[PATCH] arm64: Apply dynamic shadow call stack patching in two passes

[Sami Tolvanen]

On Tue, Dec 13, 2022 at 6:29 AM Ard Biesheuvel <ardb at kernel.org> wrote:
>
> Code patching for the dynamically enabled shadow call stack comes down
> to finding PACIASP and AUTIASP instructions -which behave as NOPs on
> cores that do not implement pointer authentication- and converting them
> into shadow call stack pushes and pops, respectively.
>
> Due to past bad experiences with the highly complex and overengineered
> DWARF standard that describes the unwind metadata that we are using to
> locate these instructions, let's make this patching logic a little bit
> more robust so that any issues with the unwind metadata detected at boot
> time can de dealt with gracefully.
>
> The DWARF annotations that are used for this are emitted at function
> granularity, and due to the fact that the instructions we are patching
> will simply behave as NOPs if left unpatched, we can abort on errors as
> long as we don't leave any functions in a half-patched state.
>
> So do a dry run of each FDE frame (covering a single function) before
> performing the actual patching, and give up if the DWARF metadata cannot
> be understood.
>
> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
> ---
>  arch/arm64/kernel/patch-scs.c | 11 ++++++++---
>  1 file changed, 8 insertions(+), 3 deletions(-)

Reviewed-by: Sami Tolvanen <samitolvanen at google.com>

Sami