[RFC PATCH v2 3/3] arm64: implement dynamic shadow call stack for Clang
Ard Biesheuvel
ardb at kernel.org
Thu May 5 23:59:49 PDT 2022
On Fri, 6 May 2022 at 02:00, Kees Cook <keescook at chromium.org> wrote:
>
> On Thu, May 05, 2022 at 06:10:11PM +0200, Ard Biesheuvel wrote:
> > [...]
> > + /*
> > + * We only enable the shadow call stack dynamically if we are running
> > + * on a system that does not implement PAC or BTI. PAC and SCS roughly
> > + * provide the same level of protection, and BTI relies on the PACIASP
> > + * instructions serving as landing pads, preventing us from patching
> > + * those instructions into something else.
> > + */
>
> If BTI relies on PAC, then we only need to check for PAC, yes? I.e.
> there isn't going to be a device with BTI but without PAC.
>
BTI does not rely on PAC, but PACIASP serves as an implicit BTI
instruction as well as a 'sign return address' instruction, given that
it usually appears at the start of a function. So we cannot patch it
away in that case, but I expect this to be a rare case anyway.
More information about the linux-arm-kernel
mailing list