diff options
author | Ard Biesheuvel <ardb@kernel.org> | 2022-10-27 17:59:08 +0200 |
---|---|---|
committer | Will Deacon <will@kernel.org> | 2022-11-09 18:06:35 +0000 |
commit | 3b619e22c4601b444ed2d6a5458271f72625ac89 (patch) | |
tree | 1f4754b78c6302a14322f629b72a6f195d8dd58e /arch/arm64/Kconfig | |
parent | 9beccca0984022a844850e32f0d7dd80d4a225de (diff) | |
download | linux-3b619e22c4601b444ed2d6a5458271f72625ac89.tar.gz linux-3b619e22c4601b444ed2d6a5458271f72625ac89.tar.bz2 linux-3b619e22c4601b444ed2d6a5458271f72625ac89.zip |
arm64: implement dynamic shadow call stack for Clang
Implement dynamic shadow call stack support on Clang, by parsing the
unwind tables at init time to locate all occurrences of PACIASP/AUTIASP
instructions, and replacing them with the shadow call stack push and pop
instructions, respectively.
This is useful because the overhead of the shadow call stack is
difficult to justify on hardware that implements pointer authentication
(PAC), and given that the PAC instructions are executed as NOPs on
hardware that doesn't, we can just replace them without breaking
anything. As PACIASP/AUTIASP are guaranteed to be paired with respect to
manipulations of the return address, replacing them 1:1 with shadow call
stack pushes and pops is guaranteed to result in the desired behavior.
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Sami Tolvanen <samitolvanen@google.com>
Tested-by: Sami Tolvanen <samitolvanen@google.com>
Link: https://lore.kernel.org/r/20221027155908.1940624-4-ardb@kernel.org
Signed-off-by: Will Deacon <will@kernel.org>
Diffstat (limited to 'arch/arm64/Kconfig')
-rw-r--r-- | arch/arm64/Kconfig | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig index 7e3a9cf2193d..170832f31eff 100644 --- a/arch/arm64/Kconfig +++ b/arch/arm64/Kconfig @@ -2160,6 +2160,15 @@ config ARCH_NR_GPIO If unsure, leave the default value. +config UNWIND_PATCH_PAC_INTO_SCS + bool "Enable shadow call stack dynamically using code patching" + # needs Clang with https://reviews.llvm.org/D111780 incorporated + depends on CC_IS_CLANG && CLANG_VERSION >= 150000 + depends on ARM64_PTR_AUTH_KERNEL && CC_HAS_BRANCH_PROT_PAC_RET + depends on SHADOW_CALL_STACK + select UNWIND_TABLES + select DYNAMIC_SCS + endmenu # "Kernel Features" menu "Boot options" |