Re: [PATCH] [PATCH] AARCH64: Add gcc Shadow Call Stack support

From: Dan Li
Date: Wed Feb 23 2022 - 04:06:13 EST

Next message: syzbot: "Re: [syzbot] BUG: sleeping function called from invalid context in smc_pnet_apply_ib"
Previous message: Wambui Karuga: "[PATCH] drm/vmwgfx: make vmw_pt_sys_placement static"
In reply to: Mark Rutland: "Re: [PATCH] [PATCH] AARCH64: Add gcc Shadow Call Stack support"
Next in thread: Ard Biesheuvel: "Re: [PATCH] [PATCH] AARCH64: Add gcc Shadow Call Stack support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/22/22 10:47, Mark Rutland wrote:

Hi,

On Tue, Feb 22, 2022 at 01:57:36AM -0800, Dan Li wrote:

Shadow call stack is available in GCC > 11.2.0, this patch makes
the corresponding kernel configuration available when compiling
the kernel with gcc.

Neat!

My local GCC devs told me that means GCC 12.x.x rather than 11.2.x or
11.3.x, so as others have said it'd be clearer to say `GCC >= 12.0.0`.

Ah, yes, I just saw this flag in gcc/BASE-VER.

I'd like to try this with a GCC binary before I provide an Ack or R-b;
but in the mean time I have a few comments below.

Thanks for your test, Mark.
Please let me know if there is any issues :)

---
FYI:
This function can be used to test if the shadow call stack works:
//noinline void __noscs scs_test(void)
noinline void scs_test(void)
{
register unsigned long *sp asm("sp");
unsigned long * lr = sp + 1;

asm volatile("":::"x30");
*lr = 0;
}

It's probably be better to use __builtin_frame_address(0) to get the
address of the frame record rather than assuming that fp==sp in the
middle of the function.

Got it.

config SHADOW_CALL_STACK
- bool "Clang Shadow Call Stack"
- depends on CC_IS_CLANG && ARCH_SUPPORTS_SHADOW_CALL_STACK
+ bool "Shadow Call Stack"
+ depends on ARCH_SUPPORTS_SHADOW_CALL_STACK
depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER
help
- This option enables Clang's Shadow Call Stack, which uses a
+ This option enables Clang/GCC's Shadow Call Stack, which uses a
shadow stack to protect function return addresses from being
overwritten by an attacker. More information can be found in
Clang's documentation:

Is there any additional GCC documentation that we can refer to?

Currently there is only a brief description of
-fsanitize=shadow-call-stack in the user manual.

Since the description of the clang documentation is more detailed, should
I add this gcc link to the configuration description?

Link: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 09b885cc4db5..a48a604301aa 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -1255,7 +1255,7 @@ config HW_PERF_EVENTS
config ARCH_HAS_FILTER_PGPROT
def_bool y
-# Supported by clang >= 7.0
+# Supported by clang >= 7.0 or GCC > 11.2.0

As above, I beleive that should be `GCC >= 12.0.0`.

Yeah.

Thanks,
Dan.

Next message: syzbot: "Re: [syzbot] BUG: sleeping function called from invalid context in smc_pnet_apply_ib"
Previous message: Wambui Karuga: "[PATCH] drm/vmwgfx: make vmw_pt_sys_placement static"
In reply to: Mark Rutland: "Re: [PATCH] [PATCH] AARCH64: Add gcc Shadow Call Stack support"
Next in thread: Ard Biesheuvel: "Re: [PATCH] [PATCH] AARCH64: Add gcc Shadow Call Stack support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]