The instruction encoding that would be "br %r0" is not actually a
branch to r0, but instead a nop/memory-barrier. gcc 14 has been found
to choose r0 for the "r"(pc) constraint, breaking CRTJMP.
This patch adjusts the inline assembly constraints and marks "pc" as
address ("a"), which disallows usage of r0.
the bits file is retained, but as a single generic version, to allow
for the unlikely future possibility of letting a new arch define
something differently.
previously, only a few archs defined it here. this change makes the
presence consistent across all archs, and reduces the amount of header
duplication (and potential for future inconsistency) between archs.
this change is purely to document that they are the same in
preparation to remove the arch-specific headers for these archs and
replace them with a generic version that matches riscv32 and can be
shared by these and all future archs.
- add mount_setattr from linux v5.12
- add epoll_pwait2 from linux v5.11
- add process_madvise from linux v5.10
- add __NR_faccessat2 from linux v5.8
- add pidfd_getfd and openat2 syscall numbers from linux v5.6
- add clone3 syscall number from linux v5.3
- add process_mrelease from linux v5.15
- add futex_waitv from linux v5.16
- add set_mempolicy_home_node from linux v5.17
- add cachestat from linux v6.4
- add __NR_fchmodat2 from linux v6.6
despite riscv32 being natively time64, the IPC_TIME64 bit (0x100) is
set in IPC_STAT and derived command macros, differentiating their
values from the raw command values used to interface with the kernel.
this reflects that the kernel ipc structure types are not natively
time64, but have broken-down hi/lo fields that cannot be used in-place
and require translation, and that the userspace struct types differ
from the kernel types (relevant to things like strace).
These are mostly copied from riscv64. _Addr and _Reg had to become int
to match compiler-controlled parts of the ABI (result type of sizeof,
etc.). There is no kernel stat struct; the userspace stat matches
glibc in the sizes and offsets of all fields (including glibc's
__dev_t __pad1). The jump buffer is 12 words larger to account for 12
saved double-precision floats; additionally it should be 64-bit
aligned to save doubles.
The syscall list was significantly revised by deleting all time32 and
pre-statx syscalls, and renaming several syscalls that have different
names depending on __BITS_PER_LONG, notably mmap2 and _llseek.
futex was added as an alias to futex_time64 since it is widely used by
software which does not pass time arguments.
user_regs_struct and user_fp_struct were missing from the initial
commit of the port.
the union type for elf_fpreg_t and the new value of ELF_NFPREG are
made consistent with glibc.
the linux fchmodat syscall lacks a flag argument that is necessary to
implement the posix api, see
linux commit 09da082b07bbae1c11d9560c8502800039aebcea
fs: Add fchmodat2()
linux commit 78252deb023cf0879256fcfbafe37022c390762b
arch: Register fchmodat2, usually as syscall 452
see
linux commit cf264e1329fb0307e044f7675849f9f38b44c11a
cachestat: implement cachestat syscall
linux commit 946e697c69ffeeefdd84dad90eac307284df46be
cachestat: wire up cachestat for other architectures
see
linux commit c6018b4b254971863bd0ad36bb5e7d0fa0f0ddb0
mm/mempolicy: add set_mempolicy_home_node syscall
linux commit 21b084fdf2a49ca1634e8e360e9ab6f9ff0dee11
mm/mempolicy: wire up syscall set_mempolicy_home_node
see
linux commit 039c0ec9bb77446d7ada7f55f90af9299b28ca49
futex,x86: Wire up sys_futex_waitv()
linux commit ea7c45fde5aa3e761aaddb7902a31a95cb120e7b
futex,arm: Wire up sys_futex_waitv()
linux commit b3ff2881ba18b852f79f5476d7631940071f1adb
MIPS: syscalls: Wire up futex_waitv syscall
linux commit 6c122360cf2f4c5a856fcbd79b4485b7baec942a
s390: wire up sys_futex_waitv system call
linux commit a0eb2da92b715d0c97b96b09979689ea09faefe6
futex: Wireup futex_waitv syscall
see
linux commit 884a7e5964e06ed93c7771c0d7cf19c09a8946f1
mm: introduce process_mrelease system call
linux commit dce49103962840dd61423d7627748d6c558d58c5
mm: wire up syscall process_mrelease
see
linux commit 7bb7f2ac24a028b20fca466b9633847b289b156a
arch, mm: wire up memfd_secret system call where relevant
linux commit 1507f51255c9ff07d75909a84e7c0d7f3c4b2f49
mm: introduce memfd_secret system call to create "secret" memory areas
linux commit b633896314c0f78f2b4eb7b19a530d68f2a35445
tools headers UAPI: Sync s390 syscall table file that wires up the
memfd_secret syscall
we wrongly defined a dummy SA_RESTORER flag on these archs, despite
the kernel interface not actually having such a feature. on archs
which lack SA_RESTORER, the kernel sigaction structure also lacks the
restorer function pointer member, which means the signal mask appears
at a different offset. the kernel was thereby interpreting the bits of
the code address as part of the signal set to be masked while handling
the signal.
this patch removes the erroneous SA_RESTORER definitions from archs
which do not have it, makes access to the member conditional on
whether SA_RESTORER is defined for the arch, and removes the
now-unused asm for the affected archs.
because there are reportedly versions of qemu-user which also use the
wrong ABI here, the old ksigaction struct size is preserved with an
unused member at the end. this is harmless and mitigates the risk of
such a bug turning into a buffer overflow onto the sigaction
function's stack.
