On Tue, Feb 22, 2022 at 01:57:36AM -0800, Dan Li wrote:
Shadow call stack is available in GCC > 11.2.0, this patch makes
the corresponding kernel configuration available when compiling
the kernel with gcc.
config SHADOW_CALL_STACK
- bool "Clang Shadow Call Stack"
- depends on CC_IS_CLANG && ARCH_SUPPORTS_SHADOW_CALL_STACK
+ bool "Shadow Call Stack"
+ depends on ARCH_SUPPORTS_SHADOW_CALL_STACK
depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER
help
- This option enables Clang's Shadow Call Stack, which uses a
+ This option enables Clang/GCC's Shadow Call Stack, which uses a
I wonder if we want to just ditch the mention of the compiler if both
support it?
shadow stack to protect function return addresses from being
overwritten by an attacker. More information can be found in
Clang's documentation:
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 09b885cc4db5..a48a604301aa 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1255,7 +1255,7 @@ config HW_PERF_EVENTS
config ARCH_HAS_FILTER_PGPROT
def_bool y
-# Supported by clang >= 7.0
+# Supported by clang >= 7.0 or GCC > 11.2.0
Same thing here, although eventually there may be a minimum GCC version
bump to something newer than 11.2.0, which would allow us to just drop
CONFIG_CC_HAVE_SHADOW_CALL_STACK altogether. No strong opinion.