€•š      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ"/translations/zh_CN/arch/arm64/gcs”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ"/translations/zh_TW/arch/arm64/gcs”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ"/translations/it_IT/arch/arm64/gcs”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ"/translations/ja_JP/arch/arm64/gcs”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ"/translations/ko_KR/arch/arm64/gcs”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ"/translations/sp_SP/arch/arm64/gcs”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ/Guarded Control Stack support for AArch64 Linux”h]”hŒ/Guarded Control Stack support for AArch64 Linux”…””}”(hh¨hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hh£hžhhŸŒ</var/lib/git/docbuild/linux/Documentation/arch/arm64/gcs.rst”h KubhŒ	paragraph”“”)”}”(hŒ“This document outlines briefly the interface provided to userspace by Linux in
order to support use of the ARM Guarded Control Stack (GCS) feature.”h]”hŒ“This document outlines briefly the interface provided to userspace by Linux in
order to support use of the ARM Guarded Control Stack (GCS) feature.”…””}”(hh¹hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¸)”}”(hŒdThis is an outline of the most important features and issues only and not
intended to be exhaustive.”h]”hŒdThis is an outline of the most important features and issues only and not
intended to be exhaustive.”…””}”(hhÇhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¢)”}”(hhh]”(h§)”}”(hŒ1.  General”h]”hŒ1.  General”…””}”(hhØhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hhÕhžhhŸh¶h KubhŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒÜGCS is an architecture feature intended to provide greater protection
against return oriented programming (ROP) attacks and to simplify the
implementation of features that need to collect stack traces such as
profiling.
”h]”h¸)”}”(hŒÛGCS is an architecture feature intended to provide greater protection
against return oriented programming (ROP) attacks and to simplify the
implementation of features that need to collect stack traces such as
profiling.”h]”hŒÛGCS is an architecture feature intended to provide greater protection
against return oriented programming (ROP) attacks and to simplify the
implementation of features that need to collect stack traces such as
profiling.”…””}”(hhñhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khhíubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubhì)”}”(hXN  When GCS is enabled a separate guarded control stack is maintained by the
PE which is writeable only through specific GCS operations.  This
stores the call stack only, when a procedure call instruction is
performed the current PC is pushed onto the GCS and on RET the
address in the LR is verified against that on the top of the GCS.
”h]”h¸)”}”(hXM  When GCS is enabled a separate guarded control stack is maintained by the
PE which is writeable only through specific GCS operations.  This
stores the call stack only, when a procedure call instruction is
performed the current PC is pushed onto the GCS and on RET the
address in the LR is verified against that on the top of the GCS.”h]”hXM  When GCS is enabled a separate guarded control stack is maintained by the
PE which is writeable only through specific GCS operations.  This
stores the call stack only, when a procedure call instruction is
performed the current PC is pushed onto the GCS and on RET the
address in the LR is verified against that on the top of the GCS.”…””}”(hj	  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubhì)”}”(hŒ¦When active the current GCS pointer is stored in the system register
GCSPR_EL0.  This is readable by userspace but can only be updated
via specific GCS instructions.
”h]”h¸)”}”(hŒ¥When active the current GCS pointer is stored in the system register
GCSPR_EL0.  This is readable by userspace but can only be updated
via specific GCS instructions.”h]”hŒ¥When active the current GCS pointer is stored in the system register
GCSPR_EL0.  This is readable by userspace but can only be updated
via specific GCS instructions.”…””}”(hj!  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubhì)”}”(hŒžThe architecture provides instructions for switching between guarded
control stacks with checks to ensure that the new stack is a valid
target for switching.
”h]”h¸)”}”(hŒThe architecture provides instructions for switching between guarded
control stacks with checks to ensure that the new stack is a valid
target for switching.”h]”hŒThe architecture provides instructions for switching between guarded
control stacks with checks to ensure that the new stack is a valid
target for switching.”…””}”(hj9  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj5  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubhì)”}”(hŒ®The functionality of GCS is similar to that provided by the x86 Shadow
Stack feature, due to sharing of userspace interfaces the ABI refers to
shadow stacks rather than GCS.
”h]”h¸)”}”(hŒ­The functionality of GCS is similar to that provided by the x86 Shadow
Stack feature, due to sharing of userspace interfaces the ABI refers to
shadow stacks rather than GCS.”h]”hŒ­The functionality of GCS is similar to that provided by the x86 Shadow
Stack feature, due to sharing of userspace interfaces the ABI refers to
shadow stacks rather than GCS.”…””}”(hjQ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K#hjM  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubhì)”}”(hŒYSupport for GCS is reported to userspace via HWCAP_GCS in the aux vector
AT_HWCAP entry.
”h]”h¸)”}”(hŒXSupport for GCS is reported to userspace via HWCAP_GCS in the aux vector
AT_HWCAP entry.”h]”hŒXSupport for GCS is reported to userspace via HWCAP_GCS in the aux vector
AT_HWCAP entry.”…””}”(hji  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K'hje  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubhì)”}”(hŒuGCS is enabled per thread.  While there is support for disabling GCS
at runtime this should be done with great care.
”h]”h¸)”}”(hŒtGCS is enabled per thread.  While there is support for disabling GCS
at runtime this should be done with great care.”h]”hŒtGCS is enabled per thread.  While there is support for disabling GCS
at runtime this should be done with great care.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K*hj}  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubhì)”}”(hŒFGCS memory access faults are reported as normal memory access faults.
”h]”h¸)”}”(hŒEGCS memory access faults are reported as normal memory access faults.”h]”hŒEGCS memory access faults are reported as normal memory access faults.”…””}”(hj™  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K-hj•  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubhì)”}”(hŒ‡GCS specific errors (those reported with EC 0x2d) will be reported as
SIGSEGV with a si_code of SEGV_CPERR (control protection error).
”h]”h¸)”}”(hŒ†GCS specific errors (those reported with EC 0x2d) will be reported as
SIGSEGV with a si_code of SEGV_CPERR (control protection error).”h]”hŒ†GCS specific errors (those reported with EC 0x2d) will be reported as
SIGSEGV with a si_code of SEGV_CPERR (control protection error).”…””}”(hj±  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K/hj­  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubhì)”}”(hŒ#GCS is supported only for AArch64.
”h]”h¸)”}”(hŒ"GCS is supported only for AArch64.”h]”hŒ"GCS is supported only for AArch64.”…””}”(hjÉ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K2hjÅ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubhì)”}”(hŒzOn systems where GCS is supported GCSPR_EL0 is always readable by EL0
regardless of the GCS configuration for the thread.
”h]”h¸)”}”(hŒyOn systems where GCS is supported GCSPR_EL0 is always readable by EL0
regardless of the GCS configuration for the thread.”h]”hŒyOn systems where GCS is supported GCSPR_EL0 is always readable by EL0
regardless of the GCS configuration for the thread.”…””}”(hjá  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K4hjÝ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubhì)”}”(hŒ¥The architecture supports enabling GCS without verifying that return values
in LR match those in the GCS, the LR will be ignored.  This is not supported
by Linux.


”h]”h¸)”}”(hŒ¢The architecture supports enabling GCS without verifying that return values
in LR match those in the GCS, the LR will be ignored.  This is not supported
by Linux.”h]”hŒ¢The architecture supports enabling GCS without verifying that return values
in LR match those in the GCS, the LR will be ignored.  This is not supported
by Linux.”…””}”(hjù  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K7hjõ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhhèhžhhŸh¶h Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ*”uh1hæhŸh¶h KhhÕhžhubeh}”(h]”Œgeneral”ah ]”h"]”Œ
1. general”ah$]”h&]”uh1h¡hh£hžhhŸh¶h Kubh¢)”}”(hhh]”(h§)”}”(hŒ12.  Enabling and disabling Guarded Control Stacks”h]”hŒ12.  Enabling and disabling Guarded Control Stacks”…””}”(hj   hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj  hžhhŸh¶h K>ubhç)”}”(hhh]”(hì)”}”(hŒ¦GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS
prctl(), this takes a single flags argument specifying which GCS features
should be used.
