public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc/arm/morello/main] TODO(uapi): narrow capability in mmap and mremap
@ 2022-10-27 13:53 Szabolcs Nagy
0 siblings, 0 replies; 4+ messages in thread
From: Szabolcs Nagy @ 2022-10-27 13:53 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=1635be334baa886f7576b078c05e529742828ca8
commit 1635be334baa886f7576b078c05e529742828ca8
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Fri Aug 5 11:44:57 2022 +0100
TODO(uapi): narrow capability in mmap and mremap
This is a temporary workaround.
length is rounded up to pagesize and don't use exact bound (bounds
will be larger if exact value is not representable).
capability permissions are roughly emulated too.
TODO: kernel should do this
Diff:
---
sysdeps/unix/sysv/linux/mmap64.c | 31 +++++++++++++++++++++++++++++--
sysdeps/unix/sysv/linux/mremap.c | 12 +++++++++++-
2 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/mmap64.c b/sysdeps/unix/sysv/linux/mmap64.c
index 659dadadaf..a7bd396880 100644
--- a/sysdeps/unix/sysv/linux/mmap64.c
+++ b/sysdeps/unix/sysv/linux/mmap64.c
@@ -20,7 +20,11 @@
#include <unistd.h>
#include <sys/mman.h>
#include <sysdep.h>
+#include <ldsodefs.h>
#include <mmap_internal.h>
+#ifdef __CHERI_PURE_CAPABILITY__
+# include <cheri_perms.h>
+#endif
#ifdef __NR_mmap2
/* To avoid silent truncation of offset when using mmap2, do not accept
@@ -51,12 +55,35 @@ __mmap64 (void *addr, size_t len, int prot, int flags, int fd, off64_t offset)
return (void *) INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL);
MMAP_PREPARE (addr, len, prot, flags, fd, offset);
+ void *ret;
#ifdef __NR_mmap2
- return (void *) MMAP_CALL (mmap2, addr, len, prot, flags, fd,
+ ret = (void *) MMAP_CALL (mmap2, addr, len, prot, flags, fd,
(off_t) (offset / MMAP2_PAGE_UNIT));
#else
- return (void *) MMAP_CALL (mmap, addr, len, prot, flags, fd, offset);
+ ret = (void *) MMAP_CALL (mmap, addr, len, prot, flags, fd, offset);
+#endif
+#ifdef __CHERI_PURE_CAPABILITY__
+ if (ret != MAP_FAILED)
+ {
+ size_t ps = GLRO(dl_pagesize);
+ ret = __builtin_cheri_bounds_set (ret, (len + ps - 1) & -ps);
+ unsigned long mask = CAP_PERM_MASK_BASE;
+ if (prot & PROT_READ)
+ mask |= CAP_PERM_MASK_R;
+ if (prot & PROT_WRITE)
+ mask |= CAP_PERM_MASK_RW;
+ if (prot & PROT_EXEC)
+ mask |= CAP_PERM_MASK_RX;
+ if (prot & PROT_MAX (PROT_READ))
+ mask |= CAP_PERM_MASK_R;
+ if (prot & PROT_MAX (PROT_WRITE))
+ mask |= CAP_PERM_MASK_RW;
+ if (prot & PROT_MAX (PROT_EXEC))
+ mask |= CAP_PERM_MASK_RX;
+ ret = __builtin_cheri_perms_and (ret, mask);
+ }
#endif
+ return ret;
}
weak_alias (__mmap64, mmap64)
libc_hidden_def (__mmap64)
diff --git a/sysdeps/unix/sysv/linux/mremap.c b/sysdeps/unix/sysv/linux/mremap.c
index e829a29dbd..2e89f43faa 100644
--- a/sysdeps/unix/sysv/linux/mremap.c
+++ b/sysdeps/unix/sysv/linux/mremap.c
@@ -20,6 +20,7 @@
#include <sysdep.h>
#include <stdarg.h>
#include <stddef.h>
+#include <ldsodefs.h>
void *
__mremap (void *addr, size_t old_len, size_t new_len, int flags, ...)
@@ -34,8 +35,17 @@ __mremap (void *addr, size_t old_len, size_t new_len, int flags, ...)
va_end (va);
}
- return (void *) INLINE_SYSCALL_CALL (mremap, addr, old_len, new_len, flags,
+ void *ret;
+ ret = (void *) INLINE_SYSCALL_CALL (mremap, addr, old_len, new_len, flags,
new_addr);
+#ifdef __CHERI_PURE_CAPABILITY__
+ if (ret != MAP_FAILED)
+ {
+ size_t ps = GLRO(dl_pagesize);
+ ret = __builtin_cheri_bounds_set (ret, (new_len + ps - 1) & -ps);
+ }
+#endif
+ return ret;
}
libc_hidden_def (__mremap)
weak_alias (__mremap, mremap)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [glibc/arm/morello/main] TODO(uapi): narrow capability in mmap and mremap
@ 2022-11-23 14:43 Szabolcs Nagy
0 siblings, 0 replies; 4+ messages in thread
From: Szabolcs Nagy @ 2022-11-23 14:43 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=655faf81b2b6e2a82eb3e811ca79ad9a09d430fa
commit 655faf81b2b6e2a82eb3e811ca79ad9a09d430fa
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Fri Aug 5 11:44:57 2022 +0100
TODO(uapi): narrow capability in mmap and mremap
This is a temporary workaround.
