[PATCH v3 2/3] scs: add support for dynamic shadow call stacks

Ard Biesheuvel ardb at kernel.org
Thu Jun 16 00:14:59 PDT 2022


On Wed, 15 Jun 2022 at 19:12, Sami Tolvanen <samitolvanen at google.com> wrote:
>
> On Tue, Jun 14, 2022 at 08:20:13AM +0200, Ard Biesheuvel wrote:
> > On Mon, 13 Jun 2022 at 15:40, Ard Biesheuvel <ardb at kernel.org> wrote:
> > >
> > > In order to allow arches to use code patching to conditionally emit the
> > > shadow stack pushes and pops, rather than always taking the performance
> > > hit even on CPUs that implement alternatives such as stack pointer
> > > authentication on arm64, add a Kconfig symbol that can be set by the
> > > arch to omit the SCS codegen itself, without otherwise affecting how
> > > support code for SCS and compiler options (for register reservation, for
> > > instance) are emitted.
> > >
> > > Also, add a static key and some plumbing to omit the allocation of
> > > shadow call stack for dynamic SCS configurations if SCS is disabled at
> > > runtime.
> > >
> > > Signed-off-by: Ard Biesheuvel <ardb at kernel.org>
> > > Reviewed-by: Nick Desaulniers <ndesaulniers at google.com>
> > > Reviewed-by: Kees Cook <keescook at chromium.org>
> >
> > This patch needs the following hunk applied on top to fix a build
> > error reported by the bots:
> >
> > --- a/include/linux/scs.h
> > +++ b/include/linux/scs.h
> > @@ -57,6 +57,8 @@ DECLARE_STATIC_KEY_TRUE(dynamic_scs_enabled);
> >
> >  static inline bool scs_is_dynamic(void)
> >  {
> > +       if (!IS_ENABLED(CONFIG_DYNAMIC_SCS))
> > +               return false;
> >         return static_branch_likely(&dynamic_scs_enabled);
> >  }
>
> With this:
>
> Reviewed-by: Sami Tolvanen <samitolvanen at google.com>
>

Thanks. I had spotted that too, and came up with the exact same fix.



More information about the linux-arm-kernel mailing list