This commit replaces the use of __CHERI__ macro with __has_feature(capabilities) similar to CheriBSD. Recent CHERI-LLVM (morello/dev), changes the assumption about __CHERI__, and only defines it for purecap code, while adding a new __CHERI_HYBRID__ define. __has_feature(capabilities) is 1:1 mapped to the older __CHERI__ behaviour as it is defined for either hybrid or purecap code. Future efforts to support purecap kernels will have to revisit this assumption especially if both hybrid and purecap kernels are going to be supported in the same codebase.

__has_feature is always defined in Clang and recent GCC toolchain from GCC 14, but not older. This commit will break this Linux build if attempted to build with older GCC.

Signed-off-by: Hesham Almatary Hesham.Almatary@cl.cam.ac.uk --- Documentation/cheri/pcuabi.rst | 88 +++++++++++------------ arch/arm64/include/uapi/asm/posix_types.h | 2 +- include/linux/cheri.h | 4 +- include/linux/compiler_types.h | 2 +- include/linux/types.h | 2 +- lib/cheri.c | 4 +- lib/test_printf.c | 2 +- lib/vsprintf.c | 14 ++-- 8 files changed, 59 insertions(+), 59 deletions(-)

diff --git a/Documentation/cheri/pcuabi.rst b/Documentation/cheri/pcuabi.rst index a8a9a105c9e9..fea2c35afb79 100644 --- a/Documentation/cheri/pcuabi.rst +++ b/Documentation/cheri/pcuabi.rst @@ -142,54 +142,54 @@ kernel is built to support PCuABI. The table below provides the *representation* of various types **in the kernel** on a 64-bit architecture, depending on the supported user ABI:

-+----------------------------------+------------------+----------------+--------------------------------------------------------------------------+ -| Type | Traditional uABI | PCuABI | Notes | -+==================================+==================+================+==========================================================================+ -| ``void *`` | 64-bit integer | 64-bit integer | | -+----------------------------------+------------------+----------------+--------------------------------------------------------------------------+ -| ``uintptr_t`` | 64-bit integer | 64-bit integer | | -+----------------------------------+------------------+----------------+--------------------------------------------------------------------------+ -| | ``(unsigned) long`` | 64-bit integer | 64-bit integer | ``ptraddr_t`` is a new generic type that represents an address. | -| | ``(unsigned) long long`` | | | | -| | ``ptraddr_t`` | | | | -+----------------------------------+------------------+----------------+--------------------------------------------------------------------------+ -| ``void __user *`` | 64-bit integer | Capability | | -+----------------------------------+------------------+----------------+--------------------------------------------------------------------------+ -| ``user_uintptr_t`` | 64-bit integer | Capability | Represented as ``uintcap_t`` in PCuABI, see below. | -+----------------------------------+------------------+----------------+--------------------------------------------------------------------------+ -| | ``__kernel_uintptr_t`` | 64-bit integer | Capability | * Represented as ``uintcap_t`` in PCuABI, see below. | -| | ``__kernel_aligned_uintptr_t`` | | | * At least 64-bit regardless of the ABI. | -+----------------------------------+------------------+----------------+--------------------------------------------------------------------------+ -| | ``void __capability *`` | Capability | Capability | Only available on CHERI-enabled architectures (``__CHERI__`` defined). | -| | ``void * __capability`` | | | | -+----------------------------------+------------------+----------------+--------------------------------------------------------------------------+ -| ``uintcap_t`` | Capability | Capability | * Only available on CHERI-enabled architectures (``__CHERI__`` defined). | -| | | | * Represented as a capability, but otherwise behaves as a 64-bit integer | -| | | | (when performing arithmetic, converting to other integer types, etc.). | -+----------------------------------+------------------+----------------+--------------------------------------------------------------------------+ ++----------------------------------+------------------+----------------+------------------------------------------------------------------------------------+ +| Type | Traditional uABI | PCuABI | Notes | ++==================================+==================+================+====================================================================================+ +| ``void *`` | 64-bit integer | 64-bit integer | | ++----------------------------------+------------------+----------------+------------------------------------------------------------------------------------+ +| ``uintptr_t`` | 64-bit integer | 64-bit integer | | ++----------------------------------+------------------+----------------+------------------------------------------------------------------------------------+ +| | ``(unsigned) long`` | 64-bit integer | 64-bit integer | ``ptraddr_t`` is a new generic type that represents an address. | +| | ``(unsigned) long long`` | | | | +| | ``ptraddr_t`` | | | | ++----------------------------------+------------------+----------------+------------------------------------------------------------------------------------+ +| ``void __user *`` | 64-bit integer | Capability | | ++----------------------------------+------------------+----------------+------------------------------------------------------------------------------------+ +| ``user_uintptr_t`` | 64-bit integer | Capability | Represented as ``uintcap_t`` in PCuABI, see below. | ++----------------------------------+------------------+----------------+------------------------------------------------------------------------------------+ +| | ``__kernel_uintptr_t`` | 64-bit integer | Capability | * Represented as ``uintcap_t`` in PCuABI, see below. | +| | ``__kernel_aligned_uintptr_t`` | | | * At least 64-bit regardless of the ABI. | ++----------------------------------+------------------+----------------+------------------------------------------------------------------------------------+ +| | ``void __capability *`` | Capability | Capability | Only available on CHERI-enabled architectures (``__has_feature(capabilities)``). | +| | ``void * __capability`` | | | | ++----------------------------------+------------------+----------------+------------------------------------------------------------------------------------+ +| ``uintcap_t`` | Capability | Capability | * Only available on CHERI-enabled architectures (``__has_feature(capabilities)``). | +| | | | * Represented as a capability, but otherwise behaves as a 64-bit integer | +| | | | (when performing arithmetic, converting to other integer types, etc.). | ++----------------------------------+------------------+----------------+------------------------------------------------------------------------------------+