”h]”h¸)”}”(hŒ¥GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS
prctl(), this takes a single flags argument specifying which GCS features
should be used.”h]”hŒ¥GCS is enabled and disabled for a thread via the PR_SET_SHADOW_STACK_STATUS
prctl(), this takes a single flags argument specifying which GCS features
should be used.”…””}”(hj5  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K@hj1  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒ´When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack
and enables GCS for the thread, enabling the functionality controlled by
GCSCRE0_EL1.{nTR, RVCHKEN, PCRSEL}.
”h]”h¸)”}”(hŒ³When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack
and enables GCS for the thread, enabling the functionality controlled by
GCSCRE0_EL1.{nTR, RVCHKEN, PCRSEL}.”h]”hŒ³When set PR_SHADOW_STACK_ENABLE flag allocates a Guarded Control Stack
and enables GCS for the thread, enabling the functionality controlled by
GCSCRE0_EL1.{nTR, RVCHKEN, PCRSEL}.”…””}”(hjM  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KDhjI  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒ‚When set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled
by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes.
”h]”h¸)”}”(hŒWhen set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled
by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes.”h]”hŒWhen set the PR_SHADOW_STACK_PUSH flag enables the functionality controlled
by GCSCRE0_EL1.PUSHMEn, allowing explicit GCS pushes.”…””}”(hje  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KHhja  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒšWhen set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled
by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack.
”h]”h¸)”}”(hŒ™When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled
by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack.”h]”hŒ™When set the PR_SHADOW_STACK_WRITE flag enables the functionality controlled
by GCSCRE0_EL1.STREn, allowing explicit stores to the Guarded Control Stack.”…””}”(hj}  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KKhjy  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒKAny unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL.
”h]”h¸)”}”(hŒJAny unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL.”h]”hŒJAny unknown flags will cause PR_SET_SHADOW_STACK_STATUS to return -EINVAL.”…””}”(hj•  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KNhj‘  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒÌPR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same
values as used for PR_SET_SHADOW_STACK_STATUS.  Any future changes to the
status of the specified GCS mode bits will be rejected.
”h]”h¸)”}”(hŒËPR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same
values as used for PR_SET_SHADOW_STACK_STATUS.  Any future changes to the
status of the specified GCS mode bits will be rejected.”h]”hŒËPR_LOCK_SHADOW_STACK_STATUS is passed a bitmask of features with the same
values as used for PR_SET_SHADOW_STACK_STATUS.  Any future changes to the
status of the specified GCS mode bits will be rejected.”…””}”(hj­  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KPhj©  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒzPR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows
userspace to prevent changes to any future features.
”h]”h¸)”}”(hŒyPR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows
userspace to prevent changes to any future features.”h]”hŒyPR_LOCK_SHADOW_STACK_STATUS allows any bit to be locked, this allows
userspace to prevent changes to any future features.”…””}”(hjÅ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KThjÁ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒMThere is no support for a process to remove a lock that has been set for
it.
”h]”h¸)”}”(hŒLThere is no support for a process to remove a lock that has been set for
it.”h]”hŒLThere is no support for a process to remove a lock that has been set for
it.”…””}”(hjÝ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KWhjÙ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒ’PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the
thread that called them, any other running threads will be unaffected.
”h]”h¸)”}”(hŒ‘PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the
thread that called them, any other running threads will be unaffected.”h]”hŒ‘PR_SET_SHADOW_STACK_STATUS and PR_LOCK_SHADOW_STACK_STATUS affect only the
thread that called them, any other running threads will be unaffected.”…””}”(hjõ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KZhjñ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒKNew threads inherit the GCS configuration of the thread that created them.
”h]”h¸)”}”(hŒJNew threads inherit the GCS configuration of the thread that created them.”h]”hŒJNew threads inherit the GCS configuration of the thread that created them.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K]hj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒGCS is disabled on exec().
”h]”h¸)”}”(hŒGCS is disabled on exec().”h]”hŒGCS is disabled on exec().”…””}”(hj%  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K_hj!  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒ¯The current GCS configuration for a thread may be read with the
PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that
are passed to PR_SET_SHADOW_STACK_STATUS.
