Re: [PATCH] [PATCH] AARCH64: Add gcc Shadow Call Stack support

[Ard Biesheuvel]

On Tue, 22 Feb 2022 at 19:48, Mark Rutland <mark.rutland@xxxxxxx> wrote:
>
> Hi,
>
> On Tue, Feb 22, 2022 at 01:57:36AM -0800, Dan Li wrote:
> > Shadow call stack is available in GCC > 11.2.0, this patch makes
> > the corresponding kernel configuration available when compiling
> > the kernel with gcc.
>
> Neat!
>
> My local GCC devs told me that means GCC 12.x.x rather than 11.2.x or
> 11.3.x, so as others have said it'd be clearer to say `GCC >= 12.0.0`.
>
> I'd like to try this with a GCC binary before I provide an Ack or R-b;
> but in the mean time I have a few comments below.
>
> > Note that the implementation in GCC is slightly different from Clang.
> > With SCS enabled, functions will only pop x30 once in the epilogue,
> > like:
> >
> >    str     x30, [x18], #8
> >    stp     x29, x30, [sp, #-16]!
> >    ......
> > -  ldp     x29, x30, [sp], #16          //clang
> > +  ldr     x29, [sp], #16       //GCC
> >    ldr     x30, [x18, #-8]!
>
> Given the prologue still pushes both x29 and x30 (which we critically
> depend upon) that sounds OK to me.
>

Indeed.

What did come up in the discussion on the GCC side was runtime
patching (to avoid the overhead of having both PAC and SCS), but it
seems far more likely that we would patch PACIASP/AUTIASP instructions
into SCS pushes/pops rather than the other way around, and so loading
x30 only once should be fine.