[PATCH v3 00/36] arm64/gcs: Provide support for GCS in userspace
Mark Brown
broonie at kernel.org
Tue Aug 1 08:09:58 PDT 2023
On Tue, Aug 01, 2023 at 03:13:20PM +0100, Will Deacon wrote:
> On Mon, Jul 31, 2023 at 02:43:09PM +0100, Mark Brown wrote:
> > The arm64 Guarded Control Stack (GCS) feature provides support for
> > hardware protected stacks of return addresses, intended to provide
> > hardening against return oriented programming (ROP) attacks and to make
> > it easier to gather call stacks for applications such as profiling.
> Why is this better than Clang's software shadow stack implementation? It
> would be nice to see some justification behind adding all this, rather
> than it being an architectural tick-box exercise.
Mainly that it's hardware enforced (as the quoted paragraph says). This
makes it harder to attack, and hopefully it's also a bit faster (how
measurable that might be will be an open question, but even NOPs in
function entry/exit tend to get noticed).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/linux-riscv/attachments/20230801/2454e27c/attachment.sig>
More information about the linux-riscv
mailing list