X-Received: by 2002:a17:906:2a97:b0:6b4:143f:37c6 with SMTP id l23-20020a1709062a9700b006b4143f37c6mr1327366eje.133.1645654173057; Wed, 23 Feb 2022 14:09:33 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645654173; cv=none; d=google.com; s=arc-20160816; b=tgSTf7ZdlhBDjaQw5wJnYpYp6QdBPeXbjyja5BwkdUHXscV5udSboPHAV7xO4cfvTR ug1B3vNhdPAC2OdpeL7rVi/llyrrKtBCipEn+tIYagjYR+1N32DoHJYEnicT70BgSKUD Bqt4g/shbvliYPDe6SWruOmgFQ8q7W+P6dluWeqRjy2mmUMLJrx6KVuA45FJY8TB4TGR WjRM/UFleFgYqGkuqBkszeCxsvfmEsFpjEML984R3yDwuh/0G60INGWTGAXZzKf6nPQX /S7RNBhe+olloXz5Fw9mRWJ8Q+5bZ6GyGvVdPW16Hp3Gpv3SfAw9trrJjGd7y2PqRd2D X60Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=trP2zl5tnhh0zzTYiK5+6HkwS0YBFrEVT1LU3CVsCFQ=; b=JSpp+h55oWiYlHx0ZA9z7s1c32eWHMQzSbecIgqnXhDvWVdW0mUQxtpAcc7qXzS6H3 dtfdcDSIyZha5iNns8sT4jG2Mx3Fch/rJcZk9lPw11c6AC+LeyiP0W+YsrE5jpdUVTZI uMytF+DYWtRVW76LG59niSRBJpJvjFgWrpIghQ34DekVW5YO4J2IHz0QaFmAIzDkV/sa TjiYWNTmNZZOmcemx+cehiuYznOkVCSpVc16tWWdCSRpWeSDmkiiTQmerFXcyhew8hFm YneD7YBFkAlxYEeWsJivGIQBJFxSMJ5gVtbyY6Q/3KkKl56xChtXZeDhIJW0JiW4ZfON 4L7g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=amipTyug; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id l11si487850ejx.908.2022.02.23.14.09.08; Wed, 23 Feb 2022 14:09:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=amipTyug; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238859AbiBWLtm (ORCPT + 99 others); Wed, 23 Feb 2022 06:49:42 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52186 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233558AbiBWLtl (ORCPT ); Wed, 23 Feb 2022 06:49:41 -0500 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 037E1E99; Wed, 23 Feb 2022 03:49:14 -0800 (PST) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id B18D3B81F01; Wed, 23 Feb 2022 11:49:12 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5B2F0C340F5; Wed, 23 Feb 2022 11:49:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1645616951; bh=+ioWVHNgMYeDeBDsUP7f/drz0hwa8yRvXmdVGF3eiFQ=; h=References:In-Reply-To:From:Date:Subject:To:Cc:From; b=amipTyugIxJO3OK3SYdgOFAUabSp6w39r0/eyVWT+fJDXgPBbmQOnORSBUTQR+O0Z bjZnZzvujx/rFKnqDifCEtVemDXzMXqCYKkWzWDOVRjTqXoFletbgV1Av+aN7SdIdv ls/RPtf/RUjv5uqSdUbrTvKFxt/BGjABV70qd1mf2zDB9oVwFHEZKP3LdgQ0rK66jn Cy0KwhZpUuoUvvLku+ZvlMUo7MuzAAzpc323fDtqdartLYEiI2YbFLE5m6bEWe0vQ0 KvVXhHWvrqeFmU0UBHkCw5wWBJrMROVNWfDNRBUdmFK0gB7WfGkZosotO2JFzH6qFq NqlkwHQKA7Yuw== Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-2d641c31776so207344117b3.12; Wed, 23 Feb 2022 03:49:11 -0800 (PST) X-Gm-Message-State: AOAM531FmkAkHwypMZMbzEO1qM6HqEvbzbH0S7SZ3J98W+sstX18ySYc ypgn7AmAjliO6BucVd44MMyY3g0dstlBQNeZ3co= X-Received: by 2002:a81:4a45:0:b0:2d6:b212:6a76 with SMTP id x66-20020a814a45000000b002d6b2126a76mr26808813ywa.60.1645616950272; Wed, 23 Feb 2022 03:49:10 -0800 (PST) MIME-Version: 1.0 References: <20220222095736.24898-1-ashimida@linux.alibaba.com> In-Reply-To: From: Ard Biesheuvel Date: Wed, 23 Feb 2022 12:48:58 +0100 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH] [PATCH] AARCH64: Add gcc Shadow Call Stack support To: Mark Rutland Cc: Dan Li , Catalin Marinas , Will Deacon , Nathan Chancellor , Nick Desaulniers , Kees Cook , Masahiro Yamada , Thomas Gleixner , Andrew Morton , Sami Tolvanen , Nicholas Piggin , Guenter Roeck , Masami Hiramatsu , Miguel Ojeda , luc.vanoostenryck@gmail.com, Marco Elver , Linux Kernel Mailing List , Linux ARM , llvm@lists.linux.dev, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 22 Feb 2022 at 19:48, Mark Rutland wrote: > > Hi, > > On Tue, Feb 22, 2022 at 01:57:36AM -0800, Dan Li wrote: > > Shadow call stack is available in GCC > 11.2.0, this patch makes > > the corresponding kernel configuration available when compiling > > the kernel with gcc. > > Neat! > > My local GCC devs told me that means GCC 12.x.x rather than 11.2.x or > 11.3.x, so as others have said it'd be clearer to say `GCC >= 12.0.0`. > > I'd like to try this with a GCC binary before I provide an Ack or R-b; > but in the mean time I have a few comments below. > > > Note that the implementation in GCC is slightly different from Clang. > > With SCS enabled, functions will only pop x30 once in the epilogue, > > like: > > > > str x30, [x18], #8 > > stp x29, x30, [sp, #-16]! > > ...... > > - ldp x29, x30, [sp], #16 //clang > > + ldr x29, [sp], #16 //GCC > > ldr x30, [x18, #-8]! > > Given the prologue still pushes both x29 and x30 (which we critically > depend upon) that sounds OK to me. > Indeed. What did come up in the discussion on the GCC side was runtime patching (to avoid the overhead of having both PAC and SCS), but it seems far more likely that we would patch PACIASP/AUTIASP instructions into SCS pushes/pops rather than the other way around, and so loading x30 only once should be fine.