length is rounded up to pagesize and don't use exact bound (bounds
will be larger if exact value is not representable).
capability permissions are roughly emulated too.
TODO: kernel should do this
Diff:
---
sysdeps/unix/sysv/linux/mmap64.c | 31 +++++++++++++++++++++++++++++--
sysdeps/unix/sysv/linux/mremap.c | 12 +++++++++++-
2 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/mmap64.c b/sysdeps/unix/sysv/linux/mmap64.c
index 659dadadaf..a7bd396880 100644
--- a/sysdeps/unix/sysv/linux/mmap64.c
+++ b/sysdeps/unix/sysv/linux/mmap64.c
@@ -20,7 +20,11 @@
#include <unistd.h>
#include <sys/mman.h>
#include <sysdep.h>
+#include <ldsodefs.h>
#include <mmap_internal.h>
+#ifdef __CHERI_PURE_CAPABILITY__
+# include <cheri_perms.h>
+#endif
#ifdef __NR_mmap2
/* To avoid silent truncation of offset when using mmap2, do not accept
@@ -51,12 +55,35 @@ __mmap64 (void *addr, size_t len, int prot, int flags, int fd, off64_t offset)
return (void *) INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL);
MMAP_PREPARE (addr, len, prot, flags, fd, offset);
+ void *ret;
#ifdef __NR_mmap2
- return (void *) MMAP_CALL (mmap2, addr, len, prot, flags, fd,
+ ret = (void *) MMAP_CALL (mmap2, addr, len, prot, flags, fd,
(off_t) (offset / MMAP2_PAGE_UNIT));
#else
- return (void *) MMAP_CALL (mmap, addr, len, prot, flags, fd, offset);
+ ret = (void *) MMAP_CALL (mmap, addr, len, prot, flags, fd, offset);
+#endif
+#ifdef __CHERI_PURE_CAPABILITY__
+ if (ret != MAP_FAILED)
+ {
+ size_t ps = GLRO(dl_pagesize);
+ ret = __builtin_cheri_bounds_set (ret, (len + ps - 1) & -ps);
+ unsigned long mask = CAP_PERM_MASK_BASE;
+ if (prot & PROT_READ)
+ mask |= CAP_PERM_MASK_R;
+ if (prot & PROT_WRITE)
+ mask |= CAP_PERM_MASK_RW;
+ if (prot & PROT_EXEC)
+ mask |= CAP_PERM_MASK_RX;
+ if (prot & PROT_MAX (PROT_READ))
+ mask |= CAP_PERM_MASK_R;
+ if (prot & PROT_MAX (PROT_WRITE))
+ mask |= CAP_PERM_MASK_RW;
+ if (prot & PROT_MAX (PROT_EXEC))
+ mask |= CAP_PERM_MASK_RX;
+ ret = __builtin_cheri_perms_and (ret, mask);
+ }
#endif
+ return ret;
}
weak_alias (__mmap64, mmap64)
libc_hidden_def (__mmap64)
diff --git a/sysdeps/unix/sysv/linux/mremap.c b/sysdeps/unix/sysv/linux/mremap.c
index e829a29dbd..2e89f43faa 100644
--- a/sysdeps/unix/sysv/linux/mremap.c
+++ b/sysdeps/unix/sysv/linux/mremap.c
@@ -20,6 +20,7 @@
#include <sysdep.h>
#include <stdarg.h>
#include <stddef.h>
+#include <ldsodefs.h>
void *
__mremap (void *addr, size_t old_len, size_t new_len, int flags, ...)
@@ -34,8 +35,17 @@ __mremap (void *addr, size_t old_len, size_t new_len, int flags, ...)
