X-Received: by 2002:a17:906:2a97:b0:6b4:143f:37c6 with SMTP id l23-20020a1709062a9700b006b4143f37c6mr1327366eje.133.1645654173057;
        Wed, 23 Feb 2022 14:09:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645654173; cv=none;
        d=google.com; s=arc-20160816;
        b=tgSTf7ZdlhBDjaQw5wJnYpYp6QdBPeXbjyja5BwkdUHXscV5udSboPHAV7xO4cfvTR
         ug1B3vNhdPAC2OdpeL7rVi/llyrrKtBCipEn+tIYagjYR+1N32DoHJYEnicT70BgSKUD
         Bqt4g/shbvliYPDe6SWruOmgFQ8q7W+P6dluWeqRjy2mmUMLJrx6KVuA45FJY8TB4TGR
         WjRM/UFleFgYqGkuqBkszeCxsvfmEsFpjEML984R3yDwuh/0G60INGWTGAXZzKf6nPQX
         /S7RNBhe+olloXz5Fw9mRWJ8Q+5bZ6GyGvVdPW16Hp3Gpv3SfAw9trrJjGd7y2PqRd2D
         X60Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=trP2zl5tnhh0zzTYiK5+6HkwS0YBFrEVT1LU3CVsCFQ=;
        b=JSpp+h55oWiYlHx0ZA9z7s1c32eWHMQzSbecIgqnXhDvWVdW0mUQxtpAcc7qXzS6H3
         dtfdcDSIyZha5iNns8sT4jG2Mx3Fch/rJcZk9lPw11c6AC+LeyiP0W+YsrE5jpdUVTZI
         uMytF+DYWtRVW76LG59niSRBJpJvjFgWrpIghQ34DekVW5YO4J2IHz0QaFmAIzDkV/sa
         TjiYWNTmNZZOmcemx+cehiuYznOkVCSpVc16tWWdCSRpWeSDmkiiTQmerFXcyhew8hFm
         YneD7YBFkAlxYEeWsJivGIQBJFxSMJ5gVtbyY6Q/3KkKl56xChtXZeDhIJW0JiW4ZfON
         4L7g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=amipTyug;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id l11si487850ejx.908.2022.02.23.14.09.08;
        Wed, 23 Feb 2022 14:09:33 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=amipTyug;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238859AbiBWLtm (ORCPT <rfc822;android.linux@gmail.com>
        + 99 others); Wed, 23 Feb 2022 06:49:42 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52186 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233558AbiBWLtl (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 23 Feb 2022 06:49:41 -0500
Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 037E1E99;
        Wed, 23 Feb 2022 03:49:14 -0800 (PST)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id B18D3B81F01;
        Wed, 23 Feb 2022 11:49:12 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 5B2F0C340F5;
        Wed, 23 Feb 2022 11:49:11 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=k20201202; t=1645616951;
        bh=+ioWVHNgMYeDeBDsUP7f/drz0hwa8yRvXmdVGF3eiFQ=;
        h=References:In-Reply-To:From:Date:Subject:To:Cc:From;
        b=amipTyugIxJO3OK3SYdgOFAUabSp6w39r0/eyVWT+fJDXgPBbmQOnORSBUTQR+O0Z
         bjZnZzvujx/rFKnqDifCEtVemDXzMXqCYKkWzWDOVRjTqXoFletbgV1Av+aN7SdIdv
         ls/RPtf/RUjv5uqSdUbrTvKFxt/BGjABV70qd1mf2zDB9oVwFHEZKP3LdgQ0rK66jn
         Cy0KwhZpUuoUvvLku+ZvlMUo7MuzAAzpc323fDtqdartLYEiI2YbFLE5m6bEWe0vQ0
         KvVXhHWvrqeFmU0UBHkCw5wWBJrMROVNWfDNRBUdmFK0gB7WfGkZosotO2JFzH6qFq
         NqlkwHQKA7Yuw==
Received: by mail-yw1-f180.google.com with SMTP id 00721157ae682-2d641c31776so207344117b3.12;
        Wed, 23 Feb 2022 03:49:11 -0800 (PST)
X-Gm-Message-State: AOAM531FmkAkHwypMZMbzEO1qM6HqEvbzbH0S7SZ3J98W+sstX18ySYc
        ypgn7AmAjliO6BucVd44MMyY3g0dstlBQNeZ3co=
