From: Dan Li <ashimida@linux.alibaba.com>
To: Szabolcs Nagy <szabolcs.nagy@arm.com>
Cc: gcc-patches@gcc.gnu.org, linux-hardening@vger.kernel.org
Subject: Re: [PATCH] [RFC][PR102768] aarch64: Add compiler support for Shadow Call Stack
Date: Wed, 3 Nov 2021 00:24:12 +0800 [thread overview]
Message-ID: <fb3b7de8-7494-3190-1684-34fcbe9e1aa5@linux.alibaba.com> (raw)
In-Reply-To: <20211102130413.GS1982710@arm.com>
On 11/2/21 9:04 PM, Szabolcs Nagy wrote:
> The 11/02/2021 00:06, Dan Li via Gcc-patches wrote:
>> Shadow Call Stack can be used to protect the return address of a
>> function at runtime, and clang already supports this feature[1].
>>
>> To enable SCS in user mode, in addition to compiler, other support
>> is also required (as described in [2]). This patch only adds basic
>> support for SCS from the compiler side, and provides convenience
>> for users to enable SCS.
>>
>> For linux kernel, only the support of the compiler is required.
>>
>> [1] https://clang.llvm.org/docs/ShadowCallStack.html
>> [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102768
>
> i'm not a gcc maintainer, but i prefer such feature
> to be in upstream gcc instead of in a plugin.
>
> it will require update to the documentation:
>
> which should mention that it depends on -ffixed-x18
> (probably that should be enforced too) which is an
> important abi issue: functions following the normal
> pcs can clobber x18 and break scs.
>
Thanks Szabolcs, I will update the documentation in next version.
It sounds reasonable to enforced -ffixed-x18 with scs, but I see
that clang doesn’t do that. Maybe it is better to be consistent
with clang here?
> and that there is no unwinder support.
>
Ok, let me try to add a support for this.
> the abi issue means it is unlikely to be useful in
> linux user space (even if libc and unwinder support
> is implemented), but it can be still useful in
> freestanding code such as the linux kernel.
>
> thanks.
>
next prev parent reply other threads:[~2021-11-02 16:36 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-02 7:06 [PATCH] [RFC][PR102768] aarch64: Add compiler support for Shadow Call Stack Dan Li
2021-11-02 13:04 ` Szabolcs Nagy
2021-11-02 16:24 ` Dan Li [this message]
2021-11-03 12:00 ` Szabolcs Nagy
2021-11-23 8:32 ` Dan Li
2021-11-23 10:51 ` Szabolcs Nagy
2021-11-23 13:39 ` Dan Li
2021-12-06 2:41 ` [PATCH] [PATCH,v2,1/1,AARCH64][PR102768] " Dan Li
2021-12-06 3:22 ` Dan Li
2022-01-04 14:40 ` [PING^2][PATCH,v2,1/1,AARCH64][PR102768] " Dan Li
[not found] ` <81d54b71-7c9c-47ef-ac8d-72aae46cd4ee@linux.alibaba.com>
[not found] ` <mptk0euk42w.fsf@arm.com>
[not found] ` <a9daf6bf-94f2-0c5f-b9aa-7fb69781c9d5@linux.alibaba.com>
[not found] ` <mpto840kti9.fsf@arm.com>
[not found] ` <3ae4a533-352b-f3e3-27b3-9386df5f56c3@linux.alibaba.com>
2022-01-26 7:53 ` [PING^3][PATCH,v2,1/1,AARCH64][PR102768] " Dan Li
2022-01-26 8:10 ` Ard Biesheuvel
2022-01-26 10:35 ` Dan Li
2022-01-26 11:09 ` Ard Biesheuvel
2022-01-26 14:08 ` Dan Li
2022-01-31 16:26 ` Richard Sandiford
2022-02-02 9:25 ` Dan Li
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fb3b7de8-7494-3190-1684-34fcbe9e1aa5@linux.alibaba.com \
--to=ashimida@linux.alibaba.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=linux-hardening@vger.kernel.org \
--cc=szabolcs.nagy@arm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox