mirror of
https://github.com/torvalds/linux.git
synced 2024-11-22 12:11:40 +00:00
arm64: Add gcc Shadow Call Stack support
Shadow call stacks will be available in GCC >= 12, this patch makes the corresponding kernel configuration available when compiling the kernel with the gcc. Note that the implementation in GCC is slightly different from Clang. With SCS enabled, functions will only pop x30 once in the epilogue, like: str x30, [x18], #8 stp x29, x30, [sp, #-16]! ...... - ldp x29, x30, [sp], #16 //clang + ldr x29, [sp], #16 //GCC ldr x30, [x18, #-8]! Link: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=ce09ab17ddd21f73ff2caf6eec3b0ee9b0e1a11e Reviewed-by: Nathan Chancellor <nathan@kernel.org> Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Nick Desaulniers <ndesaulniers@google.com> Signed-off-by: Dan Li <ashimida@linux.alibaba.com> Signed-off-by: Kees Cook <keescook@chromium.org> Link: https://lore.kernel.org/r/20220303074323.86282-1-ashimida@linux.alibaba.com
This commit is contained in:
parent
575d6b77fa
commit
afcf5441b9
19
arch/Kconfig
19
arch/Kconfig
@ -599,21 +599,22 @@ config STACKPROTECTOR_STRONG
|
||||
config ARCH_SUPPORTS_SHADOW_CALL_STACK
|
||||
bool
|
||||
help
|
||||
An architecture should select this if it supports Clang's Shadow
|
||||
Call Stack and implements runtime support for shadow stack
|
||||
An architecture should select this if it supports the compiler's
|
||||
Shadow Call Stack and implements runtime support for shadow stack
|
||||
switching.
|
||||
|
||||
config SHADOW_CALL_STACK
|
||||
bool "Clang Shadow Call Stack"
|
||||
depends on CC_IS_CLANG && ARCH_SUPPORTS_SHADOW_CALL_STACK
|
||||
bool "Shadow Call Stack"
|
||||
depends on ARCH_SUPPORTS_SHADOW_CALL_STACK
|
||||
depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER
|
||||
help
|
||||
This option enables Clang's Shadow Call Stack, which uses a
|
||||
shadow stack to protect function return addresses from being
|
||||
overwritten by an attacker. More information can be found in
|
||||
Clang's documentation:
|
||||
This option enables the compiler's Shadow Call Stack, which
|
||||
uses a shadow stack to protect function return addresses from
|
||||
being overwritten by an attacker. More information can be found
|
||||
in the compiler's documentation:
|
||||
|
||||
https://clang.llvm.org/docs/ShadowCallStack.html
|
||||
- Clang: https://clang.llvm.org/docs/ShadowCallStack.html
|
||||
- GCC: https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options
|
||||
|
||||
Note that security guarantees in the kernel differ from the
|
||||
ones documented for user space. The kernel must store addresses
|
||||
|
@ -1239,7 +1239,7 @@ config HW_PERF_EVENTS
|
||||
config ARCH_HAS_FILTER_PGPROT
|
||||
def_bool y
|
||||
|
||||
# Supported by clang >= 7.0
|
||||
# Supported by clang >= 7.0 or GCC >= 12.0.0
|
||||
config CC_HAVE_SHADOW_CALL_STACK
|
||||
def_bool $(cc-option, -fsanitize=shadow-call-stack -ffixed-x18)
|
||||
|
||||
|
@ -97,6 +97,10 @@
|
||||
#define KASAN_ABI_VERSION 4
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_SHADOW_CALL_STACK
|
||||
#define __noscs __attribute__((__no_sanitize__("shadow-call-stack")))
|
||||
#endif
|
||||
|
||||
#if __has_attribute(__no_sanitize_address__)
|
||||
#define __no_sanitize_address __attribute__((no_sanitize_address))
|
||||
#else
|
||||
|
Loading…
Reference in New Issue
Block a user