lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 3 Nov 2021 00:24:12 +0800 From: Dan Li <ashimida@...ux.alibaba.com> To: Szabolcs Nagy <szabolcs.nagy@....com> Cc: gcc-patches@....gnu.org, linux-hardening@...r.kernel.org Subject: Re: [PATCH] [RFC][PR102768] aarch64: Add compiler support for Shadow Call Stack On 11/2/21 9:04 PM, Szabolcs Nagy wrote: > The 11/02/2021 00:06, Dan Li via Gcc-patches wrote: >> Shadow Call Stack can be used to protect the return address of a >> function at runtime, and clang already supports this feature[1]. >> >> To enable SCS in user mode, in addition to compiler, other support >> is also required (as described in [2]). This patch only adds basic >> support for SCS from the compiler side, and provides convenience >> for users to enable SCS. >> >> For linux kernel, only the support of the compiler is required. >> >> [1] https://clang.llvm.org/docs/ShadowCallStack.html >> [2] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=102768 > > i'm not a gcc maintainer, but i prefer such feature > to be in upstream gcc instead of in a plugin. > > it will require update to the documentation: > > which should mention that it depends on -ffixed-x18 > (probably that should be enforced too) which is an > important abi issue: functions following the normal > pcs can clobber x18 and break scs. > Thanks Szabolcs, I will update the documentation in next version. It sounds reasonable to enforced -ffixed-x18 with scs, but I see that clang doesn’t do that. Maybe it is better to be consistent with clang here? > and that there is no unwinder support. > Ok, let me try to add a support for this. > the abi issue means it is unlikely to be useful in > linux user space (even if libc and unwinder support > is implemented), but it can be still useful in > freestanding code such as the linux kernel. > > thanks. >
Powered by blists - more mailing lists