”h]”h¸)”}”(hŒ®The current GCS configuration for a thread may be read with the
PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that
are passed to PR_SET_SHADOW_STACK_STATUS.”h]”hŒ®The current GCS configuration for a thread may be read with the
PR_GET_SHADOW_STACK_STATUS prctl(), this returns the same flags that
are passed to PR_SET_SHADOW_STACK_STATUS.”…””}”(hj=  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kahj9  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hŒôIf GCS is disabled for a thread after having previously been enabled then
the stack will remain allocated for the lifetime of the thread.  At present
any attempt to reenable GCS for the thread will be rejected, this may be
revisited in future.
”h]”h¸)”}”(hŒóIf GCS is disabled for a thread after having previously been enabled then
the stack will remain allocated for the lifetime of the thread.  At present
any attempt to reenable GCS for the thread will be rejected, this may be
revisited in future.”h]”hŒóIf GCS is disabled for a thread after having previously been enabled then
the stack will remain allocated for the lifetime of the thread.  At present
any attempt to reenable GCS for the thread will be rejected, this may be
revisited in future.”…””}”(hjU  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KehjQ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubhì)”}”(hX'  It should be noted that since enabling GCS will result in GCS becoming
active immediately it is not normally possible to return from the function
that invoked the prctl() that enabled GCS.  It is expected that the normal
usage will be that GCS is enabled very early in execution of a program.


”h]”h¸)”}”(hX$  It should be noted that since enabling GCS will result in GCS becoming
active immediately it is not normally possible to return from the function
that invoked the prctl() that enabled GCS.  It is expected that the normal
usage will be that GCS is enabled very early in execution of a program.”h]”hX$  It should be noted that since enabling GCS will result in GCS becoming
active immediately it is not normally possible to return from the function
that invoked the prctl() that enabled GCS.  It is expected that the normal
usage will be that GCS is enabled very early in execution of a program.”…””}”(hjm  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kjhji  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj.  hžhhŸh¶h Nubeh}”(h]”h ]”h"]”h$]”h&]”j  j  uh1hæhŸh¶h K@hj  hžhubeh}”(h]”Œ-enabling-and-disabling-guarded-control-stacks”ah ]”h"]”Œ02. enabling and disabling guarded control stacks”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K>ubh¢)”}”(hhh]”(h§)”}”(hŒ(3.  Allocation of Guarded Control Stacks”h]”hŒ(3.  Allocation of Guarded Control Stacks”…””}”(hj’  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj  hžhhŸh¶h Krubhç)”}”(hhh]”(hì)”}”(hŒœWhen GCS is enabled for a thread a new Guarded Control Stack will be
allocated for it of half the standard stack size or 2 gigabytes,
whichever is smaller.
”h]”h¸)”}”(hŒ›When GCS is enabled for a thread a new Guarded Control Stack will be
allocated for it of half the standard stack size or 2 gigabytes,
whichever is smaller.”h]”hŒ›When GCS is enabled for a thread a new Guarded Control Stack will be
allocated for it of half the standard stack size or 2 gigabytes,
whichever is smaller.”…””}”(hj§  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kthj£  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj   hžhhŸh¶h Nubhì)”}”(hŒ¯When a new thread is created by a thread which has GCS enabled then a
new Guarded Control Stack will be allocated for the new thread with
half the size of the standard stack.
”h]”h¸)”}”(hŒ®When a new thread is created by a thread which has GCS enabled then a
new Guarded Control Stack will be allocated for the new thread with
half the size of the standard stack.”h]”hŒ®When a new thread is created by a thread which has GCS enabled then a
new Guarded Control Stack will be allocated for the new thread with
half the size of the standard stack.”…””}”(hj¿  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kxhj»  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj   hžhhŸh¶h Nubhì)”}”(hŒóWhen a stack is allocated by enabling GCS or during thread creation then
the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will
be set to point to the address of this 0 value, this can be used to
detect the top of the stack.
”h]”h¸)”}”(hŒòWhen a stack is allocated by enabling GCS or during thread creation then
the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will
be set to point to the address of this 0 value, this can be used to
detect the top of the stack.”h]”hŒòWhen a stack is allocated by enabling GCS or during thread creation then
the top 8 bytes of the stack will be initialised to 0 and GCSPR_EL0 will
be set to point to the address of this 0 value, this can be used to
detect the top of the stack.”…””}”(hj×  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K|hjÓ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj   hžhhŸh¶h Nubhì)”}”(hŒ]Additional Guarded Control Stacks can be allocated using the
map_shadow_stack() system call.
