The section mark a memory region that should not be sealed if
GNU_PROPERTY_MEMORY_SEAL attribute is present. PT_GNU_MUTABLE
section names start with ".gnu.mutable" and are maximum page
aligned and have a size of maximum page size.
For instance the code:
#define GNU_MUTABLE_SECTION_NAME ".gnu.mutable"
unsigned char mutable_array1[64]
__attribute__ ((section (GNU_MUTABLE_SECTION_NAME)))
= { 0 };
unsigned char mutable_array2[32]
__attribute__ ((section (GNU_MUTABLE_SECTION_NAME)))
= { 0 };
places both 'mutable_array1' and 'mutable_array2' on a page
aligned memory region in a size of a page (the alignment and size
can be change with -Wl,-z,max-page-size= linker option).
The linker sets the alignment and size to make it easier to
loader to avoid sealing the area (since mseal only work on
multiple of page size areas), and to simplify the userland
process to change protection of either seal the area after
initialization.
The new tests added are:
1. tst-dl_mseal: check memory sealing is applied for statically
linked binaries.
2. tst-dl_mseal-static: memory sealing is not applied if there is no
gnu attribute for statically linked binaries.
3. tst-dl-mseal: check memory sealing works as expected on multiples places:
- On the binary itself.
- On a LD_PRELOAD library.
- On a depedency modules (tst-dl_mseal-mod-{1,2}.so).
- On a audit modules (tst-dl_mseal-auditmod.so).
- On a dlopen dependency opened with RTLD_NODELETE).
- On the libgcc_s Aopened by thread unwind.
4. tst-dl-mseal-noseal: check if mixing object with and without
memory sealing works as expected.
Checked on x86_64-linux-gnu and aarch64-linux-gnu.
The new Linux mseal syscall allows mark a memory mapping to avoid
further changes (such as changng the protection flags). The memory
sealing is done in multiple places where the memory is supposed to
be immutable during program execution:
* All shared library dependencies from the binary, including the
read-only segments after PT_GNU_RELRO setup.
* The binary itself, including dynamic and static linked ones. In
both cases, it is up either to binary or the loader to set up the
sealing.
* Any preload libraries, including depedencies.
* Any library loaded with dlopen with RTLD_NODELETE flag.
* Audit modules.
* The loader bump allocator.
The memory sealing is controled by a new gnu attribute,
GNU_PROPERTY_MEMORY_SEAL, added by the new static linker option
'-z memory-seal'. It is set per binary, including statically linked
and shared objects.
The GNU_PROPERTY_MEMORY_SEAL enforcement depends on whether the kernel
supports the mseal syscall and how glibc is configured. On the default
configuration that aims to support older kernel releases, the memory
sealing attribute is taken as a hint. If glibc is configured with a
minimum kernel of 6.10, where mseal is implied to be supported,
sealing is enforced.
Checked on x86_64-linux-gnu and aarch64-linux-gnu.
So the static binary can opt-in of memory sealing. The aarch64 already
does it for GCS, so refactor it to use __libc_process_gnu_attributes
instead.
Checked on x86_64-linux-gnu.
It as added on Linux 6.10 (8be7258aad44b5e25977a98db136f677fa6f4370)
as way to block operations as unmaping, moving to another location,
shrinking the size, expanding the size, or modifying to a pre-existent
memory mapping.
Although the systecall only work on 64 bit CPU, the entrypoint was
added for all ABIs (since kernel might eventually implement it to
additional ones and/or the abi can execute on a 64 bit kernel).
Checked on x86_64-linux-gnu.
If no thread was created yet, __pthread_sigstate will not find our ss
because self->kernel_thread is still nul, and then change the global
sigstate instead of our sigstate! We can directly call __sigthreadmask and
skip the (bogus) lookup step.
btrfs has a 65535 maximum link count. Include this value in pathconf to
give the real max link count for this filesystem.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
powerpc was the only architecture with arch-specific hooks for
LD_SHOW_AUXV, and with the information moved to ld diagnostics there
is no need to keep the _dl_procinfo hook.
