glibc:arm/gcs

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

bea263f... by Szabolcs Nagy <email address hidden> on 2024-02-14

doc: add plain text readme for using GCS

fcdce58... by Szabolcs Nagy <email address hidden> on 2023-12-27

aarch64: process gnu properties in static exe

84bfdb9... by Szabolcs Nagy <email address hidden> on 2024-01-10

aarch64: ignore GCS property of ld.so

ldso->l_mach.gcs may not be set up, just assume ldso is GCS compatible.

5017a71... by Szabolcs Nagy <email address hidden> on 2023-12-28

aarch64: use l_searchlist.r_list for gcs

Allows using the same function for static exe.

deded66... by Szabolcs Nagy <email address hidden> on 2023-12-21

aarch64: handling gcs marking

92cd77c... by Szabolcs Nagy <email address hidden> on 2023-12-28

aarch64: use l_searchlist.r_list for bti

Allows using the same function for static exe.

1e34803... by Szabolcs Nagy <email address hidden> on 2023-12-21

aarch64: add glibc.cpu.aarch64_gcs_policy

policy sets how gcs tunable and gcs marking turns into gcs state:

0: state = tunable
1: state = marking ? tunable : (tunable && dlopen ? err : 0)
2: state = marking ? tunable : (tunable ? err : 0)

TODO: state lock

7ea8526... by Szabolcs Nagy <email address hidden> on 2023-07-14

aarch64: Enable GCS in dynamic linked exe

Use the dynamic linker start code to enable GCS in the dynamic linked
case after _dl_start returns and before _dl_start_user which marks
the point after which user code may run.

Like in the static linked case this ensures that GCS is enabled on a
top level stack frame.

cf7e262... by Szabolcs Nagy <email address hidden> on 2023-07-13

aarch64: Enable GCS in static linked exe

Use the ARCH_SETUP_TLS hook to enable GCS in the static linked case.
The system call must be inlined and then GCS is enabled on a top
level stack frame that does not return and has no exception handlers
above it.

2000103... by Szabolcs Nagy <email address hidden> on 2023-07-17

aarch64: Add glibc.cpu.aarch64_gcs tunable

This tunable is for controlling the GCS status. It is the argument to
the PR_SET_SHADOW_STACK_STATUS prctl, by default 0, so GCS is disabled.

The status is stored into GL(dl_aarch64_gcs) early and only applied
later, since enabling GCS is tricky: it must happen on a top level
stack frame. (Using GL instead of GLRO because it may need updates
depending on loaded libraries that happen after readonly protection
is applied, however library marking based GCS setting is not yet
implemented.)