X-Received: by 2002:a81:4a45:0:b0:2d6:b212:6a76 with SMTP id
 x66-20020a814a45000000b002d6b2126a76mr26808813ywa.60.1645616950272; Wed, 23
 Feb 2022 03:49:10 -0800 (PST)
MIME-Version: 1.0
References: <20220222095736.24898-1-ashimida@linux.alibaba.com> <YhUvp5RHkTlBXX3o@lakrids>
In-Reply-To: <YhUvp5RHkTlBXX3o@lakrids>
From:   Ard Biesheuvel <ardb@kernel.org>
Date:   Wed, 23 Feb 2022 12:48:58 +0100
X-Gmail-Original-Message-ID: <CAMj1kXHXz_CFL1A53J+h6EgRCKcrRfd_pMAy9Z+PztfzZYAawg@mail.gmail.com>
Message-ID: <CAMj1kXHXz_CFL1A53J+h6EgRCKcrRfd_pMAy9Z+PztfzZYAawg@mail.gmail.com>
Subject: Re: [PATCH] [PATCH] AARCH64: Add gcc Shadow Call Stack support
To:     Mark Rutland <mark.rutland@arm.com>
Cc:     Dan Li <ashimida@linux.alibaba.com>,
        Catalin Marinas <catalin.marinas@arm.com>,
        Will Deacon <will@kernel.org>,
        Nathan Chancellor <nathan@kernel.org>,
        Nick Desaulniers <ndesaulniers@google.com>,
        Kees Cook <keescook@chromium.org>,
        Masahiro Yamada <masahiroy@kernel.org>,
        Thomas Gleixner <tglx@linutronix.de>,
        Andrew Morton <akpm@linux-foundation.org>,
        Sami Tolvanen <samitolvanen@google.com>,
        Nicholas Piggin <npiggin@gmail.com>,
        Guenter Roeck <linux@roeck-us.net>,
        Masami Hiramatsu <mhiramat@kernel.org>,
        Miguel Ojeda <ojeda@kernel.org>, luc.vanoostenryck@gmail.com,
        Marco Elver <elver@google.com>,
        Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
        Linux ARM <linux-arm-kernel@lists.infradead.org>,
        llvm@lists.linux.dev, linux-hardening@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Tue, 22 Feb 2022 at 19:48, Mark Rutland <mark.rutland@arm.com> wrote:
>
> Hi,
>
> On Tue, Feb 22, 2022 at 01:57:36AM -0800, Dan Li wrote:
> > Shadow call stack is available in GCC > 11.2.0, this patch makes
> > the corresponding kernel configuration available when compiling
> > the kernel with gcc.
>
> Neat!
>
> My local GCC devs told me that means GCC 12.x.x rather than 11.2.x or
> 11.3.x, so as others have said it'd be clearer to say `GCC >= 12.0.0`.
>
> I'd like to try this with a GCC binary before I provide an Ack or R-b;
> but in the mean time I have a few comments below.
>
> > Note that the implementation in GCC is slightly different from Clang.
> > With SCS enabled, functions will only pop x30 once in the epilogue,
> > like:
> >
> >    str     x30, [x18], #8
> >    stp     x29, x30, [sp, #-16]!
> >    ......
> > -  ldp     x29, x30, [sp], #16          //clang
> > +  ldr     x29, [sp], #16       //GCC
> >    ldr     x30, [x18, #-8]!
>
> Given the prologue still pushes both x29 and x30 (which we critically
> depend upon) that sounds OK to me.
>

Indeed.

What did come up in the discussion on the GCC side was runtime
patching (to avoid the overhead of having both PAC and SCS), but it
seems far more likely that we would patch PACIASP/AUTIASP instructions
into SCS pushes/pops rather than the other way around, and so loading
x30 only once should be fine.