va_end (va);
}
- return (void *) INLINE_SYSCALL_CALL (mremap, addr, old_len, new_len, flags,
+ void *ret;
+ ret = (void *) INLINE_SYSCALL_CALL (mremap, addr, old_len, new_len, flags,
new_addr);
+#ifdef __CHERI_PURE_CAPABILITY__
+ if (ret != MAP_FAILED)
+ {
+ size_t ps = GLRO(dl_pagesize);
+ ret = __builtin_cheri_bounds_set (ret, (new_len + ps - 1) & -ps);
+ }
+#endif
+ return ret;
}
libc_hidden_def (__mremap)
weak_alias (__mremap, mremap)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [glibc/arm/morello/main] TODO(uapi): narrow capability in mmap and mremap
@ 2022-10-26 15:15 Szabolcs Nagy
0 siblings, 0 replies; 4+ messages in thread
From: Szabolcs Nagy @ 2022-10-26 15:15 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3446d29c354b04e4a8ccff5bdfdb9be28e061714
commit 3446d29c354b04e4a8ccff5bdfdb9be28e061714
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Fri Aug 5 11:44:57 2022 +0100
TODO(uapi): narrow capability in mmap and mremap
This is a temporary workaround.
length is rounded up to pagesize and don't use exact bound (bounds
will be larger if exact value is not representable).
capability permissions are roughly emulated too.
TODO: kernel should do this
Diff:
---
sysdeps/unix/sysv/linux/mmap64.c | 31 +++++++++++++++++++++++++++++--
sysdeps/unix/sysv/linux/mremap.c | 12 +++++++++++-
2 files changed, 40 insertions(+), 3 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/mmap64.c b/sysdeps/unix/sysv/linux/mmap64.c
index 659dadadaf..a7bd396880 100644
--- a/sysdeps/unix/sysv/linux/mmap64.c
+++ b/sysdeps/unix/sysv/linux/mmap64.c
@@ -20,7 +20,11 @@
#include <unistd.h>
#include <sys/mman.h>
#include <sysdep.h>
+#include <ldsodefs.h>
#include <mmap_internal.h>
+#ifdef __CHERI_PURE_CAPABILITY__
+# include <cheri_perms.h>
+#endif
#ifdef __NR_mmap2
/* To avoid silent truncation of offset when using mmap2, do not accept
@@ -51,12 +55,35 @@ __mmap64 (void *addr, size_t len, int prot, int flags, int fd, off64_t offset)
return (void *) INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL);
MMAP_PREPARE (addr, len, prot, flags, fd, offset);
+ void *ret;
#ifdef __NR_mmap2
- return (void *) MMAP_CALL (mmap2, addr, len, prot, flags, fd,
+ ret = (void *) MMAP_CALL (mmap2, addr, len, prot, flags, fd,
(off_t) (offset / MMAP2_PAGE_UNIT));
#else
- return (void *) MMAP_CALL (mmap, addr, len, prot, flags, fd, offset);
+ ret = (void *) MMAP_CALL (mmap, addr, len, prot, flags, fd, offset);
+#endif
+#ifdef __CHERI_PURE_CAPABILITY__
+ if (ret != MAP_FAILED)
+ {
+ size_t ps = GLRO(dl_pagesize);
+ ret = __builtin_cheri_bounds_set (ret, (len + ps - 1) & -ps);
+ unsigned long mask = CAP_PERM_MASK_BASE;
+ if (prot & PROT_READ)
+ mask |= CAP_PERM_MASK_R;
+ if (prot & PROT_WRITE)
+ mask |= CAP_PERM_MASK_RW;
+ if (prot & PROT_EXEC)
+ mask |= CAP_PERM_MASK_RX;
+ if (prot & PROT_MAX (PROT_READ))
+ mask |= CAP_PERM_MASK_R;
+ if (prot & PROT_MAX (PROT_WRITE))
+ mask |= CAP_PERM_MASK_RW;
+ if (prot & PROT_MAX (PROT_EXEC))
+ mask |= CAP_PERM_MASK_RX;
+ ret = __builtin_cheri_perms_and (ret, mask);
+ }
#endif
+ return ret;
}
weak_alias (__mmap64, mmap64)
libc_hidden_def (__mmap64)
diff --git a/sysdeps/unix/sysv/linux/mremap.c b/sysdeps/unix/sysv/linux/mremap.c
index e829a29dbd..2e89f43faa 100644
--- a/sysdeps/unix/sysv/linux/mremap.c
+++ b/sysdeps/unix/sysv/linux/mremap.c
@@ -20,6 +20,7 @@
#include <sysdep.h>
#include <stdarg.h>
#include <stddef.h>
+#include <ldsodefs.h>
void *
__mremap (void *addr, size_t old_len, size_t new_len, int flags, ...)
@@ -34,8 +35,17 @@ __mremap (void *addr, size_t old_len, size_t new_len, int flags, ...)
