- 23 Jun, 2022 2 commits
- 20 Jun, 2022 2 commits
-
-
Tamas Petz authored
It is getting harder and harder to maintain several syscall descriptions. Use only one while maintaining the existing flexibility. The new, but backwards compatible descriptor format adds 'libc' and 'arch' fields. The former filters libc, the latter architectures. An empty list means no filtering. Note that only bionic, where wrappers are generated, uses 'aliases' and 'symbol' field. Change-Id: I3ab2d567377b7175a17ddd8bc91a70afd5eb011d
-
Tamas Petz authored
Multi-target rules are executed per target. Use target group (&:) to say that the rule is expected to create all the targets at once. The ordering rule was also behaving incorrectly in the new setup. Change-Id: I60dbdfee7a308d3af6f00bf40ac04e4ec63e471d
-
- 17 Jun, 2022 1 commit
-
-
Tamas Petz authored
The new configuration option LIBSHIM_CANCELLATION_POINTS enables or disables support for cancellation points. The new argument "cg" is an int*: if it is non-null and the pointed value is not zero the system call is cancelled. This is basically just some labels which can be used to check whether a PC is within a range. In addition, a test helper is also available: if __shim_pause_in_cp is implemented and it returns nonzero, the current system call will busy-wait forever. This can be used to test cancellation integration with libc: a thread can be stopped reliably within the cancellable region. Wrappers do not support cancellation points. Change-Id: I40bf2fcb3119fef7b60eda6c8079854eb7f442bd
-
- 16 Jun, 2022 1 commit
-
-
Tamas Petz authored
With cancellation support there will be more logic, and we will need to export some symbols. Header inclusion prevents developing cancellation points. Change-Id: I792aa88a0944f630b5d892ce187238f0ad003902
-
- 15 Jun, 2022 2 commits
-
-
Brooks Davis authored
Change-Id: I8c0895bac582448e4c90a9234e751ea2fa247528
-
Ruben authored
Change-Id: I83ae508b02af4664c9cb6f23257e7252c0db975c
-
- 14 Jun, 2022 2 commits
- 13 Jun, 2022 1 commit
-
-
Ruben authored
Change-Id: Ie5281d3afd692df6328b81b00cb4832fe8009ae8
-
- 06 Jun, 2022 1 commit
-
-
Tamas Petz authored
Change-Id: Ia8ed7b35e94c6052b5c22806b0ffcfcef2b25863
-
- 26 May, 2022 1 commit
-
-
Tamas Petz authored
This function returns true if libshim was compiled for pure-capability ABI, otherwise false. Change-Id: I91659f7901ac11ccdbddce4ae5636100686592d3
-
- 20 May, 2022 1 commit
-
-
Tamas Petz authored
This change adds a high-level implementation of arguments marshaling. It is meant to be a long-term replacement of the assembly implementation. The benefit is that this code uses cheriintrin.h and so it is architecture independent. Change-Id: Ia9889d7e23d434f931d64b365106fa2e59d423ac
-
- 17 May, 2022 4 commits
- 10 May, 2022 2 commits
- 03 May, 2022 1 commit
-
-
Tamas Petz authored
CHERIseed will transform parameters such that right before the actual system call all arguments should be "peeked" using '__builtin_cheri_address_get' builtin. This is due to the behaviour of the sanitizer: an int-to-ptr operation creates a new capability on stack and sets its value to the integer value. Change-Id: Ie1025ab580fd9d7bcfb82d4b540001d92a07390b
-
- 28 Apr, 2022 4 commits
-
-
Tamas Petz authored
CHERIseed targets capability-unaware architectures and so there is no such register as Morello's 'ctpidr_el0'. Change-Id: I8ff5e5ba8467006550b362a75c75560c37a45c2d
-
Tamas Petz authored
__SANITIZE_CHERISEED__ is defined to '1', if libshim is compiled with '-fsanitize=cheriseed', otherwise it is undefined. Change-Id: I9ed8505ba5610b0376dc84a6573c625883bfcb0f
-
Tamas Petz authored
Libshim has some assembly snippets but all of them have been reviewed for CHERIseed, therefore all of them are safe. There is no need to emit warnings during build. Change-Id: I0cdcec05193efc99b1b52df6acd4973ccc37ffd1
-
Tamas Petz authored
Marshalling this member of ucontext depends on the architecture, therefore it is now extracted into a separate file. Change-Id: I827f7128517096da5233551a9c09c45351298420
-
- 07 Apr, 2022 1 commit
-
-
Tamas Petz authored
This change extends the list of system calls libshim is aware of. Change-Id: I432326cfe096e361bbf85a1d0ce46ad8aad9a308
-
- 14 Jan, 2022 1 commit
-
-
Murray Steele authored
Change-Id: I88a67cf3d8be8c8b510904ca5db52ac7a54537b2
-
- 05 Jan, 2022 1 commit
-
-
Jack Bond-Preston authored
