[SYSVABI64] Add Guarded Control Stack (GCS) Feature Bit #231
Conversation
Add GNU_PROPERTY_AARCH64_FEATURE_1_GCS to the GNU property GNU_PROPERTY_AARCH64_FEATURE_1_AND. This permits executables and shared libraries to declare that they are compatible with GCS, this permits a platform to enable GCS for a program when the executable and all of its dependecies are compatible with it. When GCS is enabled, use of dlopen of a shared library that is not GCS compatible is platform defined. Some platforms may be able to disable GCS, others may decide to refuse to load the library.
sysvabi64/sysvabi64.rst
Outdated
| (GCS) mechanism. Minimum requirements for setting this feature bit | ||
| include: | ||
|
|
||
| * The number of ``procedure return address push operations`` and the |
There was a problem hiding this comment.
The terms "procedure return address push operation" and "procedure return address pop operation" are defined only in the GCS specification (as far as I know) and are perhaps a bit misleading here (on first reading I thought it was talking about the STP at function start and LDP at function end, but it's actually talking about BL and RET). Also having a matching number of BL/RET isn't enough, every RET has to match up with the BL that called the function.
I think rewording this to be something like the following would be clearer:
Each function that is called using a BL instruction (or other instruction that is a GCS procedure return address push operation) returns using a RET instruction (or other instruction that is a GSC procedure return address pop operation). This means that RET instructions are used for function returns, and not as an indirect branch.
There was a problem hiding this comment.
Thanks for the suggestion, I've used an almost identical wording in a fixup commit that I'll squash prior to merging.
sysvabi64/sysvabi64.rst
Outdated
| * Each function that is called using a BL instruction (or other | ||
| instruction that is a GCS ``procedure return address push | ||
| operation``) returns using a RET instruction (or other instruction | ||
| that is a ``GCS procedure return address pop operation``). This |
There was a problem hiding this comment.
Mismatch on whether GCS is inside the backticks. Though maybe we shouldn't be using backticks here, as it's usually used only for code-like things.
There was a problem hiding this comment.
Apologies for the mistake. Looking at the spec it should be outside. I want to highlight that procedure return address push operation is a term from a specification, that I expect will eventually be in the Arm ARM as a highlighted term. Without it procedure return address push operation could just be a generic sentence.
Will fix.
This commit will be squashed before merging.
This bit was added to the AArch64 ABI by ARM-software/abi-aa#231.
…75065) This bit was added to the AArch64 ABI by ARM-software/abi-aa#231.
Add GNU_PROPERTY_AARCH64_FEATURE_1_GCS to the GNU property GNU_PROPERTY_AARCH64_FEATURE_1_AND.
This permits executables and shared libraries to declare that they are compatible with GCS, this permits a platform to enable GCS for a program when the executable and all of its dependecies are compatible with it.
When GCS is enabled, use of dlopen of a shared library that is not GCS compatible is platform defined. Some platforms may be able to disable GCS, others may decide to refuse to load the library.