| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Adjust padding to accommodate pointer size and alignment increase.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We need to distinguish timerids that are small integers returned by
the kernel and timerids that are pointers to struct timer. The existing
pointer tagging does not work for CHERI because of the pointer shift.
Simply use the top bit without shift to tag pointers. This still relies
on the top byte ignore of aarch64 (the top byte does not affect the
capability representation) and that pointers are not tagged for other
reasons (like HWASAN).
Note: this is morello specific and does not work for generic cheri.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It is simpler and more consistent to make l_entry a capability
throughout instead of leaving it as an address and converting before
use:
The AT_ENTRY auxv entry is specified to be a capability and a number
if internal l_entry usage is simpler if it is elfptr_t.
Functions returning a pointer to the user entry are also changed to
use elfptr_t.
|
| |
|
|
|
|
| |
Add purecap ld cache flag. Add the purecap ld.so name to known names.
Handle lib64c system library paths. And set the purecap abi flag on
cache entries.
|
| |
|
|
|
|
|
|
|
| |
Adjust ucontext layout for purecap ABI and add make/get/set/swapcontext
implementations accordingly.
Note: mcontext layout follows the linux sigcontext struct, in userspace
*context functions rely on the c registers stored in the extension area
and ignore the mcontext fields for x registers.
|
| | |
|
| |
|
|
| |
At least tls image access requires RX capability of the main link_map.
|
| |
|
|
| |
Store mmap result to intptr_t instead of long.
|
| |
|
|
|
|
|
|
| |
Pointer mangling cannot be supported on capability architectures.
And there is not enough bytes in dl_random for 128 bit pointers.
Stack guard is still loaded from dl_random: stack protection is
unlikely to be useful on a capability architecture, but it works.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The prototype of __libc_start_main is changed to
void
__libc_start_main (int main (int, char **, char **, void *),
int argc, char **argv, char **envp, void *auxv,
void rtld_fini (void), void *sp);
so envp is passed down separately and the unused init, fini args are
dropped.
|
| | |
|
| |
|
|
|
|
| |
The signal mask argument is passed as a struct with a pointer and size
in the linux syscall abi, but the types used in glibc were wrong for
CHERI due to an x32 specific hack.
|
| |
|
|
|
|
|
|
|
|
|
| |
This is a temporary workaround.
length is rounded up to pagesize and don't use exact bound (bounds
will be larger if exact value is not representable).
capability permissions are roughly emulated too.
TODO: kernel should do this
|
| |
|
|
| |
TODO: this is the value in the 5.18 kernel, will change later.
|
| |
|
|
| |
TODO: Remove this once morello has vdso gettimeofday.
|
| |
|
|
| |
TODO: drop this once linux brk always fails.
|
| |
|
|
|
|
|
| |
Current clone_args does not support 128 bit pointers.
TODO: the fix is incomplete (missing clone3 abi checks) and has to be
aligned with purecap clone3 struct layout.
|
| |
|
|
|
|
| |
Specifies the prot flags a mapping may gain via mprotect or MAP_FIXED.
On CHERI targets this is used to get capability with more permissions
than the original mmap protection would imply.
|
| |
|
|
|
|
|
|
|
|
| |
In fcntl va_arg is currently used even if the caller did not pass
any variadic arguments. This is undefined behaviour and does not
work with the Morello purecap ABI, so use a helper macro.
When the argument is missing, the result of the helper macro is
arbitrary as it will be ignored by the kernel, we just have to
ensure it does not cause a runtime crash.
|
| |
|
|
|
| |
prctl is a variadic function and on morello args that were not passed
cannot be accessed so the generic code does not work.
|
| |
|
|
|
| |
No need to set the child stack to sp, 0 means the parent stack is used.