The sockaddr struct in the bind() and connect() syscalls are const, see: https://man7.org/linux/man-pages/man2/bind.2.html https://man7.org/linux/man-pages/man2/connect.2.html Change-Id: I3dc8815326b5057b081b59bedb2432c175eeac39
-
- 15 Dec, 2021 1 commit
-
-
Yury Khrustalev authored
Each element of argv and envp gets its bounds set based on the strlen result for it: the resulting capability length will cover the entire string plus null character at the end. This patch also sets permissions of argv and envp elements. Change-Id: I370d0bc016eb6adfd2d9d84e0958b04e2514f175
-
- 10 Dec, 2021 1 commit
-
-
Tamas Petz authored
It is used only at one place and the same results can be achieved with no inline asm. Change-Id: Ic438ecb4786adfb66b31b66d3e1e08136837b088
-
- 07 Dec, 2021 1 commit
-
-
Yury Khrustalev authored
Change-Id: I92e66f4b0fcac299e97d657b8e6504a96af6cf9e
-
- 02 Dec, 2021 1 commit
-
-
Jack Bond-Preston authored
Change argument check from pointer to struct sigaction to pointer to local_sigaction_t. The kernel ABI sigaction struct is not guaranteed to match the libc ABI sigaction struct. In Musl, these (struct k_sigaction and struct sigaction, respectively) are different sizes and previously the libshim check on rt_sigaction would fail. Signed-off-by:
Jack Bond-Preston <jack.bond-preston@arm.com> Change-Id: Ifb91a54e4054477cf4633b5547a69c1aa56f7814
-
- 24 Nov, 2021 1 commit
-
-
Werner Lewis authored
A set of experimental auxv members are defined to provide root RX, RW and sealing capabilities. These are derived from DDC with appropriate permissions. Bounds are unchanged for RX/RW and set to max object type value for sealing. These bounds should ideally be narrower to include only the writable range for RW, only the executable range for RX, and the required range for sealing. Change-Id: If65eb32d7e4e4efca04c9cb85cc57ee72ef506c5
-
- 22 Nov, 2021 1 commit
-
-
Kevin Brodsky authored
Currently pure-cap signal handlers cannot directly access the ucontext pointer argument because libshim just passes it through. This change fixes this by transforming the ucontext argument like the info argument: the pointer itself is transformed as usual, and the struct it points to (ucontext_t) also needs to be transformed as it contains a few pointers. The layout of ucontext_t is highly architecture-dependent, so its transformation must be special-cased for each architecture (currently aarch64 and x86_64). Change-Id: Ied0f59845d2634b6428b5882fec7ac029d8e462e
-
- 19 Oct, 2021 1 commit
-
-
Tamas Petz authored
When LIBSHIM_ZERO_DDC is enabled and targeting pure capability ABI, do_raw_args_marshalling() saves the original value of DDC and then clears it. This is meant to prevent deriving tagged capabilities from that point onwards using the original DDC value outside libshim. This change also removes 'rootcap' usages from libshim. Built and tested on FVP. Change-Id: I4cae99095f96999f5052ba83e43469168f7495cb
-
- 18 Oct, 2021 1 commit
-
-
Patrik authored
Add missing ramdisk_available properties to support full Android R build. Change-Id: Iba0a07e465d60d443c0fb2fda450145d4e16a6c9
-
- 13 Oct, 2021 1 commit
-
-
Tamas Petz authored
Static libc should contain all the symbols necessary to run an application. Dynamic libc, however, should only contain symbols which are not "duplicated" in the dynamic linker. So far both the dynamic linker and the shared libc had all the libshim symbols. This proved to be working correctly, however, having a fully singleton libshim is desirable. From now on only symbols which are mandatory for libc are provided, all the other libshim-internal symbols are weak. Because the dynamic linker has the strong alternatives of these symbols, linker will resolve these weak symbols so that they come from the linker. This allows implementation of a singleton pattern for libshim. Built and tested on FVP. Change-Id: I071ca7e23488293425990ead2c9261497c96786c
-
- 12 Oct, 2021 1 commit
-
-
Yury Khrustalev authored
Change-Id: Ic25018dc121d21cb9906ad65e62d7cc2609bb432
-
- 01 Oct, 2021 1 commit
-
-
Tamas Petz authored
Change-Id: I8487acb86f4f9258dc0668dc98de9713d0ee7a58
-
- 29 Sep, 2021 1 commit
-
-
Tamas Petz authored
To ease debugging, this change adds support to make a difference between system calls that are called best-effort and calls which actually failed when the related message gets printed. Change-Id: I05fd769ed2fcc391e8ce2ce823b0bcdf86a21e9e
-