For reference, the table below provides the representation of relevant types **in userspace**, depending on the chosen ABI:

-+----------------------------------+-----------------+---------------------+------------------------------------------------------------------------+ -| Type | Traditional ABI | Pure-capability ABI | Notes | -+==================================+=================+=====================+========================================================================+ -| ``void *`` | 64-bit integer | Capability | | -+----------------------------------+-----------------+---------------------+------------------------------------------------------------------------+ -| ``uintptr_t`` | 64-bit integer | Capability | Represented as ``uintcap_t`` in purecap. | -+----------------------------------+-----------------+---------------------+------------------------------------------------------------------------+ -| | ``(unsigned) long`` | 64-bit integer | 64-bit integer | | -| | ``(unsigned) long long`` | | | | -| | ``ptraddr_t`` | | | | -+----------------------------------+-----------------+---------------------+------------------------------------------------------------------------+ -| | ``__kernel_uintptr_t`` | 64-bit integer | Capability | * Represented as ``uintcap_t`` in purecap. | -| | ``__kernel_aligned_uintptr_t`` | | | * At least 64-bit regardless of the ABI. | -+----------------------------------+-----------------+---------------------+------------------------------------------------------------------------+ -| | ``void __capability *`` | Capability | Capability | Only available on CHERI-enabled architectures (``__CHERI__`` defined). | -| | ``void * __capability`` | | | | -+----------------------------------+-----------------+---------------------+------------------------------------------------------------------------+ -| ``uintcap_t`` | Capability | Capability | Only available on CHERI-enabled architectures (``__CHERI__`` defined). | -+----------------------------------+-----------------+---------------------+------------------------------------------------------------------------+ ++----------------------------------+-----------------+---------------------+----------------------------------------------------------------------------------+ +| Type | Traditional ABI | Pure-capability ABI | Notes | ++==================================+=================+=====================+==================================================================================+ +| ``void *`` | 64-bit integer | Capability | | ++----------------------------------+-----------------+---------------------+----------------------------------------------------------------------------------+ +| ``uintptr_t`` | 64-bit integer | Capability | Represented as ``uintcap_t`` in purecap. | ++----------------------------------+-----------------+---------------------+----------------------------------------------------------------------------------+ +| | ``(unsigned) long`` | 64-bit integer | 64-bit integer | | +| | ``(unsigned) long long`` | | | | +| | ``ptraddr_t`` | | | | ++----------------------------------+-----------------+---------------------+----------------------------------------------------------------------------------+ +| | ``__kernel_uintptr_t`` | 64-bit integer | Capability | * Represented as ``uintcap_t`` in purecap. | +| | ``__kernel_aligned_uintptr_t`` | | | * At least 64-bit regardless of the ABI. | ++----------------------------------+-----------------+---------------------+----------------------------------------------------------------------------------+ +| | ``void __capability *`` | Capability | Capability | Only available on CHERI-enabled architectures (``__has_feature(capabilities)``). | +| | ``void * __capability`` | | | | ++----------------------------------+-----------------+---------------------+----------------------------------------------------------------------------------+ +| ``uintcap_t`` | Capability | Capability | Only available on CHERI-enabled architectures (``__has_feature(capabilities)``). | ++----------------------------------+-----------------+---------------------+----------------------------------------------------------------------------------+

For more information about user pointers and related conversions, please refer to the `user pointer documentation`_. diff --git a/arch/arm64/include/uapi/asm/posix_types.h b/arch/arm64/include/uapi/asm/posix_types.h index aafe38f9510a..4d75957977e7 100644 --- a/arch/arm64/include/uapi/asm/posix_types.h +++ b/arch/arm64/include/uapi/asm/posix_types.h @@ -6,7 +6,7 @@ typedef unsigned short __kernel_old_uid_t; typedef unsigned short __kernel_old_gid_t; #define __kernel_old_uid_t __kernel_old_uid_t

