lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-10-30 10:45:40 +03:00
Code Activity
Files
ab5748118f86a82c4a29a7476f6cc0b9c40be926
glibc/sysdeps/unix/sysv/linux/arm/bits/rseq.h
Paul Eggert dff8da6b3e Update copyright dates with scripts/update-copyrights
2024-01-01 10:53:40 -08:00

84 lines
3.2 KiB
C
Raw Blame History

/* Restartable Sequences Linux arm architecture header.
Copyright (C) 2021-2024 Free Software Foundation, Inc.
The GNU C Library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with the GNU C Library; if not, see
<https://www.gnu.org/licenses/>. */
#ifndef _SYS_RSEQ_H
# error "Never use <bits/rseq.h> directly; include <sys/rseq.h> instead."
#endif
/*
RSEQ_SIG is a signature required before each abort handler code.
It is a 32-bit value that maps to actual architecture code compiled
into applications and libraries. It needs to be defined for each
architecture. When choosing this value, it needs to be taken into
account that generating invalid instructions may have ill effects on
tools like objdump, and may also have impact on the CPU speculative
execution efficiency in some cases.
- ARM little endian
RSEQ_SIG uses the udf A32 instruction with an uncommon immediate operand
value 0x5de3. This traps if user-space reaches this instruction by mistake,
and the uncommon operand ensures the kernel does not move the instruction
pointer to attacker-controlled code on rseq abort.
The instruction pattern in the A32 instruction set is:
e7f5def3 udf #24035 ; 0x5de3
This translates to the following instruction pattern in the T16 instruction
set:
little endian:
def3 udf #243 ; 0xf3
e7f5 b.n <7f5>
- ARMv6+ big endian (BE8):
ARMv6+ -mbig-endian generates mixed endianness code vs data: little-endian
code and big-endian data. The data value of the signature needs to have its
byte order reversed to generate the trap instruction:
Data: 0xf3def5e7
Translates to this A32 instruction pattern:
e7f5def3 udf #24035 ; 0x5de3
Translates to this T16 instruction pattern:
def3 udf #243 ; 0xf3
e7f5 b.n <7f5>
- Prior to ARMv6 big endian (BE32):
Prior to ARMv6, -mbig-endian generates big-endian code and data
(which match), so the endianness of the data representation of the
signature should not be reversed. However, the choice between BE32
and BE8 is done by the linker, so we cannot know whether code and
data endianness will be mixed before the linker is invoked. So rather
than try to play tricks with the linker, the rseq signature is simply
data (not a trap instruction) prior to ARMv6 on big endian. This is
why the signature is expressed as data (.word) rather than as
instruction (.inst) in assembler. */
#ifdef __ARMEB__
# define RSEQ_SIG 0xf3def5e7 /* udf #24035 ; 0x5de3 (ARMv6+) */
#else
# define RSEQ_SIG 0xe7f5def3 /* udf #24035 ; 0x5de3 */
#endif
View Git Blame Copy Permalink