According to the ELF spec:
"Each element of this array is a pointer to a function to be executed
by the dynamic linker."
"Note that the address of a function need not be the same as a pointer
to a function as defined by the processor supplement."
so these should be accessed via uintptr_t type instead of ElfW(Addr).
The base should be 0, but also a valid capability. Initialize to a zero
capability instead of relying on AT_BASE.
TODO: this is a hack. we will need stricter bounds and possibly separate
l_addr and bounds info.
l_addr should be a capability on Morello. This is synchronized with the
same variable in gdb.
Use elfptr_t when ElfW(Addr) represents a runtime pointer that may be
dereferenced.
morello purecap gcc in some cases inlines 16byte memcpy as a capability
load, which is wrong if the source or dest may be unaligned.
stack guard only needs random for the address portion since only that
part is compared, so 8 byte is enough with 64 bit addresses, but the
current code is only right on little endian systems.
TODO: drop when gcc is fixed
Pointer mangling cannot be supported on capability architectures.
And there is not enough bytes in dl_random for 128 bit pointers.
Stack guard is still loaded from dl_random: stack protection is
unlikely to be useful on a capability architecture, but it works.
Purecap ABI versions of start.S, crti.S and crtn.S.
TODO: must not use ddc but caps from auxv
TODO: start.S: dynamic linked case is now detected by x0 != 0 (ld.so passes
__rtld_fini there), but the value of c0 on entry is not abi, just that
it has to be passed back to the libc start code in c5, so ideally the
linker should be fixed to reliably emit __rela_dyn_start when a static
exe must self relocate.
New file containing the capability permission bits.
The capability permission bits are defined in the Arm Architecture
Reference Manual Suplement- Morello for A-Profile Architecture:
https://developer.arm.com/documentation/ddi0606/latest
Current clone_args does not support 128 bit pointers.
TODO: the fix is incomplete (missing clone3 abi checks) and has to be
aligned with purecap clone3 struct layout.
In fcntl va_arg is currently used even if the caller did not pass
any variadic arguments. This is undefined behaviour and does not
work with the Morello purecap ABI, so use a helper macro.
When the argument is missing, the result of the helper macro is
arbitrary as it will be ignored by the kernel, we just have to
ensure it does not cause a runtime crash.
The CHERI pure capability programming model for C requires special
definition of {u}intptr_t.
Only the pure capability model is supported for hosted compilation,
but for freestanding compilation there is limited support for other
(hybrid capability) programming models too, which require new
{u}intcap_t type definitions.
Provide separate directories for lp64 and purecap abi related sysdep
functionality.
purecap may be better name than morello, but we started with morello
and that is more future compatible with alternative cheri-like
extensions on top of aarch64.
aarch64-linux-gnu compiler is a lp64,purecap multilib gcc and
supported glibc variants:
aarch64-linux-gnu
aarch64-linux-gnu-purecap
aarch64-linux-gnu-purecap-nopie
aarch64-linux-gnu_purecap compiler is a default purecap gcc, with
supported glibc variants:
aarch64-linux-gnu_purecap
aarch64-linux-gnu_purecap-nopie
purecap libgomp and libitm builds fail so disabled for now.
