Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp1662936pxb;
        Mon, 11 Oct 2021 10:26:32 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyjuICXl4URYN5TperkAYHnJ/JslMobvjhUVFNhs2Y6aUxCExeMnnLXkxPO1cExcM0dXRPo
X-Received: by 2002:a17:906:a1c1:: with SMTP id bx1mr19848786ejb.447.1633973192463;
        Mon, 11 Oct 2021 10:26:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1633973192; cv=none;
        d=google.com; s=arc-20160816;
        b=vJosd8N3JbZLUUCzXtYw4Lgj/Y188625jQus5jN/ESfWQ2FNg2Sy6biYyEf78yYkKT
         gMiiag4ljbz24IfB1FGJN5SFEyXunNqZBLdLe8EFpVZJt5C2Lqt2qYXAet2LNHcuv8U3
         G8Lx+YyNL3t80IHYsvhKKn4GFTZooF/rxXupgFcrEbuXs8bmEgoy31lthips8DXymNHP
         KijoDHjOQXZofoH6gP1pMTgoz9GDsRO0Ngz/CYrE4tFJrNilvywSkWm4k3utVCtYUi2P
         7ydidXK54tXys18gRE0jo8nLA98UXpuC9CWQGU1eGbQsx+zZzkKMEYASTiRnCFAJCELA
         zqDg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=Nu4G/4LFT2B+dN7Ud24heVwfxO4x4OPVUBz/3Y6zfcc=;
        b=UtNR8ah4drKAB7lpIhpqsaAVWLSlCYR3HgBmra1nzj6ib1wj6LfGjt5ZHYkKO4STTz
         ESQDbOO2lb4gtnvKknHfdhfhqaixQbT3Fd//2aiC/T4RHTCYj+Q3tF2oGpE9470n3iro
         EkCgWbpEdK8UnXOyxfU6pwKp4xWOpHPxIl07U90+x0oPvpmZ32vnAyST4066QO2KIMGA
         rpwWVqfU797+0B7mlKh69k6dP9PLJmi6Z0mCaauRxWafJRpOGBFbwAyyPeoQ6K+5QlgQ
         87VOLWimoCIpQ6tFlKWtkdOW/+y5XKD+27ZJ6M/q746/u/rQ6qvqDuYK6T3C9rb/fYD5
         xvQg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=EUjn8oMw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id b1si12055686ejl.25.2021.10.11.10.26.08;
        Mon, 11 Oct 2021 10:26:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=EUjn8oMw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233583AbhJKR0N (ORCPT <rfc822;lonelydragon1988@gmail.com>
        + 99 others); Mon, 11 Oct 2021 13:26:13 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57306 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233171AbhJKR0M (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 11 Oct 2021 13:26:12 -0400
Received: from mail-lf1-x134.google.com (mail-lf1-x134.google.com [IPv6:2a00:1450:4864:20::134])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 908F8C06161C
        for <linux-kernel@vger.kernel.org>; Mon, 11 Oct 2021 10:24:11 -0700 (PDT)
Received: by mail-lf1-x134.google.com with SMTP id j21so58996664lfe.0
        for <linux-kernel@vger.kernel.org>; Mon, 11 Oct 2021 10:24:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=Nu4G/4LFT2B+dN7Ud24heVwfxO4x4OPVUBz/3Y6zfcc=;
        b=EUjn8oMwIJr6hI/Bj9RHyQtE8rNarSGeAJzHLDRlf0gs56UilEaSyWlLkJkqtHPbXs
         ZEODFTtC/dQJ5P8HlTZ1hq6XDtsIsYJirGNPl2h8K1eNe9bIivfDbjjYmAfIe3Q5fZAU
         O6taffpbbG7GOh8ZSbzYa1GAvKvy+aZgoj7QJkSX0v56ptHUMjXpUKrA9FXnQpjapUyb
         6ehm8hxJJwznPBHD7rrBhXrHkHfIE+hzuNQ5rZAlJtPEbnFA/y3jGQ1YwicY40J/NweQ
         YXADeHg47bCpGEvT/Ug3U/QSUMUuwIBm/d6R+zxmKWJse000kTWSS4znRTrxelOAg85V
         fC0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=Nu4G/4LFT2B+dN7Ud24heVwfxO4x4OPVUBz/3Y6zfcc=;
        b=YFDG/ZXxG1hTEddjOfh6FT9/E7VrORgSbOTJdzIkxvXK7xRpvSeOLx+djUcNdVDeuc
         SDg1BGXuyUOgxEZdhfPI++9VbPiRrq3Fos7HwxwKsxXmJHjwulVg/vmyitHMaC6jXbbC
         798ONswASz33w1qYLuk4Ih92DnlH3Tx68oh4DI9ORrQvyDR9mMrCzqIuITebXZ35Fiby
         TKl/Y2BFVTCIMdwAeMGoGbPWTwh+DqfA8Mm8rcyJ7J6EXbkB0Gtx/OjJ5CZ7QpAQopb1
         JihM3QqpvktbdSSyU3oTDO3A8amEFHeCwTnFcGvFzANKsVbZedUkt87TIeYNLlA6vgd3
         FnXw==
X-Gm-Message-State: AOAM530J5AvvWQZYFczIlPp3tdiKD8Uwpk/60Wuj2KxiB56y4FDX7LOp
        N4Br78/18ZzoNHQ0CU9VGe7CkyHidUTfT52IkIDsWA==
X-Received: by 2002:a19:6a16:: with SMTP id u22mr29139566lfu.444.1633973049612;
 Mon, 11 Oct 2021 10:24:09 -0700 (PDT)
MIME-Version: 1.0
References: <1633878992-32884-1-git-send-email-ashimida@linux.alibaba.com>
 <CANiq72nBqiyrcaW47ZW-6i7zJ6HrmjZWSOr==HkEuBR5rXmpdQ@mail.gmail.com> <a25b9286-fc1f-d398-150c-ce073eadc6c1@linux.alibaba.com>
In-Reply-To: <a25b9286-fc1f-d398-150c-ce073eadc6c1@linux.alibaba.com>
From:   Nick Desaulniers <ndesaulniers@google.com>
Date:   Mon, 11 Oct 2021 10:23:57 -0700
Message-ID: <CAKwvOd=D=UvGfHjEyeYPk3c=ksg9mF8nUX-9jyJhkX8QbugMSQ@mail.gmail.com>
Subject: Re: [PATCH] [PATCH V2]ARM64: SCS: Add gcc plugin to support Shadow
 Call Stack
To:     Dan Li <ashimida@linux.alibaba.com>
Cc:     Miguel Ojeda <miguel.ojeda.sandonis@gmail.com>,
        Masahiro Yamada <masahiroy@kernel.org>,
        Michal Marek <michal.lkml@markovi.net>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Nathan Chancellor <nathan@kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Andrew Morton <akpm@linux-foundation.org>,
        Sami Tolvanen <samitolvanen@google.com>, frederic@kernel.org,
        Mike Rapoport <rppt@kernel.org>,
        Mark Rutland <mark.rutland@arm.com>, yifeifz2@illinois.edu,
        Steven Rostedt <rostedt@goodmis.org>,
        Viresh Kumar <viresh.kumar@linaro.org>, andreyknvl@gmail.com,
        Colin King <colin.king@canonical.com>,
        Miguel Ojeda <ojeda@kernel.org>,
        Luc Van Oostenryck <luc.vanoostenryck@gmail.com>,
        Marco Elver <elver@google.com>,
        Arvind Sankar <nivedita@alum.mit.edu>,
        Ard Biesheuvel <ardb@kernel.org>,
        Linux Kbuild mailing list <linux-kbuild@vger.kernel.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>,
        linux-hardening@vger.kernel.org,
        clang-built-linux <clang-built-linux@googlegroups.com>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Oct 11, 2021 at 8:42 AM Dan Li <ashimida@linux.alibaba.com> wrote:
>
>
>
> On 10/10/21 11:43 PM, Miguel Ojeda wrote:
> > On Sun, Oct 10, 2021 at 5:16 PM Dan Li <ashimida@linux.alibaba.com> wrote:
> >>
> >> -         This option enables Clang's Shadow Call Stack, which uses a
> >> -         shadow stack to protect function return addresses from being
> >> -         overwritten by an attacker. More information can be found in
> >> -         Clang's documentation:
> >> +         This option enables Clang/GCC plugin's Shadow Call Stack, which
> >> +         uses a shadow stack to protect function return addresses from
> >> +         being overwritten by an attacker. More information can be found
> >> +         in Clang's documentation:
> >
> > Perhaps it could be worded in a better way? It sounds like it is a
> > custom plugin for Clang as well, e.g.:
> >
> >      This option enables Shadow Call Stack (in the case of GCC, as a plugin),
> >
> > Cheers,
> > Miguel
> >
>
> Thanks Miguel.
>
> How about writing like this:
> This option enables Shadow Call Stack (supported as a compiler option in
> the case of clang, supported as a plugin in the case of gcc), which uses
> a shadow stack to ...

That sounds reasonable.

One question I have Dan, what is your sense for getting this feature
landed upstream in GCC proper?  It's neat to be able to use plugins to
support older versions of a compiler than when the feature initially
lands; I was curious if you're working to submit this into GCC as
well?  I didn't see anything in GCC's bug tracker for "shadow call
stack," but maybe there's a different feature bug tracking this?
-- 
Thanks,
~Nick Desaulniers