”h]”h¸)”}”(hŒ\Additional Guarded Control Stacks can be allocated using the
map_shadow_stack() system call.”h]”hŒ\Additional Guarded Control Stacks can be allocated using the
map_shadow_stack() system call.”…””}”(hjï  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khjë  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj   hžhhŸh¶h Nubhì)”}”(hXæ  Stacks allocated using map_shadow_stack() can optionally have an end of
stack marker and cap placed at the top of the stack.  If the flag
SHADOW_STACK_SET_TOKEN is specified a cap will be placed on the stack,
if SHADOW_STACK_SET_MARKER is not specified the cap will be the top 8
bytes of the stack and if it is specified then the cap will be the next
8 bytes.  While specifying just SHADOW_STACK_SET_MARKER by itself is
valid since the marker is all bits 0 it has no observable effect.
”h]”h¸)”}”(hXå  Stacks allocated using map_shadow_stack() can optionally have an end of
stack marker and cap placed at the top of the stack.  If the flag
SHADOW_STACK_SET_TOKEN is specified a cap will be placed on the stack,
if SHADOW_STACK_SET_MARKER is not specified the cap will be the top 8
bytes of the stack and if it is specified then the cap will be the next
8 bytes.  While specifying just SHADOW_STACK_SET_MARKER by itself is
valid since the marker is all bits 0 it has no observable effect.”h]”hXå  Stacks allocated using map_shadow_stack() can optionally have an end of
stack marker and cap placed at the top of the stack.  If the flag
SHADOW_STACK_SET_TOKEN is specified a cap will be placed on the stack,
if SHADOW_STACK_SET_MARKER is not specified the cap will be the top 8
bytes of the stack and if it is specified then the cap will be the next
8 bytes.  While specifying just SHADOW_STACK_SET_MARKER by itself is
valid since the marker is all bits 0 it has no observable effect.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K„hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj   hžhhŸh¶h Nubhì)”}”(hŒ‹Stacks allocated using map_shadow_stack() must have a size which is a
multiple of 8 bytes larger than 8 bytes and must be 8 bytes aligned.
”h]”h¸)”}”(hŒŠStacks allocated using map_shadow_stack() must have a size which is a
multiple of 8 bytes larger than 8 bytes and must be 8 bytes aligned.”h]”hŒŠStacks allocated using map_shadow_stack() must have a size which is a
multiple of 8 bytes larger than 8 bytes and must be 8 bytes aligned.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KŒhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj   hžhhŸh¶h Nubhì)”}”(hŒrAn address can be specified to map_shadow_stack(), if one is provided then
it must be aligned to a page boundary.
”h]”h¸)”}”(hŒqAn address can be specified to map_shadow_stack(), if one is provided then
it must be aligned to a page boundary.”h]”hŒqAn address can be specified to map_shadow_stack(), if one is provided then
it must be aligned to a page boundary.”…””}”(hj7  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj3  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj   hžhhŸh¶h Nubhì)”}”(hŒÓWhen a thread is freed the Guarded Control Stack initially allocated for
that thread will be freed.  Note carefully that if the stack has been
switched this may not be the stack currently in use by the thread.

”h]”h¸)”}”(hŒÑWhen a thread is freed the Guarded Control Stack initially allocated for
that thread will be freed.  Note carefully that if the stack has been
switched this may not be the stack currently in use by the thread.”h]”hŒÑWhen a thread is freed the Guarded Control Stack initially allocated for
that thread will be freed.  Note carefully that if the stack has been
switched this may not be the stack currently in use by the thread.”…””}”(hjO  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K’hjK  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj   hžhhŸh¶h Nubeh}”(h]”h ]”h"]”h$]”h&]”j  j  uh1hæhŸh¶h Kthj  hžhubeh}”(h]”Œ$allocation-of-guarded-control-stacks”ah ]”h"]”Œ'3. allocation of guarded control stacks”ah$]”h&]”uh1h¡hh£hžhhŸh¶h Krubh¢)”}”(hhh]”(h§)”}”(hŒ4.  Signal handling”h]”hŒ4.  Signal handling”…””}”(hjt  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjq  hžhhŸh¶h K˜ubhç)”}”(hhh]”(hì)”}”(hŒ¹A new signal frame record gcs_context encodes the current GCS mode and
pointer for the interrupted context on signal delivery.  This will always
be present on systems that support GCS.