mips has its own mechanisms for DT_DEBUG because it makes _DYNAMIC
read-only, and the original mechanism, DT_MIPS_RLD_MAP, was
PIE-incompatible. DT_MIPS_RLD_MAP_REL was added to remedy this, but we
never implemented support for it. add it now using the same idioms for
mips-specific ldso logic.
commit 4486c579cb disabled vdso
clock_gettime on arm due to a Linux kernel bug that was not understood
at the time, whereby the vdso function silently produced
catastrophically wrong results on some systems.
since then, the bug was tracked down to the way the arm kernel
disabled use of vdso clock_gettime on kernels where the necessary
timer was not available or was disabled. it simply patched out the
symbols, but it only did this for the legacy time32 functions, and
left the time64 function in place but non-operational. kernel commit
4405bdf3c57ec28d606bdf5325f1167505bfdcd4 (first present in 5.8)
provided the fix.
if this were a bug that impacted all users of the broken kernel
versions, we could probably ignore it and assume it had been patched
or replaced. however, it's very possible that these kernels appear in
the wild in devices running time32 userspace (glibc, musl 1.1.x, or
some other environment) where they appear to work fine, but where our
new binaries would fail catastrophically if we used the time64 vdso
function.
since the kernel has not (yet?) given us a way to probe for the
working time64 vdso function semantically, we work around the problem
by refusing to use the time64 one unless the time32 one is also
present. this will revert to not using vdso at all if the time32 one
is ever removed, but at least that's safe against wrong results and is
just a missed optimization.
sys/reg.h already had it right as 32, to which it was explicitly
changed when commit 664cd34192 derived
x32 from x86_64. but the copy exposed in sys/user.h was missed.
see
linux commit a49f4f81cb48925e8d7cbd9e59068f516e984144
arch: Wire up Landlock syscalls
linuxcommit 17ae69aba89dbfa2139b7f8024b757ab3cc42f59
Merge tag 'landlock_v34' of ... jmorris/linux-security
Landlock provides for unprivileged application sandboxing. The goal of
Landlock is to enable to restrict ambient rights (e.g. global filesystem
access) for a set of processes. Landlock is inspired by seccomp-bpf but
instead of filtering syscalls and their raw arguments, a Landlock rule
can restrict the use of kernel objects like file hierarchies, according
to the kernel semantic.
PTRACE_OLDSETOPTIONS is old, but it was missing, PTRACE_SYSEMU and
PTRACE_SYSEMU_SINGLESTEP are new, see
linux commit 56e62a73702836017564eaacd5212e4d0fa1c01d
s390: convert to generic entry
new syscall to change the properties of a mount or a mount tree using
file descriptors which the new mount api is based on, see
linux commit 2a1867219c7b27f928e2545782b86daaf9ad50bd
fs: add mount_setattr()
see
linux commit b0a0c2615f6f199a656ed8549d7dce625d77aa77
epoll: wire up syscall epoll_pwait2
linux commit 58169a52ebc9a733aeb5bea857bc5daa71a301bb
epoll: add syscall epoll_pwait2
epoll_wait with struct timespec timeout instead of int. no time32 variant.
When the soft-float ABI for PowerPC was added in commit
5a92dd95c7, with Freescale cpus using
the alternative SPE FPU as the main use case, it was noted that we
could probably support hard float on them, but that it would involve
determining some difficult ABI constraints. This commit is the
completion of that work.
The Power-Arch-32 ABI supplement defines the ABI profiles, and indeed
ATR-SPE is built on ATR-SOFT-FLOAT. But setjmp/longjmp compatibility
are problematic for the same reason they're problematic on ARM, where
optional float-related parts of the register file are "call-saved if
present". This requires testing __hwcap, which is now done.
In keeping with the existing powerpc-sf subarch definition, which did
not have fenv, the fenv macros are not defined for SPE and the SPEFSCR
control register is left (and assumed to start in) the default mode.
commit 6d99ad91e8 introduced this
regression as part of a larger change, based on an incorrect
assumption that rdhwr being part of the mips r2 ISA level meant that
the TLS register, known in the mips documentation as UserLocal, was
unconditionally present on chips providing this ISA level and would
not need trap-and-emulate. this turns out to be false.
based on research by Stanislav Kljuhhin and Abilio Marques, who
reported the problem as a performance regression on certain routers
using OpenWRT vs older uclibc-based versions, it turns out the mips
manuals document the UserLocal register as a feature that might or
might not be implemented or enabled, reflected by a cpu capability bit
in the CONFIG3 register, and that Linux checks for this and has to
explicitly enable it on models that have it.
thus, it's indeed possible that r2+ chips can lack the feature,
bringing us back to the situation where Linux only has a fast
trap-and-emulate path for the case where the destination register is
$3. so, always read the thread pointer through $3. this may incur a
gratuitous move to the desired final register on chips where it's not
needed, but it really doesn't matter.
the kernel structure has padding of the shm_segsz member up to 64
bits, as well as 2 unused longs at the end. somehow that was
overlooked when the powerpc port was added, and it has been broken
ever since; applications compiled with the wrong definition do not
correctly see the shm_segsz, shm_cpid, and shm_lpid members.
fixing the definition just by adding the missing padding would break
the ABI size of the structure as well as the position of the time64
shm_atime and shm_dtime members we added at the end. instead, just
move one of the unused padding members from the original end (before
time64) of the structure to the position of the missing padding. this
preserves size and preserves correct behavior of any compiled code
that was already working. programs affected by the wrong definition
need to be recompiled with the correct one.
mainly added to linux to allow a central process management service in
android to give MADV_COLD|PAGEOUT hints for other processes, see
linux commit ecb8ac8b1f146915aa6b96449b66dd48984caacc
mm/madvise: introduce process_madvise() syscall: an external memory
hinting API
