summaryrefslogtreecommitdiffstats
path: root/arch/arm64/Kconfig
diff options
context:
space:
mode:
authorArd Biesheuvel <ardb@kernel.org>2022-10-27 17:59:08 +0200
committerWill Deacon <will@kernel.org>2022-11-09 18:06:35 +0000
commit3b619e22c4601b444ed2d6a5458271f72625ac89 (patch)
tree1f4754b78c6302a14322f629b72a6f195d8dd58e /arch/arm64/Kconfig
parent9beccca0984022a844850e32f0d7dd80d4a225de (diff)
downloadlinux-3b619e22c4601b444ed2d6a5458271f72625ac89.tar.gz
linux-3b619e22c4601b444ed2d6a5458271f72625ac89.tar.bz2
linux-3b619e22c4601b444ed2d6a5458271f72625ac89.zip
arm64: implement dynamic shadow call stack for Clang
Implement dynamic shadow call stack support on Clang, by parsing the unwind tables at init time to locate all occurrences of PACIASP/AUTIASP instructions, and replacing them with the shadow call stack push and pop instructions, respectively. This is useful because the overhead of the shadow call stack is difficult to justify on hardware that implements pointer authentication (PAC), and given that the PAC instructions are executed as NOPs on hardware that doesn't, we can just replace them without breaking anything. As PACIASP/AUTIASP are guaranteed to be paired with respect to manipulations of the return address, replacing them 1:1 with shadow call stack pushes and pops is guaranteed to result in the desired behavior. Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Sami Tolvanen <samitolvanen@google.com> Tested-by: Sami Tolvanen <samitolvanen@google.com> Link: https://lore.kernel.org/r/20221027155908.1940624-4-ardb@kernel.org Signed-off-by: Will Deacon <will@kernel.org>
Diffstat (limited to 'arch/arm64/Kconfig')
-rw-r--r--arch/arm64/Kconfig9
1 files changed, 9 insertions, 0 deletions
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 7e3a9cf2193d..170832f31eff 100644
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -2160,6 +2160,15 @@ config ARCH_NR_GPIO
If unsure, leave the default value.
+config UNWIND_PATCH_PAC_INTO_SCS
+ bool "Enable shadow call stack dynamically using code patching"
+ # needs Clang with https://reviews.llvm.org/D111780 incorporated
+ depends on CC_IS_CLANG && CLANG_VERSION >= 150000
+ depends on ARM64_PTR_AUTH_KERNEL && CC_HAS_BRANCH_PROT_PAC_RET
+ depends on SHADOW_CALL_STACK
+ select UNWIND_TABLES
+ select DYNAMIC_SCS
+
endmenu # "Kernel Features"
menu "Boot options"