”h]”h¸)”}”(hŒ¸A new signal frame record gcs_context encodes the current GCS mode and
pointer for the interrupted context on signal delivery.  This will always
be present on systems that support GCS.”h]”hŒ¸A new signal frame record gcs_context encodes the current GCS mode and
pointer for the interrupted context on signal delivery.  This will always
be present on systems that support GCS.”…””}”(hj‰  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kšhj…  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj‚  hžhhŸh¶h Nubhì)”}”(hŒŽThe record contains a flag field which reports the current GCS configuration
for the interrupted context as PR_GET_SHADOW_STACK_STATUS would.
”h]”h¸)”}”(hŒThe record contains a flag field which reports the current GCS configuration
for the interrupted context as PR_GET_SHADOW_STACK_STATUS would.”h]”hŒThe record contains a flag field which reports the current GCS configuration
for the interrupted context as PR_GET_SHADOW_STACK_STATUS would.”…””}”(hj¡  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kžhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj‚  hžhhŸh¶h Nubhì)”}”(hŒVThe signal handler is run with the same GCS configuration as the interrupted
context.
”h]”h¸)”}”(hŒUThe signal handler is run with the same GCS configuration as the interrupted
context.”h]”hŒUThe signal handler is run with the same GCS configuration as the interrupted
context.”…””}”(hj¹  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K¡hjµ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj‚  hžhhŸh¶h Nubhì)”}”(hX  When GCS is enabled for the interrupted thread a signal handling specific
GCS cap token will be written to the GCS, this is an architectural GCS cap
with the token type (bits 0..11) all clear.  The GCSPR_EL0 reported in the
signal frame will point to this cap token.
”h]”h¸)”}”(hX
  When GCS is enabled for the interrupted thread a signal handling specific
GCS cap token will be written to the GCS, this is an architectural GCS cap
with the token type (bits 0..11) all clear.  The GCSPR_EL0 reported in the
signal frame will point to this cap token.”h]”hX
  When GCS is enabled for the interrupted thread a signal handling specific
GCS cap token will be written to the GCS, this is an architectural GCS cap
with the token type (bits 0..11) all clear.  The GCSPR_EL0 reported in the
signal frame will point to this cap token.”…””}”(hjÑ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K¤hjÍ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj‚  hžhhŸh¶h Nubhì)”}”(hŒEThe signal handler will use the same GCS as the interrupted context.
”h]”h¸)”}”(hŒDThe signal handler will use the same GCS as the interrupted context.”h]”hŒDThe signal handler will use the same GCS as the interrupted context.”…””}”(hjé  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K©hjå  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj‚  hžhhŸh¶h Nubhì)”}”(hŒöWhen GCS is enabled on signal entry a frame with the address of the signal
return handler will be pushed onto the GCS, allowing return from the signal
handler via RET as normal.  This will not be reported in the gcs_context in
the signal frame.

”h]”h¸)”}”(hŒôWhen GCS is enabled on signal entry a frame with the address of the signal
return handler will be pushed onto the GCS, allowing return from the signal
handler via RET as normal.  This will not be reported in the gcs_context in
the signal frame.”h]”hŒôWhen GCS is enabled on signal entry a frame with the address of the signal
return handler will be pushed onto the GCS, allowing return from the signal
handler via RET as normal.  This will not be reported in the gcs_context in
the signal frame.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K«hjý  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj‚  hžhhŸh¶h Nubeh}”(h]”h ]”h"]”h$]”h&]”j  j  uh1hæhŸh¶h Kšhjq  hžhubeh}”(h]”Œsignal-handling”ah ]”h"]”Œ4. signal handling”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K˜ubh¢)”}”(hhh]”(h§)”}”(hŒ5.  Signal return”h]”hŒ5.  Signal return”…””}”(hj&  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj#  hžhhŸh¶h K²ubh¸)”}”(hŒ%When returning from a signal handler:”h]”hŒ%When returning from a signal handler:”…””}”(hj4  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K´hj#  hžhubhç)”}”(hhh]”(hì)”}”(hŒ–If there is a gcs_context record in the signal frame then the GCS flags
and GCSPR_EL0 will be restored from that context prior to further
validation.