Checked with a build for all affected ABIs.
Reviewed-by: Peter Bergner <bergner@linux.ibm.com>
The _dl_string_platform is moved to hwcapinfo.h, since it is only used
by hwcapinfo.c and test-get_hwcap internal test.
Checked on powerpc64le-linux-gnu.
Reviewed-by: Peter Bergner <bergner@linux.ibm.com>
The ld.so diagnostics already prints AT_HWCAP values, but only in
hexadecimal. To avoid duplicating the strings, consolidate the
hwcap_names from cpu-features.h on a new file, dl-hwcap-info.h
(and it also improves the hwcap string description with more
values).
For future AT_HWCAP3/AT_HWCAP4 extensions, it is just a matter
to add them on dl-hwcap-info.c so both ld diagnostics and
tunable filtering will parse the new values.
Checked on powerpc64le-linux-gnu.
Reviewed-by: Peter Bergner <bergner@linux.ibm.com>
Remove unused _dl_hwcap_string defines. As a result many dl-procinfo.h headers
can be removed. This also removes target specific _dl_procinfo implementations
which only printed HWCAP strings using dl_hwcap_string.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
The code now looks like:
fclass.s $fa2, $fa0
movfr2gr.s $t0, $fa2
slli.w $t0, $t0, 0x0
fclass.s $fa2, $fa1
movfr2gr.s $t1, $fa2
or $t0, $t0, $t1
andi $t0, $t0, 0x3
bnez $t0, 1f
fmin.s $fa0, $fa0, $fa1
ret
1:
fmul.s $fa0, $fa0, $fa1
ret
This looks really bad, with expensive movfr2gr instructions, redundant
sign-extensions and masking (arguably it's a compiler
missed-optimzation), and a branch. Rewrite it with inline assembly:
fcmp.cor.s $fcc0, $fa0, $fa0
fcmp.cor.s $fcc1, $fa1, $fa1
fsel $fa2, $fa0, $fa1, $fcc0
fsel $fa0, $fa1, $fa0, $fcc1
fmax.s $fa0, $fa2, $fa0
ret
Note that we cannot make it more readable with
"double a = __builtin_isnanf (x) ? y : x" because this C statement only
happens to produce what we want with https://gcc.gnu.org/PR66462, if
this bug is fixed in the future the generated code may change.
Signed-off-by: Xi Ruoyao <xry111@xry111.site>
Single-precision remainderf() and quad-precision remainderl()
implementation derived from Sun is affected by an issue when the result
is +-0. IEEE754 requires that if remainder(x, y) = 0, its sign shall be
that of x regardless of the rounding direction.
The implementation seems to have assumed that x - x = +0 in all
rounding modes, which is not the case. When rounding direction is
roundTowardNegative the sign of an exact zero sum (or difference) is −0.
Regression tests that triggered this erroneous behavior are added to
math/libm-test-remainder.inc.
Tested for cross riscv64 and powerpc.
Original fix by: Bruce Evans <bde@FreeBSD.org> in FreeBSD's
a2ddfa5ea726c56dbf825763ad371c261b89b7c7.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
A number of fma tests started to fail on hppa when gcc was changed to
use Ranger rather than EVRP. Eventually I found that the value of
a1 + u.d in this is block of code was being computed in FE_TOWARDZERO
mode and not the original rounding mode:
if (TININESS_AFTER_ROUNDING)
{
w.d = a1 + u.d;
if (w.ieee.exponent == 109)
return w.d * 0x1p-108;
}
This caused the exponent value to be wrong and the wrong return path
to be used.
Here we add an optimization barrier after the rounding mode is reset
to ensure that the previous value of a1 + u.d is not reused.
Signed-off-by: John David Anglin <dave.anglin@bell.net>
In some cases, an IFUNC resolver may need to access the gp pointer to
access global variables. Such an object may have l_relocated == 0 at
this time. In this case, an IFUNC resolver will fail to access a global
variable and cause a SIGSEGV.