va_end (va);
}
- return (void *) INLINE_SYSCALL_CALL (mremap, addr, old_len, new_len, flags,
+ void *ret;
+ ret = (void *) INLINE_SYSCALL_CALL (mremap, addr, old_len, new_len, flags,
new_addr);
+#ifdef __CHERI_PURE_CAPABILITY__
+ if (ret != MAP_FAILED)
+ {
+ size_t ps = GLRO(dl_pagesize);
+ ret = __builtin_cheri_bounds_set (ret, (new_len + ps - 1) & -ps);
+ }
+#endif
+ return ret;
}
libc_hidden_def (__mremap)
weak_alias (__mremap, mremap)
^ permalink raw reply [flat|nested] 4+ messages in thread
* [glibc/arm/morello/main] TODO(uapi): narrow capability in mmap and mremap
@ 2022-10-12 14:16 Szabolcs Nagy
0 siblings, 0 replies; 4+ messages in thread
From: Szabolcs Nagy @ 2022-10-12 14:16 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=afbfdd28bd9006bfd1f07a41227bf9b1820df4ba
commit afbfdd28bd9006bfd1f07a41227bf9b1820df4ba
Author: Szabolcs Nagy <szabolcs.nagy@arm.com>
Date: Fri Aug 5 11:44:57 2022 +0100
TODO(uapi): narrow capability in mmap and mremap
This is a temporary workaround.
length is rounded up to pagesize and don't use exact bound (bounds
will be larger if exact value is not representable).
TODO: kernel should do this
Diff:
---
sysdeps/unix/sysv/linux/mmap64.c | 14 ++++++++++++--
sysdeps/unix/sysv/linux/mremap.c | 12 +++++++++++-
2 files changed, 23 insertions(+), 3 deletions(-)
diff --git a/sysdeps/unix/sysv/linux/mmap64.c b/sysdeps/unix/sysv/linux/mmap64.c
index 659dadadaf..60da02939d 100644
--- a/sysdeps/unix/sysv/linux/mmap64.c
+++ b/sysdeps/unix/sysv/linux/mmap64.c
@@ -20,6 +20,7 @@
#include <unistd.h>
#include <sys/mman.h>
#include <sysdep.h>
+#include <ldsodefs.h>
#include <mmap_internal.h>
#ifdef __NR_mmap2
@@ -51,12 +52,21 @@ __mmap64 (void *addr, size_t len, int prot, int flags, int fd, off64_t offset)
return (void *) INLINE_SYSCALL_ERROR_RETURN_VALUE (EINVAL);
MMAP_PREPARE (addr, len, prot, flags, fd, offset);
+ void *ret;
#ifdef __NR_mmap2
- return (void *) MMAP_CALL (mmap2, addr, len, prot, flags, fd,
+ ret = (void *) MMAP_CALL (mmap2, addr, len, prot, flags, fd,
(off_t) (offset / MMAP2_PAGE_UNIT));
#else
- return (void *) MMAP_CALL (mmap, addr, len, prot, flags, fd, offset);
+ ret = (void *) MMAP_CALL (mmap, addr, len, prot, flags, fd, offset);
#endif
+#ifdef __CHERI_PURE_CAPABILITY__
+ if (ret != MAP_FAILED)
+ {
+ size_t ps = GLRO(dl_pagesize);
+ ret = __builtin_cheri_bounds_set (ret, (len + ps - 1) & -ps);
+ }
+#endif
+ return ret;
}
weak_alias (__mmap64, mmap64)
libc_hidden_def (__mmap64)
diff --git a/sysdeps/unix/sysv/linux/mremap.c b/sysdeps/unix/sysv/linux/mremap.c
index e829a29dbd..2e89f43faa 100644
--- a/sysdeps/unix/sysv/linux/mremap.c
+++ b/sysdeps/unix/sysv/linux/mremap.c
@@ -20,6 +20,7 @@
#include <sysdep.h>
#include <stdarg.h>
#include <stddef.h>
+#include <ldsodefs.h>
void *
__mremap (void *addr, size_t old_len, size_t new_len, int flags, ...)
@@ -34,8 +35,17 @@ __mremap (void *addr, size_t old_len, size_t new_len, int flags, ...)
va_end (va);
}
- return (void *) INLINE_SYSCALL_CALL (mremap, addr, old_len, new_len, flags,
+ void *ret;
+ ret = (void *) INLINE_SYSCALL_CALL (mremap, addr, old_len, new_len, flags,
new_addr);
+#ifdef __CHERI_PURE_CAPABILITY__
+ if (ret != MAP_FAILED)
+ {
+ size_t ps = GLRO(dl_pagesize);
+ ret = __builtin_cheri_bounds_set (ret, (new_len + ps - 1) & -ps);
+ }
+#endif
+ return ret;
}
libc_hidden_def (__mremap)
weak_alias (__mremap, mremap)
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-11-23 14:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-10-27 13:53 [glibc/arm/morello/main] TODO(uapi): narrow capability in mmap and mremap Szabolcs Nagy
-- strict thread matches above, loose matches on Subject: below --
2022-11-23 14:43 Szabolcs Nagy
2022-10-26 15:15 Szabolcs Nagy
2022-10-12 14:16 Szabolcs Nagy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).