3 adds six HWCAP2_SME* constants for AArch64; add them to the
corresponding bits/hwcap.h in glibc.
Tested with build-many-glibcs.py for aarch64-linux-gnu.
Linux 5.19 adds more HWCAP2_* values for AArch64; add these to its
bits/hwcap.h header in glibc.
Tested with build-many-glibcs.py for aarch64-linux-gnu.
Linux 5.18 defines a new AArch64 HWCAP value HWCAP2_MTE3; add it to
glibc's sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h.
Tested with build-many-glibcs.py for aarch64-linux-gnu.
Indicates the availability of enhanced counter virtualization extension
of armv8.6-a with self-synchronized virtual counter CNTVCTSS_EL0 usable
in userspace.
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.
I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah. I don't
know why I run into these diagnostics whereas others evidently do not.
remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
I used these shell commands:
../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")
and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
Add various defines and stubs for enabling MTE on AArch64 sysv-like
systems such as Linux. The HWCAP feature bit is copied over in the
same way as other feature bits. Similarly we add a new wrapper header
for mman.h to define the PROT_MTE flag that can be used with mmap and
related functions.
We add a new field to struct cpu_features that can be used, for
example, to check whether or not certain ifunc'd routines should be
bound to MTE-safe versions.
Finally, if we detect that MTE should be enabled (ie via the glibc
tunable); we enable MTE during startup as required.
Support in the Linux kernel was added in version 5.10.
Reviewed-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
Binaries can opt-in to using BTI via an ELF object file marking.
The dynamic linker has to then mprotect the executable segments
with PROT_BTI. In case of static linked executables or in case
of the dynamic linker itself, PROT_BTI protection is done by the
operating system.
On AArch64 glibc uses PT_GNU_PROPERTY instead of PT_NOTE to check
the properties of a binary because PT_NOTE can be unreliable with
old linkers (old linkers just append the notes of input objects
together and add them to the output without checking them for
consistency which means multiple incompatible GNU property notes
can be present in PT_NOTE).
BTI property is handled in the loader even if glibc is not built
with BTI support, so in theory user code can be BTI protected
independently of glibc. In practice though user binaries are not
marked with the BTI property if glibc has no support because the
static linked libc objects (crt files, libc_nonshared.a) are
unmarked.
This patch relies on Linux userspace API that is not yet in a
linux release but in v5.8-rc1 so scheduled to be in Linux 5.8.
Co-authored-by: Szabolcs Nagy <szabolcs.nagy@arm.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This patch adds new AArch64 HWCAPs from Linux 5.0 to the AArch64
bits/hwcap.h and dl-procinfo.c.
Tested (compilation only) with build-many-glibcs.py for
aarch64-linux-gnu.
* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_SB): New
macro.
(HWCAP_PACA): Likewise.
(HWCAP_PACG): Likewise.
* sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c (_DL_HWCAP_COUNT):
Increase to 32.
(_dl_aarch64_cap_flags): Add new entries for new HWCAPs.
bits/hwcap.h should be updated together with dl-procinfo.c.
* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h: Add comment.
* sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c (_DL_HWCAP_COUNT):
Update.
This patch adds the HWCAP_SSBS constant from Linux 4.20 to the AArch64
bits/hwcap.h.
Tested with build-many-glibcs.py for aarch64-linux-gnu.
* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_SSBS): New
macro.
Linux 4.17 adds four new AArch64 hwcap values. This patch adds them
to glibc's AArch64 bits/hwcap.h, with corresponding dl-procinfo.c
updates.
Tested with build-many-glibcs.py for aarch64.
* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_DIT): New
macro.
(HWCAP_USCAT): Likewise.
(HWCAP_ILRCPC): Likewise.
(HWCAP_FLAGM): Likewise.
* sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c (_DL_HWCAP_COUNT):
Increase to 28.
(_dl_aarch64_cap_flags): Add new flag names.
This patch updates the aarch64 bits/hwcap.h and dl-procinfo.c for the
new HWCAP_ASIMDFHM value in Linux 4.16.
Tested with build-many-glibcs.py for aarch64-linux-gnu.
* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_ASIMDFHM):
New macro.
* sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c (_DL_HWCAP_COUNT):
Increase to 24.
(_dl_aarch64_cap_flags): Add asimdfhm.
Define new HWCAP bits and add their name to dl-procinfo.c following
the linux definitions. Synchronizing with v4.15-rc8 version of linux,
these are not expected to change before the 4.15 release.
* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_SHA3): Define.
(HWCAP_SM3, HWCAP_SM4, HWCAP_ASIMDDP, HWCAP_SHA512, HWCAP_SVE): Define.
* sysdeps/unix/sysv/linux/aarch64/dl-procinfo.c
(_dl_aarch64_cap_flags): Update.
(_DL_HWCAP_COUNT): Update.
This patch adds the HWCAP_DCPOP macro from Linux 4.14 to the AArch64
bits/hwcap.h.
Tested (compilation only) for aarch64 with build-many-glibcs.py.
* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_DCPOP): New
macro.
This patch adds the HWCAP_JSCVT, HWCAP_FCMA and HWCAP_LRCPC macros
from Linux 4.12 to the AArch64 bits/hwcap.h.
* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_FCMA): New macro.
(HWCAP_JSCVT, HWCAP_LRCPC): Likewise.
This patch adds the HWCAP_ASIMDRDM macro from Linux 4.11 to the
AArch64 bits/hwcap.h.
Tested (compilation only) with build-many-glibcs.py.
* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h (HWCAP_ASIMDRDM):
New macro.
AArch64 uses HWCAP bits but they are not defined in sys/auxv.h.
This patch adds a copy of the linux v4.6 arm64 uapi asm/hwcap.h
definitions.
* sysdeps/unix/sysv/linux/aarch64/bits/hwcap.h: New.