-#ifdef __CHERI__ +#if __has_feature(capabilities) typedef __uintcap_t __kernel_uintcap_t; #else typedef __uint128_t __kernel_uintcap_t; diff --git a/include/linux/cheri.h b/include/linux/cheri.h index e5f588b056ad..641c9fc501fa 100644 --- a/include/linux/cheri.h +++ b/include/linux/cheri.h @@ -2,7 +2,7 @@ #ifndef _LINUX_CHERI_H #define _LINUX_CHERI_H

-#ifdef __CHERI__ +#if __has_feature(capabilities)

#include <cheriintrin.h>

@@ -129,6 +129,6 @@ extern uintcap_t cheri_user_root_seal_cap; /* Userspace sealing root */ extern uintcap_t cheri_user_root_cid_cap; /* Userspace compartment ID root */ extern uintcap_t cheri_user_root_allperms_cap; /* Userspace root (all permissions) */

-#endif /* __CHERI__ */ +#endif /* __has_feature(capabilities) */

#endif /* _LINUX_CHERI_H */ diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h index 9718113906c1..f67fc7b9de1a 100644 --- a/include/linux/compiler_types.h +++ b/include/linux/compiler_types.h @@ -406,7 +406,7 @@ struct ftrace_likely_data { default: (x)))

/* Is this type a native word size -- useful for atomic operations */ -#ifdef __CHERI__ +#if __has_feature(capabilities) #define __native_word(t) \ (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || \ sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long) || \ diff --git a/include/linux/types.h b/include/linux/types.h index c1e3c406aa3e..751c471cca50 100644 --- a/include/linux/types.h +++ b/include/linux/types.h @@ -73,7 +73,7 @@ typedef __PTRADDR_TYPE__ ptraddr_t; typedef unsigned long ptraddr_t; #endif

-#ifdef __CHERI__ +#if __has_feature(capabilities) typedef __uintcap_t uintcap_t; #endif

diff --git a/lib/cheri.c b/lib/cheri.c index c308a2c75559..3f55899842c7 100644 --- a/lib/cheri.c +++ b/lib/cheri.c @@ -1,5 +1,5 @@ /* SPDX-License-Identifier: GPL-2.0-only */ -#ifdef __CHERI__ +#if __has_feature(capabilities)

#include <linux/bug.h> #include <linux/cheri.h> @@ -70,4 +70,4 @@ bool cheri_check_cap(const void * __capability cap, size_t len, return true; }

-#endif /* __CHERI__ */ +#endif /* __has_feature(capabilities) */ diff --git a/lib/test_printf.c b/lib/test_printf.c index 49cefbfbb742..1fb10c440580 100644 --- a/lib/test_printf.c +++ b/lib/test_printf.c @@ -784,7 +784,7 @@ errptr(void) static void __init capability_pointer(void) { -#ifdef __CHERI__ +#if __has_feature(capabilities) enum action { /* No action - use as is */ CAP_AXN_NONE, diff --git a/lib/vsprintf.c b/lib/vsprintf.c index 1a2a01843775..e14e459f2e41 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -440,7 +440,7 @@ enum format_type { FORMAT_TYPE_INT, FORMAT_TYPE_SIZE_T, FORMAT_TYPE_PTRDIFF, -#ifdef __CHERI__ +#if __has_feature(capabilities) FORMAT_TYPE_CAPABILITY, #endif }; @@ -2510,7 +2510,7 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, } }

-#ifdef __CHERI__ +#if __has_feature(capabilities) /* * Support for printing capabilities with %[#]lp[x] format. * It stands slightly in contradiction to kernel extensions @@ -2679,7 +2679,7 @@ char *capability(const char *fmt, char *buf, char *end, void * __capability cap,

#undef update_buf_single } -#endif /* __CHERI__ */ +#endif /* __has_feature(capabilities) */

/* * Helper function to decode printf style format. @@ -2817,7 +2817,7 @@ int format_decode(const char *fmt, struct printf_spec *spec)

case 'p': spec->type = FORMAT_TYPE_PTR; -#ifdef __CHERI__ +#if __has_feature(capabilities) if (qualifier == 'l') spec->type = FORMAT_TYPE_CAPABILITY; #endif @@ -3016,7 +3016,7 @@ int vsnprintf(char *buf, size_t size, const char *fmt, va_list args) *str = '%'; ++str; break; -#ifdef __CHERI__ +#if __has_feature(capabilities) case FORMAT_TYPE_CAPABILITY: str = capability(fmt, str, end, va_arg(args, void * __capability), @@ -3344,7 +3344,7 @@ int vbin_printf(u32 *bin_buf, size_t size, const char *fmt, va_list args) while (isalnum(*fmt)) fmt++; break; -#ifdef __CHERI__ +#if __has_feature(capabilities) case FORMAT_TYPE_CAPABILITY: /* * Capabilities shall be handled now: subject to @@ -3543,7 +3543,7 @@ int bstr_printf(char *buf, size_t size, const char *fmt, const u32 *bin_buf) fmt++; break; } -#ifdef __CHERI__ +#if __has_feature(capabilities) case FORMAT_TYPE_CAPABILITY: if (str < end) { long length = strlen(args);