This patch fixes this issue by relaxing the check of l_relocated in
elf_machine_runtime_setup, but added a check for SHARED case to avoid
using this code in static-linked executables. Such object have already
set up the gp pointer in load_gp function and l->l_scope will be NULL if
it is a pie object. So if we use these code to set up the gp pointer
again for static-pie, it will causing a SIGSEGV in glibc as original bug
on BZ #31317.
I have also reproduced and checked BZ #31317 using the mold commit
bed5b1731b ("illumos: Treat absolute symbols specially"), this patch can
fix the issue.
Also, we used the wrong gp pointer previously because ref->st_value is
not the relocated address but just the offset from the base address of
ELF. An edge case may happen if we reference gp pointer in a IFUNC
resolver in a PIE object, but it will not happen in compiler-generated
codes since -pie will disable relax to gp. In this case, the GP will be
initialized incorrectly since the ref->st_value is not the address after
relocation. This patch fixes this issue by adding the l->l_addr to
ref->st_value to get the relocated address for the gp pointer. We don't
use SYMBOL_ADDRESS macro here because __global_pointer$ is a special
symbol that has SHN_ABS type, but it will use PC-relative addressing in
the load_gp function using lla.
Closes: BZ #32269
Fixes: 96d1b9ac23 ("RISC-V: Fix the static-PIE non-relocated object check")
Co-authored-by: Vivian Wang <dramforever@live.com>
Signed-off-by: Yangyu Chen <cyy@cyyself.name>
This series removes various ILP32 defines that are now
no longer needed.
Remove PTR_ARG/SIZE_ARG.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
When compiling a program that includes <bits/floatn.h> using a clang version
between 3.4 (included) and 3.8.1 (included), clang will fail with `unknown type
name '__float128'; did you mean '__cfloat128'?`. This changes fixes the clang
prerequirements macro call in floatn.h to check for clang 3.9 instead of 3.4,
since support for __float128 was actually enabled in 3.9 by:
commit 50f29e06a1b6a38f0bba9360cbff72c82d46cdd4
Author: Nemanja Ivanovic <nemanja.i.ibm@gmail.com>
Date: Wed Apr 13 09:49:45 2016 +0000
Enable support for __float128 in Clang
This fixes bug 32694.
Signed-off-by: koraynilay <koray.fra@gmail.com>
Reviewed-by: H.J. Lu <hjl.tools@gmail.com>
Due to the extensible nature of the rseq area we can't explictly
initialize fields that are not part of the ABI yet. It was agreed with
upstream that all new fields will be documented as zero initialized by
userspace. Future kernels configured with CONFIG_DEBUG_RSEQ will
validate the content of all fields during registration.
Replace the explicit field initialization with a memset of the whole
rseq area which will cover fields as they are added to future kernels.
Signed-off-by: Michael Jeanson <mjeanson@efficios.com>
Reviewed-by: Florian Weimer <fweimer@redhat.com>
Test that when we return from a function that enabled GCS at runtime
we get SIGSEGV. Also test that ucontext contains GCS block with the
GCS pointer.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
These tests validate that GCS tunable works as expected depending
on the GCS markings in the test binaries.
Tests validate both static and dynamically linked binaries.
These new tests are AArch64 specific. Moreover, they are included only
if linker supports the "-z gcs=<value>" option. If built, these tests
will run on systems with and without HWCAP_GCS. In the latter case the
tests will be reported as UNSUPPORTED.
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Add SVE memset based on the generic memset with predicated load for sizes < 16.
Unaligned memsets of 128-1024 are improved by ~20% on average by using aligned
stores for the last 64 bytes. Performance of random memset benchmark improves
by ~2% on Neoverse V1.
Reviewed-by: Yury Khrustalev <yury.khrustalev@arm.com>
Intel compiler always defines __INTEL_LLVM_COMPILER. When SYCL is
enabled by -fsycl, it also defines SYCL_LANGUAGE_VERSION. Since Intel
SYCL compiler doesn't support _Float128:
https://github.com/intel/llvm/issues/16903
define __HAVE_FLOAT128 to 0 for Intel SYCL compiler.
This fixes BZ #32723.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Sam James <sam@gentoo.org>
