Re: [PATCH] [PATCH] AARCH64: Add gcc Shadow Call Stack support
From: Dan Li
Date: Wed Feb 23 2022 - 03:50:34 EST
On 2/22/22 08:16, Nathan Chancellor wrote:
On Tue, Feb 22, 2022 at 01:57:36AM -0800, Dan Li wrote:
Shadow call stack is available in GCC > 11.2.0, this patch makes
the corresponding kernel configuration available when compiling
the kernel with gcc.
config SHADOW_CALL_STACK
- bool "Clang Shadow Call Stack"
- depends on CC_IS_CLANG && ARCH_SUPPORTS_SHADOW_CALL_STACK
+ bool "Shadow Call Stack"
+ depends on ARCH_SUPPORTS_SHADOW_CALL_STACK
depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER
help
- This option enables Clang's Shadow Call Stack, which uses a
+ This option enables Clang/GCC's Shadow Call Stack, which uses a
I wonder if we want to just ditch the mention of the compiler if both
support it?
My intention is to remind users that this is a compiler feature.
But since there is also a hint in CC_HAVE_SHADOW_CALL_STACK:
+# Supported by clang >= 7.0 or GCC ...
Removing the specific compiler here also looks fine to me.
Would this look better?
"This option enables Shadow Call Stack, which uses a ..."
or maybe:
"This option enables compiler's Shadow Call Stack, which uses a ..."
shadow stack to protect function return addresses from being
overwritten by an attacker. More information can be found in
Clang's documentation:
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 09b885cc4db5..a48a604301aa 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1255,7 +1255,7 @@ config HW_PERF_EVENTS
config ARCH_HAS_FILTER_PGPROT
def_bool y
-# Supported by clang >= 7.0
+# Supported by clang >= 7.0 or GCC > 11.2.0
Same thing here, although eventually there may be a minimum GCC version
bump to something newer than 11.2.0, which would allow us to just drop
CONFIG_CC_HAVE_SHADOW_CALL_STACK altogether. No strong opinion.
As Guenter said, I thought maybe we could mark the minimum available
version for users :)
Thanks,
Dan.