This avoids purecap specific ifdefs in vfork.
|
| |
|
|
|
|
| |
Support the Morello Linux purecap syscall ABI. The macro definitions
are moved to a morello specific sysdep.h to avoid cluttering the
aarch64 one.
|
| |
|
|
| |
New syscall ABI requires different VDSO support code.
|
| |
|
|
|
| |
TODO: this affects API (syscall return type is long)
so breaks portability and requires doc updates.
|
| |
|
|
|
|
|
|
|
|
|
| |
morello purecap gcc in some cases inlines 16byte memcpy as a capability
load, which is wrong if the source or dest may be unaligned.
stack guard only needs random for the address portion since only that
part is compared, so 8 byte is enough with 64 bit addresses, but the
current code is only right on little endian systems.
TODO: drop when gcc is fixed
|
| |
|
|
|
| |
There is no ideal ABI macro, so we assume __CHERI_PURE_CAPABILITY__
implies 64 bit long, 64 bit address and 128 bit pointer.
|
| |
|
|
|
| |
The c++ mangling ABI for intptr_t and pthread_t are different on
morello.
|
| |
|
|
| |
There is no longer PLT reference to matherr in libm.
|
| |
|
|
| |
The base symbol version is 2.36.
|
| | |
|
| |
|
|
| |
This simplifies adding the Morello purecap abi target.
|
| |
|
|
|
|
| |
The extension header is two 32bit words and in the last header both
should be 0. There is plenty space in the __reserved area, but it's
better not to write more than we mean to.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Old applications pass __IPC_64 as part of the command argument because
old glibc did not check for unknown commands, and passed through the
arguments directly to the kernel, without adding __IPC_64.
Applications need to continue doing that for old glibc compatibility,
so this commit enables this approach in current glibc.
For msgctl and shmctl, if no translation is required, make
direct system calls, as we did before the time64 changes. If
translation is required, mask __IPC_64 from the command argument.
For semctl, the union-in-vararg argument handling means that
translation is needed on all architectures.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
(cherry picked from commit 22a46dee24351fd5f4f188ad80554cad79c82524)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 6e8a0aac2f883 ("time: Fix overflow itimer tests on 32-bit
systems") changed in_time_t_range to assume a 32-bit time_t. This broke
fstatat on MIPSn64 that was using it with a 64-bit time_t due to
difference between stat and stat64. This commit fix that by adding a
MIPSn64 specific version, which bypasses the EOVERFLOW tests.
Resolves: BZ #29730
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
(cherry picked from commit 7457b7eef8dfe8cc48e55b9f9837df6dd397b80d)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The generic Linux struct_stat misses the conditionals to use
bits/struct_stat_time64_helper.h in the __USE_TIME_BITS64 for
architecture that uses __TIMESIZE == 32 (currently csky and nios2).
Since newer ports should not support 32 bit time_t, the generic
implementation should be used as default.
For arm, hppa, and sh a copy of default struct_stat is added,
while for csky and nios a new one based on generic is used, along
with conditionals to use bits/struct_stat_time64_helper.h.
The default struct_stat is also replaced with the generic one.
Checked on aarch64-linux-gnu and arm-linux-gnueabihf.
(cherry picked from commit 7a6ca82f8007ddbd43e2b8fce806ba7101ee47f5)
|
| |
|
|
|
|
|
| |
QEMU does not support support set_robust_list. Thus, we need
to enable detection of set_robust_list system call.
Signed-off-by: John David Anglin <dave.anglin@bell.net>
|
| |
|
|
|
|
|
|
|
|
| |
Using an unsigned type prevents the fallback to be used if kernel
does not support getrandom syscall.
Checked on x86_64-linux-gnu.
Reviewed-by: Wilco Dijkstra <Wilco.Dijkstra@arm.com>
(cherry picked from commit 13db9ee2cb3b77e25f852be7d6952882e1be6f00)
|
| |
|
|
|
|
|
|
|
|
| |
A new internal definition, __LIBC_LOCK_ALIGNMENT, is used to force
the 4-byte alignment only for m68k, other architecture keep the
natural alignment of the type used internally (and hppa does not
require 16-byte alignment for kernel-assisted CAS).
Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit aeb4d2e9815d459e2640a31f5abb8ef803830107)
|
| |
|
|
|
|
|
|
|
|
|
| |
The #ifdef FSOPEN_CLOEXEC check did not work because the macro
was always defined in this header prior to the check, so that
the <linux/mount.h> contents did not matter.
Fixes commit 774058d72942249f71d74e7f2b639f77184160a6
("linux: Fix sys/mount.h usage with kernel headers").
(cherry picked from commit 2955ef4b7c9b56fcd7abfeddef7ee83c60abff98)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Now that kernel exports linux/mount.h and includes it on linux/fs.h,
its definitions might clash with glibc exports sys/mount.h. To avoid
the need to rearrange the Linux header to be always after glibc one,
the glibc sys/mount.h is changed to:
1. Undefine the macros also used as enum constants. This covers prior
inclusion of <linux/mount.h> (for instance MS_RDONLY).
2. Include <linux/mount.h> based on the usual __has_include check
(needs to use __has_include ("linux/mount.h") to paper over GCC
bugs.
3. Define enum fsconfig_command only if FSOPEN_CLOEXEC is not defined.
(FSOPEN_CLOEXEC should be a very close proxy.)
4. Define struct mount_attr if MOUNT_ATTR_SIZE_VER0 is not defined.
(Added in the same commit on the Linux side.)
This patch also adds some tests to check if including linux/fs.h and
linux/mount.h after and before sys/mount.h does work.
Checked on x86_64-linux-gnu.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit 774058d72942249f71d74e7f2b639f77184160a6)
|
| |
|
|
|
|
|
| |
Checked on x86_64-linux-gnu.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit e1226cdc6b209539a92d32d5b620ba53fd35abf3)
|
| |
|
|
|
|
|
|
| |
To avoid possible warnings if the kernel header is included before
sys/mount.h.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit c68b6044bc7945716431f1adc091b17c39b80a06)
|
| |
|
|
|
|
|
|
|
| |
Instead of tying to a specific kernel version.
Checked on x86_64-linux-gnu.
Reviewed-by: Florian Weimer <fweimer@redhat.com>
(cherry picked from commit 1542019b69b7ec7b2cd34357af035e406d153631)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The inline and library functions that the CMSG_NXTHDR macro may expand
to increment the pointer to the header before checking the stride of
the increment against available space. Since C only allows incrementing
pointers to one past the end of an array, the increment must be done
after a length check. This commit fixes that and includes a regression
test for CMSG_FIRSTHDR and CMSG_NXTHDR.
The Linux, Hurd, and generic headers are all changed.
Tested on Linux on armv7hl, i686, x86_64, aarch64, ppc64le, and s390x.
[BZ #28846]
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
(cherry picked from commit 9c443ac4559a47ed99859bd80d14dc4b6dd220a1)
|
| |
|
|
|
|
|
|
|
|
| |
The kernel special-cases the zero argument for alpha brk, and we can
use that to restore the generic Linux error handling behavior.
Fixes commit b57ab258c1140bc45464b4b9908713e3e0ee35aa ("Linux:
Introduce __brk_call for invoking the brk system call").
(cherry picked from commit e7ad26ee3cb74e61d0637c888f24dd478d77af58)
|
| |
|
|
|
| |
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
(cherry picked from commit f82e05ebb295cadd35f7372f652c72264da810ad)
|
| |
|
|
|
|
|
|
|
|
|
| |
Linux 5.19 has no new syscalls, but enables memfd_secret in the uapi
headers for RISC-V. Update the version number in syscall-names.list
to reflect that it is still current for 5.19 and regenerate the
arch-syscall.h headers with build-many-glibcs.py update-syscalls.
Tested with build-many-glibcs.py.
(cherry picked from commit fccadcdf5bed7ee67a6cef4714e0b477d6c8472c)
|
| |
|
|
|
|
|
|
| |
pidfd_getfd can fail for a valid pidfd with errno EPERM for various
reasons in a restricted environment. Use FAIL_UNSUPPORTED in that case.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Reviewed-by: Carlos O'Donell <carlos@redhat.com>
|
| | |
|
| | |
|
