Commit f6ffa4c8 authored by Will Deacon's avatar Will Deacon
Browse files

Merge branch 'for-next/dynamic-scs' into for-next/core 

* for-next/dynamic-scs:
  arm64: implement dynamic shadow call stack for Clang
  scs: add support for dynamic shadow call stacks
  arm64: unwind: add asynchronous unwind tables to kernel and modules
parents 9f930478 3b619e22

Makefile

+2 −0
Original line number Diff line number Diff line
@@ -966,8 +966,10 @@ LDFLAGS_vmlinux += --gc-sections 
endif



ifdef CONFIG_SHADOW_CALL_STACK

ifndef CONFIG_DYNAMIC_SCS

CC_FLAGS_SCS	:= -fsanitize=shadow-call-stack

KBUILD_CFLAGS	+= $(CC_FLAGS_SCS)

endif

export CC_FLAGS_SCS

endif

arch/Kconfig

+7 −0
Original line number Diff line number Diff line
@@ -651,6 +651,13 @@ config SHADOW_CALL_STACK 
	  reading and writing arbitrary memory may be able to locate them

	  and hijack control flow by modifying the stacks.



config DYNAMIC_SCS

	bool

	help

	  Set by the arch code if it relies on code patching to insert the

	  shadow call stack push and pop instructions rather than on the

	  compiler.



config LTO

	bool

	help

arch/arm64/Kconfig

+12 −0
Original line number Diff line number Diff line
@@ -371,6 +371,9 @@ config KASAN_SHADOW_OFFSET 
	default 0xeffffff800000000 if ARM64_VA_BITS_36 && KASAN_SW_TAGS

	default 0xffffffffffffffff



config UNWIND_TABLES

	bool



source "arch/arm64/Kconfig.platforms"



menu "Kernel Features"
@@ -2158,6 +2161,15 @@ config ARCH_NR_GPIO 


          If unsure, leave the default value.



config UNWIND_PATCH_PAC_INTO_SCS

	bool "Enable shadow call stack dynamically using code patching"

	# needs Clang with https://reviews.llvm.org/D111780 incorporated

	depends on CC_IS_CLANG && CLANG_VERSION >= 150000

	depends on ARM64_PTR_AUTH_KERNEL && CC_HAS_BRANCH_PROT_PAC_RET

	depends on SHADOW_CALL_STACK

	select UNWIND_TABLES

	select DYNAMIC_SCS



endmenu # "Kernel Features"



menu "Boot options"

arch/arm64/Makefile

+13 −2
Original line number Diff line number Diff line
@@ -45,8 +45,13 @@ KBUILD_CFLAGS += $(call cc-option,-mabi=lp64) 
KBUILD_AFLAGS	+= $(call cc-option,-mabi=lp64)



# Avoid generating .eh_frame* sections.

ifneq ($(CONFIG_UNWIND_TABLES),y)

KBUILD_CFLAGS	+= -fno-asynchronous-unwind-tables -fno-unwind-tables

KBUILD_AFLAGS	+= -fno-asynchronous-unwind-tables -fno-unwind-tables

else

KBUILD_CFLAGS	+= -fasynchronous-unwind-tables

KBUILD_AFLAGS	+= -fasynchronous-unwind-tables

endif



ifeq ($(CONFIG_STACKPROTECTOR_PER_TASK),y)

prepare: stack_protector_prepare
@@ -72,10 +77,16 @@ branch-prot-flags-$(CONFIG_CC_HAS_SIGN_RETURN_ADDRESS) := -msign-return-address= 
# We enable additional protection for leaf functions as there is some

# narrow potential for ROP protection benefits and no substantial

# performance impact has been observed.

PACRET-y := pac-ret+leaf



# Using a shadow call stack in leaf functions is too costly, so avoid PAC there

# as well when we may be patching PAC into SCS

PACRET-$(CONFIG_UNWIND_PATCH_PAC_INTO_SCS) := pac-ret



ifeq ($(CONFIG_ARM64_BTI_KERNEL),y)

branch-prot-flags-$(CONFIG_CC_HAS_BRANCH_PROT_PAC_RET_BTI) := -mbranch-protection=pac-ret+leaf+bti

branch-prot-flags-$(CONFIG_CC_HAS_BRANCH_PROT_PAC_RET_BTI) := -mbranch-protection=$(PACRET-y)+bti

else

branch-prot-flags-$(CONFIG_CC_HAS_BRANCH_PROT_PAC_RET) := -mbranch-protection=pac-ret+leaf

branch-prot-flags-$(CONFIG_CC_HAS_BRANCH_PROT_PAC_RET) := -mbranch-protection=$(PACRET-y)

endif

# -march=armv8.3-a enables the non-nops instructions for PAC, to avoid the

# compiler to generate them and consequently to break the single image contract

arch/arm64/include/asm/module.lds.h

+8 −0
Original line number Diff line number Diff line
@@ -17,4 +17,12 @@ SECTIONS { 
	 */

	.text.hot : { *(.text.hot) }

#endif



#ifdef CONFIG_UNWIND_TABLES

	/*

	 * Currently, we only use unwind info at module load time, so we can

	 * put it into the .init allocation.

	 */

	.init.eh_frame : { *(.eh_frame) }

#endif

}