From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <nsz@sourceware.org>
Received: by sourceware.org (Postfix, from userid 1944)
	id DE2E33846423; Wed, 26 Oct 2022 15:15:52 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org DE2E33846423
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1666797358;
	bh=1z1IQ1YI5GtQKdeu1LAGR3YGoQas3tnY6QYBhC1cArg=;
	h=From:To:Subject:Date:From;
	b=whybw3uh3rw7mu3Qm2RW5yJDmTQ8xVbA9gBRd2paI0+H5ahp7RnSFDazgpY/GWi/S
	 Fz9xqP+FFEG2Tkh/Np3PcSzETvXO3FxpuJhWbp5WmnRZQn1UVw41rNM6Um0tY3vuG6
	 H8Lid+hzZB5g1i33GQJLf+RnY6ksvPRZdo5oA3tg=
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Szabolcs Nagy <nsz@sourceware.org>
To: glibc-cvs@sourceware.org
Subject: [glibc/arm/morello/main] cheri: aarch64: Add header for CHERI
 permissions
X-Act-Checkin: glibc
X-Git-Author: Carlos Eduardo Seo <carlos.seo@arm.com>
X-Git-Refname: refs/heads/arm/morello/main
X-Git-Oldrev: 3476146867b756b8121b2b5ebe39fc10d1eb74ff
X-Git-Newrev: 839af9bf91bec1b18b2c48f94123a4f6ab37c198
Message-Id: <20221026151558.DE2E33846423@sourceware.org>
Date: Wed, 26 Oct 2022 15:15:52 +0000 (GMT)
List-Id: <glibc-cvs.sourceware.org>

https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=839af9bf91bec1b18b2c48f94123a4f6ab37c198

commit 839af9bf91bec1b18b2c48f94123a4f6ab37c198
Author: Carlos Eduardo Seo <carlos.seo@arm.com>
Date:   Mon Jul 18 14:47:32 2022 -0300

    cheri: aarch64: Add header for CHERI permissions
    
    New file containing the capability permission bits.
    
    The capability permission bits are defined in the Arm Architecture
    Reference Manual Suplement- Morello for A-Profile Architecture:
    
    https://developer.arm.com/documentation/ddi0606/latest

Diff:
---
 sysdeps/aarch64/morello/cheri_perms.h | 84 +++++++++++++++++++++++++++++++++++
 1 file changed, 84 insertions(+)

diff --git a/sysdeps/aarch64/morello/cheri_perms.h b/sysdeps/aarch64/morello/cheri_perms.h
new file mode 100644
index 0000000000..98a1926ad9
--- /dev/null
+++ b/sysdeps/aarch64/morello/cheri_perms.h
@@ -0,0 +1,84 @@
+/* Copyright (C) 2022 Free Software Foundation, Inc.
+
+   This file is part of the GNU C Library.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public License as
+   published by the Free Software Foundation; either version 2.1 of the
+   License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, see
+   <https://www.gnu.org/licenses/>.  */
+
+#ifndef _AARCH64_MORELLO_CHERI_PERMS_H
+#define _AARCH64_MORELLO_CHERI_PERMS_H
+
+/* Capability permission bits.  These are defined in the Arm Architecture
+   Reference Manual Suplement- Morello for A-Profile Architecture:
+   https://developer.arm.com/documentation/ddi0606/latest  */
+#define CAP_PERM_LOAD (1 << 17)
+#define CAP_PERM_STORE (1 << 16)
+#define CAP_PERM_EXECUTE (1 << 15)
+#define CAP_PERM_LOAD_CAP (1 << 14)
+#define CAP_PERM_STORE_CAP (1 << 13)
+#define CAP_PERM_STORE_LOCAL (1 << 12)
+#define CAP_PERM_SEAL (1 << 11)
+#define CAP_PERM_UNSEAL (1 << 10)
+#define CAP_PERM_SYSTEM (1 << 9)
+#define CAP_PERM_BRANCH_SEALED_PAIR (1 << 8)
+#define CAP_PERM_COMPARTMENT_ID (1 << 7)
+#define CAP_PERM_MUTABLE_LOAD (1 << 6)
+#define CAP_PERM_EXECUTIVE (1 << 1)
+#define CAP_PERM_GLOBAL (1 << 0)
+
+/* Used with __builtin_cheri_perms_and.  */
+#define CAP_PERM_MASK_BASE (-1UL ^ ( \
+  CAP_PERM_LOAD | \
+  CAP_PERM_STORE | \
+  CAP_PERM_EXECUTE | \
+  CAP_PERM_LOAD_CAP | \
+  CAP_PERM_MUTABLE_LOAD | \
+  CAP_PERM_STORE_CAP | \
+  CAP_PERM_STORE_LOCAL | \
+  CAP_PERM_EXECUTIVE | \
+  CAP_PERM_SYSTEM | \
+  CAP_PERM_SEAL | \
+  CAP_PERM_UNSEAL | \
+  CAP_PERM_COMPARTMENT_ID))
+#define CAP_PERM_MASK_R ( \
+  CAP_PERM_MASK_BASE | \
+  CAP_PERM_LOAD | \
+  CAP_PERM_LOAD_CAP | \
+  CAP_PERM_MUTABLE_LOAD)
+#define CAP_PERM_MASK_RW ( \
+  CAP_PERM_MASK_R | \
+  CAP_PERM_STORE | \
+  CAP_PERM_STORE_CAP | \
+  CAP_PERM_STORE_LOCAL)
+#define CAP_PERM_MASK_RX ( \
+  CAP_PERM_MASK_R | \
+  CAP_PERM_EXECUTE | \
+  CAP_PERM_EXECUTIVE | \
+  CAP_PERM_SYSTEM)
+
+#define STACK_CAP_PERM_PCS ( \
+  CAP_PERM_LOAD | \
+  CAP_PERM_STORE | \
+  CAP_PERM_LOAD_CAP | \
+  CAP_PERM_STORE_CAP | \
+  CAP_PERM_MUTABLE_LOAD)
+
+/* Check if stack is valid according to stack PCS rules.  Only permissions
+   are checked, seal and invalid tag cause fault on access.  */
+#define STACK_CAP_CHECK(stack, size) \
+  ({unsigned long __perm = __builtin_cheri_perms_get (stack); \
+    (__perm & (CAP_PERM_GLOBAL|CAP_PERM_STORE_LOCAL)) \
+    && (__perm & STACK_CAP_PERM_PCS) == STACK_CAP_PERM_PCS;})
+
+#endif