[Headers] Skip IRELATIVE-style caprelocs in cheri_init_globals.h

jrtc27 · jrtc27 · commit 5420041b29ad · 2025-08-05T22:53:17.000+01:00
This requires the run time to opt in though so we don't silently leave
IRELATIVE capabilities uninitialised.
diff --git a/clang/lib/Headers/cheri_init_globals.h b/clang/lib/Headers/cheri_init_globals.h
@@ -39,6 +39,7 @@ extern "C" {
 #define CHERI_INIT_GLOBALS_VERSION 5
 #define CHERI_INIT_GLOBALS_NUM_ARGS 7
 #define CHERI_INIT_GLOBALS_SUPPORTS_CONSTANT_FLAG 1
+#define CHERI_INIT_GLOBALS_SUPPORTS_INDIRECT_FLAG 1
 
 struct capreloc {
   __SIZE_TYPE__ capability_location;
@@ -64,6 +65,8 @@ static const __SIZE_TYPE__ constant_pointer_permissions_mask =
 static const __SIZE_TYPE__ global_pointer_permissions_mask =
     ~(__SIZE_TYPE__)(__CHERI_CAP_PERMISSION_PERMIT_SEAL__ |
                      __CHERI_CAP_PERMISSION_PERMIT_EXECUTE__);
+static const __SIZE_TYPE__ indirect_reloc_flag = (__SIZE_TYPE__)1
+                                                 << (__SIZE_WIDTH__ - 3);
 
 __attribute__((weak)) extern struct capreloc __start___cap_relocs[];
 __attribute__((weak)) extern struct capreloc __stop___cap_relocs[];
@@ -171,6 +174,18 @@ cheri_init_globals_impl(const struct capreloc *start_relocs,
             data_cap, reloc->capability_location + base_addr);
     const void *__capability base_cap;
     bool can_set_bounds = true;
+    if (reloc->permissions == (function_reloc_flag | indirect_reloc_flag)) {
+        /*
+         * IRELATIVE-like caprelocs require deferred processing, with a
+         * target-specific set of parameters. Trap if the caller doesn't
+         * support that, as we can't do anything here, otherwise skip.
+         */
+#ifdef CHERI_INIT_GLOBALS_ALLOW_IFUNCS
+        continue;
+#else
+        __builtin_trap();
+#endif
+    }
     if (reloc->permissions == function_reloc_flag) {
       base_cap = code_cap; /* code pointer */
       /* Do not set tight bounds for functions (unless we are in the plt ABI) */
