[PATCH v3 3/3] arm64: implement dynamic shadow call stack for Clang

[Kees Cook]

On Mon, Jun 13, 2022 at 03:40:08PM +0200, Ard Biesheuvel wrote:
> Implement dynamic shadow call stack support on Clang, by parsing the
> unwind tables at init time to locate all occurrences of PACIASP/AUTIASP
> instructions, and replacing them with the shadow call stack push and pop
> instructions, respectively.
> 
> This is useful because the overhead of the shadow call stack is
> difficult to justify on hardware that implements pointer authentication
> (PAC), and given that the PAC instructions are executed as NOPs on
> hardware that doesn't, we can just replace them without breaking
> anything. As PACIASP/AUTIASP are guaranteed to be paired with respect to
> manipulations of the return address, replacing them 1:1 with shadow call
> stack pushes and pops is guaranteed to result in the desired behavior.

Specifically, the "PAC available" benefit is the per-thread memory
savings (no shadow stack needs to be allocated). Thanks for getting this
working!

> Signed-off-by: Ard Biesheuvel <ardb at kernel.org>

Sami, can you test this for the cases you've needed this for?

In the meantime, Will, can you land this for -next so we can get maximal
test time?

-- 
Kees Cook