”h]”h¸)”}”(hŒ•If there is a gcs_context record in the signal frame then the GCS flags
and GCSPR_EL0 will be restored from that context prior to further
validation.”h]”hŒ•If there is a gcs_context record in the signal frame then the GCS flags
and GCSPR_EL0 will be restored from that context prior to further
validation.”…””}”(hjI  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K¶hjE  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhjB  hžhhŸh¶h Nubhì)”}”(hŒdIf there is no gcs_context record in the signal frame then the GCS
configuration will be unchanged.
”h]”h¸)”}”(hŒcIf there is no gcs_context record in the signal frame then the GCS
configuration will be unchanged.”h]”hŒcIf there is no gcs_context record in the signal frame then the GCS
configuration will be unchanged.”…””}”(hja  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kºhj]  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhjB  hžhhŸh¶h Nubhì)”}”(hŒ§If GCS is enabled on return from a signal handler then GCSPR_EL0 must
point to a valid GCS signal cap record, this will be popped from the
GCS prior to signal return.
”h]”h¸)”}”(hŒ¦If GCS is enabled on return from a signal handler then GCSPR_EL0 must
point to a valid GCS signal cap record, this will be popped from the
GCS prior to signal return.”h]”hŒ¦If GCS is enabled on return from a signal handler then GCSPR_EL0 must
point to a valid GCS signal cap record, this will be popped from the
GCS prior to signal return.”…””}”(hjy  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K½hju  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhjB  hžhhŸh¶h Nubhì)”}”(hŒÏIf the GCS configuration is locked when returning from a signal then any
attempt to change the GCS configuration will be treated as an error.  This
is true even if GCS was not enabled prior to signal entry.
”h]”h¸)”}”(hŒÎIf the GCS configuration is locked when returning from a signal then any
attempt to change the GCS configuration will be treated as an error.  This
is true even if GCS was not enabled prior to signal entry.”h]”hŒÎIf the GCS configuration is locked when returning from a signal then any
attempt to change the GCS configuration will be treated as an error.  This
is true even if GCS was not enabled prior to signal entry.”…””}”(hj‘  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÁhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhjB  hžhhŸh¶h Nubhì)”}”(hŒiGCS may be disabled via signal return but any attempt to enable GCS via
signal return will be rejected.

”h]”h¸)”}”(hŒgGCS may be disabled via signal return but any attempt to enable GCS via
signal return will be rejected.”h]”hŒgGCS may be disabled via signal return but any attempt to enable GCS via
signal return will be rejected.”…””}”(hj©  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÅhj¥  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhjB  hžhhŸh¶h Nubeh}”(h]”h ]”h"]”h$]”h&]”j  j  uh1hæhŸh¶h K¶hj#  hžhubeh}”(h]”Œsignal-return”ah ]”h"]”Œ5. signal return”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K²ubh¢)”}”(hhh]”(h§)”}”(hŒ6.  ptrace extensions”h]”hŒ6.  ptrace extensions”…””}”(hjÎ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjË  hžhhŸh¶h KÊubhç)”}”(hhh]”(hì)”}”(hŒWA new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and
PTRACE_SETREGSET.
”h]”h¸)”}”(hŒVA new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and
PTRACE_SETREGSET.”h]”hŒVA new regset NT_ARM_GCS is defined for use with PTRACE_GETREGSET and
PTRACE_SETREGSET.”…””}”(hjã  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÌhjß  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhjÜ  hžhhŸh¶h Nubhì)”}”(hŒ”The GCS mode, including enable and disable, may be configured via ptrace.
If GCS is enabled via ptrace no new GCS will be allocated for the thread.
”h]”h¸)”}”(hŒ“The GCS mode, including enable and disable, may be configured via ptrace.
