aarch64: Handle gcs marking

sysdeps/aarch64/Makefile

@@ -9,7 +9,9 @@ LDFLAGS-rtld += -Wl,-z,force-bti,--fatal-warnings
 endif
 
 ifeq ($(subdir),elf)
-sysdep-dl-routines += dl-bti
+sysdep-dl-routines += \
+  dl-bti \
+  dl-gcs
 
 tests += tst-audit26 \
 	 tst-audit27

sysdeps/aarch64/dl-gcs.c

@@ -0,0 +1,59 @@
+/* AArch64 GCS functions.
+   Copyright (C) 2024 Free Software Foundation, Inc.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#include <unistd.h>
+#include <errno.h>
+#include <libintl.h>
+#include <ldsodefs.h>
+
+static void
+fail (struct link_map *l, const char *program)
+{
+  if (program)
+    _dl_fatal_printf ("%s: %s: not GCS compatible\n", program, l->l_name);
+  else
+    _dl_signal_error (0, l->l_name, "dlopen", N_("not GCS compatible"));
+}
+
+static void
+check_gcs (struct link_map *l, const char *program)
+{
+  if (!l->l_mach.gcs)
+    {
+      if (GLRO(dl_aarch64_gcs_policy) == 2 || !program)
+	fail (l, program);
+      if (GLRO(dl_aarch64_gcs_policy) == 1 && program)
+	GL(dl_aarch64_gcs) = 0;
+    }
+}
+
+/* Apply GCS policy for L and its dependencies.  */
+
+void
+_dl_gcs_check (struct link_map *l, const char *program)
+{
+  /* GCS is disabled.  */
+  if (GL(dl_aarch64_gcs) == 0)
+    return;
+  /* GCS marking is ignored.  */
+  if (GLRO(dl_aarch64_gcs_policy) == 0)
+    return;
+
+  check_gcs (l, program);
+  for (unsigned int i = 0; i < l->l_searchlist.r_nlist; i++)
+    check_gcs (l->l_initfini[i], program);
+}

sysdeps/aarch64/dl-prop.h

@@ -24,16 +24,21 @@ extern void _dl_bti_protect (struct link_map *, int) attribute_hidden;
 extern void _dl_bti_check (struct link_map *, const char *)
     attribute_hidden;
 
+extern void _dl_gcs_check (struct link_map *, const char *)
+    attribute_hidden;
+
 static inline void __attribute__ ((always_inline))
 _rtld_main_check (struct link_map *m, const char *program)
 {
   _dl_bti_check (m, program);
+  _dl_gcs_check (m, program);
 }
 
 static inline void __attribute__ ((always_inline))
 _dl_open_check (struct link_map *m)
 {
   _dl_bti_check (m, NULL);
+  _dl_gcs_check (m, NULL);
 }
 
 static inline void __attribute__ ((always_inline))
@@ -45,10 +50,6 @@ static inline int
 _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type,
 			  uint32_t datasz, void *data)
 {
-  if (!GLRO(dl_aarch64_cpu_features).bti)
-    /* Skip note processing.  */
-    return 0;
-
   if (type == GNU_PROPERTY_AARCH64_FEATURE_1_AND)
     {
       /* Stop if the property note is ill-formed.  */
@@ -57,7 +58,11 @@ _dl_process_gnu_property (struct link_map *l, int fd, uint32_t type,
 
       unsigned int feature_1 = *(unsigned int *) data;
       if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_BTI)
-	_dl_bti_protect (l, fd);
+	if (GLRO(dl_aarch64_cpu_features).bti)
+	  _dl_bti_protect (l, fd);
+
+      if (feature_1 & GNU_PROPERTY_AARCH64_FEATURE_1_GCS)
+	l->l_mach.gcs = 1;
 
       /* Stop if we processed the property note.  */
       return 0;

sysdeps/aarch64/linkmap.h

@@ -23,4 +23,5 @@ struct link_map_machine
   ElfW(Addr) plt;	  /* Address of .plt */
   void *tlsdesc_table;	  /* Address of TLS descriptor hash table.  */
   bool bti_fail;	  /* Failed to enable Branch Target Identification.  */
+  bool gcs;		  /* Guarded Control Stack marking.  */
 };