[RFC PATCH 0/3] arm64: Implement reliable stack trace

[Madhavan T. Venkataraman]

On 2/2/21 4:05 AM, Mark Rutland wrote:
>>> I think at this point, we haven't gained anything from using a shadow
>>> stack, and I'd much rather we used objtool to gather any metadata needed
>>> to make unwinding reliable without mandating a shadow stack.
>>>
>> I think we have gained something. Pushing the return addresses on the shadow stack
>> and using them to unwind means that objtool does not have to decode every single
>> instruction and track the changes to the stack and frame state.
> I think that practically speaking it's necessary to track all potential
> paths through functions that may alter the shadow stack or the shadow
> stack pointer to ensure that the manipulation is well-balanced and that
> the shadow stack pointer isn't corrupted.
> 
> Practically speaking, this requires decoding a significant number of
> instructions, and tracing through all potential paths a function may
> take.

I am not sure why the shadow stack should be modified by any function.
It is a shadow stack. Functions are not supposed to be aware of it
(except for the prolog and epilog).

For C functions, the compiler would reserve the shadow stack pointer
register and not use it for anything other than prolog and epilog.

If the worry is that some kernel developer may unknowingly use the register
in assembly code and we need to catch this during kernel build, we can do it
using grep. The only code that is allowed to modify it is the macros that we
define for prolog and epilog. This can be done using a simple script.

Madhavan