[PATCH v3 3/3] arm64: implement dynamic shadow call stack for Clang

[Ard Biesheuvel]

On Mon, 13 Jun 2022 at 18:30, Kees Cook <keescook at chromium.org> wrote:
>
> On Mon, Jun 13, 2022 at 03:40:08PM +0200, Ard Biesheuvel wrote:
> > Implement dynamic shadow call stack support on Clang, by parsing the
> > unwind tables at init time to locate all occurrences of PACIASP/AUTIASP
> > instructions, and replacing them with the shadow call stack push and pop
> > instructions, respectively.
> >
> > This is useful because the overhead of the shadow call stack is
> > difficult to justify on hardware that implements pointer authentication
> > (PAC), and given that the PAC instructions are executed as NOPs on
> > hardware that doesn't, we can just replace them without breaking
> > anything. As PACIASP/AUTIASP are guaranteed to be paired with respect to
> > manipulations of the return address, replacing them 1:1 with shadow call
> > stack pushes and pops is guaranteed to result in the desired behavior.
>
> Specifically, the "PAC available" benefit is the per-thread memory
> savings (no shadow stack needs to be allocated). Thanks for getting this
> working!
>
> > Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
>
> Sami, can you test this for the cases you've needed this for?
>
> In the meantime, Will, can you land this for -next so we can get maximal
> test time?
>

I should note that this relies on Clang 15 which has not been released yet.

I have been using the clang-15 and lld-15 packages from

deb http://apt.llvm.org/bullseye/ llvm-toolchain-bullseye main

and setting LLVM=-15 on the make command line.