Received: by 2002:a25:d7c1:0:0:0:0:0 with SMTP id o184csp4021986ybg; Mon, 21 Oct 2019 02:29:35 -0700 (PDT) X-Google-Smtp-Source: APXvYqwDF/HAsmwd2aWpCTU7mi78MhgW5TyCghIU4SXk8n5S1zzmmxxW/0rjEAq15PurMRJ9n4+a X-Received: by 2002:a50:ec0f:: with SMTP id g15mr23912004edr.59.1571650175687; Mon, 21 Oct 2019 02:29:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1571650175; cv=none; d=google.com; s=arc-20160816; b=rNpOCh+2gsB/e+DhXBGADiWY4kqLILXbE625zHLpSulPUe+eqA5BxNw6Ff+nb5tqX4 IhYki61l/9w8OvdteMw3pJ1iyTQ8+7JUv5zQtj5rJQD61Iz7l/Vsx1gcsix4anQydGi/ kuFDksW3FSDmdUOp4U2i3QGn4VYxllehUnJoKDwyu9ebf8Jr6BgbKj4gbXjTbumXBncy z5GNKVgDpVoBoiUQTTRrbjVzguteRE6WvZpypQo/POErvmEABvw1C7/HxnOmTo3RMyFK GQO+v0ms6SC0EOewkvoQCSEoPeWMKuC/X06CY2zGfSdCmV/KJmlSe6mCOE2wLdMbkJJ6 xEAg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date :dkim-signature; bh=j1Iow+/0y0NVDOfLSDZ5iWHws0+t7SiphiGwslqoErg=; b=YSUdO2Ts9S5VrvtQQWinI68+teUXFwaoMeF22EeaodXkjoxnTcTvT2UXp6VhFEcHSx H2Uo/Pp226oGs1P0y02FNmnweKQh+wInjna4Eb/BYuHVPab2KGMDDA3UtIRwbCFRoIje N7CWSLXJCy3tVnGiJeap8WeWnD4CCrO26GROuVr1MBigwbzG6o4nrPlhCMSt1I82zMpv hAgzbN1LnzA2gYyc8N+DG/KWJaGU0xwKZdoJo6pz46K6ioHyKTxhRF24l8AdfcZI0v+3 UvYY9eaBtvo2vUfJ0rZa9HO3F5U/S38CoxfFzohvA9Q8GrfnfksifRvXFfU385vR2nq+ s6rg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=zWZzDrii; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id sb7si7889488ejb.321.2019.10.21.02.29.10; Mon, 21 Oct 2019 02:29:35 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=zWZzDrii; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727194AbfJUJ2z (ORCPT + 99 others); Mon, 21 Oct 2019 05:28:55 -0400 Received: from mail.kernel.org ([198.145.29.99]:43752 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726725AbfJUJ2z (ORCPT ); Mon, 21 Oct 2019 05:28:55 -0400 Received: from devnote2 (NE2965lan1.rev.em-net.ne.jp [210.141.244.193]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6C8F620684; Mon, 21 Oct 2019 09:28:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1571650134; bh=Ij6S89oTE2ChGvN/UW+DXJfdLK0DsQIGRLCpuPOoRWA=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=zWZzDriip6tNCgfYO0M88aJAV5J/LSHelLDvXsN0JxFO1eO3wP1xf9jH9VOPlWeRr l8gfqL/30jne+EhJJPVaCBHdwfmo0Jc+al53Fz46Fn92tge0OM9hWMU0I3I9+Es3ta pEfX+JuiTXYfFUauJoNlctRr1EGfMdnBG4PgNxEc= Date: Mon, 21 Oct 2019 18:28:49 +0900 From: Masami Hiramatsu To: Sami Tolvanen Cc: Will Deacon , Catalin Marinas , Steven Rostedt , Ard Biesheuvel , Dave Martin , Kees Cook , Laura Abbott , Mark Rutland , Nick Desaulniers , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH 00/18] add support for Clang's Shadow Call Stack Message-Id: <20191021182849.d51a67b0c0fe74d8d524147f@kernel.org> In-Reply-To: <20191018161033.261971-1-samitolvanen@google.com> References: <20191018161033.261971-1-samitolvanen@google.com> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, On Fri, 18 Oct 2019 09:10:15 -0700 Sami Tolvanen wrote: > This patch series adds support for Clang's Shadow Call Stack (SCS) > mitigation, which uses a separately allocated shadow stack to protect > against return address overwrites. More information can be found here: > > https://clang.llvm.org/docs/ShadowCallStack.html Looks interesting, and like what function-graph tracing does... > > SCS is currently supported only on arm64, where the compiler requires > the x18 register to be reserved for holding the current task's shadow > stack pointer. Because of this, the series includes four patches from > Ard to remove x18 usage from assembly code and to reserve the register > from general allocation. > > With -fsanitize=shadow-call-stack, the compiler injects instructions > to all non-leaf C functions to store the return address to the shadow > stack and unconditionally load it again before returning. As a result, > SCS is incompatible with features that rely on modifying function > return addresses to alter control flow, such as function graph tracing > and kretprobes. A copy of the return address is still kept in the > kernel stack for compatibility with stack unwinding, for example. Is it possible that kretprobes and function graph tracing modify the SCS directly instead of changing real stack in that case? Thank you, -- Masami Hiramatsu