[PATCH v3 2/2] lkdtm: Add Shadow Call Stack tests
Dan Li
ashimida at linux.alibaba.com
Thu Mar 10 18:46:29 PST 2022
On 3/9/22 12:16, Kees Cook wrote:
> On Mon, Mar 07, 2022 at 07:16:36AM -0800, Dan Li wrote:
>> But currently it still crashes when I try to enable
>> "-mbranch-protection=pac-ret+leaf+bti".
>>
>> Because the address of "&&redirected" is not encrypted under pac,
>> the autiasp check will fail when set_return_addr returns, and
>> eventually cause the function to crash when it returns to "&&redirected"
>> ("&&redirected" as a reserved label always seems to start with a bti j
>> insn).
>
> Strictly speaking, this is entirely correct. :)
>
>> For lkdtm, if we're going to handle both cases in one function, maybe
>> it would be better to turn off the -mbranch-protection=pac-ret+leaf+bti
>> and maybe also turn off -O2 options for the function :)
>
> If we can apply a function attribute to turn off pac for the "does this
> work without protections", that should be sufficient.
>
Got it, will do in the next version :)
Thanks,
Dan.
More information about the linux-arm-kernel
mailing list