If GCS is enabled via ptrace no new GCS will be allocated for the thread.”h]”hŒ“The GCS mode, including enable and disable, may be configured via ptrace.
If GCS is enabled via ptrace no new GCS will be allocated for the thread.”…””}”(hjû  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÏhj÷  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhjÜ  hžhhŸh¶h Nubhì)”}”(hŒ<Configuration via ptrace ignores locking of GCS mode bits.

”h]”h¸)”}”(hŒ:Configuration via ptrace ignores locking of GCS mode bits.”h]”hŒ:Configuration via ptrace ignores locking of GCS mode bits.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KÒhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhjÜ  hžhhŸh¶h Nubeh}”(h]”h ]”h"]”h$]”h&]”j  j  uh1hæhŸh¶h KÌhjË  hžhubeh}”(h]”Œptrace-extensions”ah ]”h"]”Œ6. ptrace extensions”ah$]”h&]”uh1h¡hh£hžhhŸh¶h KÊubh¢)”}”(hhh]”(h§)”}”(hŒ7.  ELF coredump extensions”h]”hŒ7.  ELF coredump extensions”…””}”(hj8  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj5  hžhhŸh¶h KÖubhç)”}”(hhh]”hì)”}”(hX  NT_ARM_GCS notes will be added to each coredump for each thread of the
dumped process.  The contents will be equivalent to the data that would
have been read if a PTRACE_GETREGSET of the corresponding type were
executed for each thread when the coredump was generated.


”h]”h¸)”}”(hX  NT_ARM_GCS notes will be added to each coredump for each thread of the
dumped process.  The contents will be equivalent to the data that would
have been read if a PTRACE_GETREGSET of the corresponding type were
executed for each thread when the coredump was generated.”h]”hX  NT_ARM_GCS notes will be added to each coredump for each thread of the
dumped process.  The contents will be equivalent to the data that would
have been read if a PTRACE_GETREGSET of the corresponding type were
executed for each thread when the coredump was generated.”…””}”(hjM  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KØhjI  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhjF  hžhhŸh¶h Nubah}”(h]”h ]”h"]”h$]”h&]”j  j  uh1hæhŸh¶h KØhj5  hžhubeh}”(h]”Œelf-coredump-extensions”ah ]”h"]”Œ7. elf coredump extensions”ah$]”h&]”uh1h¡hh£hžhhŸh¶h KÖubh¢)”}”(hhh]”(h§)”}”(hŒ8.  /proc extensions”h]”hŒ8.  /proc extensions”…””}”(hjr  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjo  hžhhŸh¶h Kàubhç)”}”(hhh]”hì)”}”(hŒTGuarded Control Stack pages will include "ss" in their VmFlags in
/proc/<pid>/smaps.”h]”h¸)”}”(hŒTGuarded Control Stack pages will include "ss" in their VmFlags in
/proc/<pid>/smaps.”h]”hŒXGuarded Control Stack pages will include â€œssâ€ in their VmFlags in
/proc/<pid>/smaps.”…””}”(hj‡  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Kâhjƒ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1hëhj€  hžhhŸh¶h Nubah}”(h]”h ]”h"]”h$]”h&]”j  j  uh1hæhŸh¶h Kâhjo  hžhubeh}”(h]”Œproc-extensions”ah ]”h"]”Œ8. /proc extensions”ah$]”h&]”uh1h¡hh£hžhhŸh¶h Kàubeh}”(h]”Œ/guarded-control-stack-support-for-aarch64-linux”ah ]”h"]”Œ/guarded control stack support for aarch64 linux”ah$]”h&]”uh1h¡hhhžhhŸh¶h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h¶uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¦NŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”Œentry”Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jÔ  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h¶Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(j®  j«  j  j  jŒ  j‰  jn  jk  j   j  jÈ  jÅ  j2  j/  jl  ji  j¦  j£  uŒ	nametypes”}”(j®  ‰j  ‰jŒ  ‰jn  ‰j   ‰jÈ  ‰j2  ‰jl  ‰j¦  ‰uh}”(j«  h£j  hÕj‰  j  jk  j  j  jq  jÅ  j#  j/  jË  ji  j5  j£  jo  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.