From: Szabolcs Nagy <szabolcs.nagy@arm.com>
To: Dan Li <ashimida@linux.alibaba.com>
Cc: gcc-patches@gcc.gnu.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] [RFC][PR102768] aarch64: Add compiler support for Shadow Call Stack
Date: Wed, 3 Nov 2021 12:00:47 +0000 [thread overview]
Message-ID: <20211103120047.GU1982710@arm.com> (raw)
In-Reply-To: <fb3b7de8-7494-3190-1684-34fcbe9e1aa5@linux.alibaba.com>
The 11/03/2021 00:24, Dan Li wrote:
> On 11/2/21 9:04 PM, Szabolcs Nagy wrote:
> > The 11/02/2021 00:06, Dan Li via Gcc-patches wrote:
> > > Shadow Call Stack can be used to protect the return address of a
> > > function at runtime, and clang already supports this feature[1].
> > >
> > > To enable SCS in user mode, in addition to compiler, other support
> > > is also required (as described in [2]). This patch only adds basic
> > > support for SCS from the compiler side, and provides convenience
> > > for users to enable SCS.
> > >
> > > For linux kernel, only the support of the compiler is required.
> > >
> > > [1] https://clang.llvm.org/docs/ShadowCallStack.html
> > > [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102768
> >
> > i'm not a gcc maintainer, but i prefer such feature
> > to be in upstream gcc instead of in a plugin.
> >
> > it will require update to the documentation:
> >
> > which should mention that it depends on -ffixed-x18
> > (probably that should be enforced too) which is an
> > important abi issue: functions following the normal
> > pcs can clobber x18 and break scs.
> >
> Thanks Szabolcs, I will update the documentation in next version.
>
> It sounds reasonable to enforced -ffixed-x18 with scs, but I see
> that clang doesn’t do that. Maybe it is better to be consistent
> with clang here?
i mean gcc can issue a diagnostic if -ffixed-x18 is not passed.
(it seems clang rejects scs too without -ffixed-x18)
> > and that there is no unwinder support.
> >
> Ok, let me try to add a support for this.
i assume exception handling info has to change for scs to
work (to pop the shadow stack when transferring control),
so either scs must require -fno-exceptions or the eh info
changes must be implemented.
i think the kernel does not require exceptions and does
not depend on the unwinder runtime in libgcc, so this
is optional for the linux kernel use-case.
next prev parent reply other threads:[~2021-11-03 12:32 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-02 7:06 Dan Li
2021-11-02 13:04 ` Szabolcs Nagy
2021-11-02 16:24 ` Dan Li
2021-11-03 12:00 ` Szabolcs Nagy [this message]
2021-11-23 8:32 ` Dan Li
2021-11-23 10:51 ` Szabolcs Nagy
2021-11-23 13:39 ` Dan Li
2021-12-06 2:41 ` [PATCH] [PATCH, v2, 1/1, AARCH64][PR102768] " Dan Li
2021-12-06 3:22 ` [PATCH] [PATCH,v2,1/1,AARCH64][PR102768] " Dan Li
2021-12-20 8:34 ` [PING][PATCH, v2, 1/1, AARCH64][PR102768] " Dan Li
2022-01-04 14:40 ` [PING^2][PATCH,v2,1/1,AARCH64][PR102768] " Dan Li
2022-01-19 2:43 ` [PING^3][PATCH,v2,1/1,AARCH64][PR102768] " Dan Li
2022-01-20 12:02 ` [PING^3][PATCH, v2, 1/1, AARCH64][PR102768] " Richard Sandiford
2022-01-24 2:16 ` [PING^3][PATCH,v2,1/1,AARCH64][PR102768] " Dan Li
2022-01-25 10:19 ` [PING^3][PATCH, v2, 1/1, AARCH64][PR102768] " Richard Sandiford
2022-01-26 6:51 ` [PING^3][PATCH,v2,1/1,AARCH64][PR102768] " Dan Li
2022-01-26 7:53 ` Dan Li
2022-01-26 8:10 ` Ard Biesheuvel
2022-01-26 10:35 ` Dan Li
2022-01-26 11:09 ` Ard Biesheuvel
2022-01-26 14:08 ` Dan Li
2022-01-31 16:26 ` [PING^3][PATCH, v2, 1/1, AARCH64][PR102768] " Richard Sandiford
2022-02-02 9:25 ` [PING^3][PATCH,v2,1/1,AARCH64][PR102768] " Dan Li
2022-01-29 15:11 ` Dan Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211103120047.GU1982710@arm.com \
--to=szabolcs.nagy@arm.com \
--cc=ashimida@linux.alibaba.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=linux-hardening@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).