Re: [PATCH 06/18] add support for Clang's Shadow Call Stack (SCS)

From: Kees Cook
Date: Tue Oct 22 2019 - 12:30:58 EST

Next message: Philipp Zabel: "[PATCH] reset: document (devm_)reset_control_get_optional variants"
Previous message: Tony Lindgren: "Re: [Patch 0/3] ARM: dts: dra7: add vpe nodes"
In reply to: Mark Rutland: "Re: [PATCH 06/18] add support for Clang's Shadow Call Stack (SCS)"
Next in thread: Mark Rutland: "Re: [PATCH 06/18] add support for Clang's Shadow Call Stack (SCS)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 22, 2019 at 05:28:27PM +0100, Mark Rutland wrote:
> On Fri, Oct 18, 2019 at 09:10:21AM -0700, Sami Tolvanen wrote:
> > This change adds generic support for Clang's Shadow Call Stack, which
> > uses a shadow stack to protect return addresses from being overwritten
> > by an attacker. Details are available here:
> >
> > https://clang.llvm.org/docs/ShadowCallStack.html
> >
> > Signed-off-by: Sami Tolvanen <samitolvanen@xxxxxxxxxx>
> > ---
> > Makefile | 6 ++
> > arch/Kconfig | 39 ++++++++
> > include/linux/compiler-clang.h | 2 +
> > include/linux/compiler_types.h | 4 +
> > include/linux/scs.h | 88 ++++++++++++++++++
> > init/init_task.c | 6 ++
> > init/main.c | 3 +
> > kernel/Makefile | 1 +
> > kernel/fork.c | 9 ++
> > kernel/sched/core.c | 2 +
> > kernel/sched/sched.h | 1 +
> > kernel/scs.c | 162 +++++++++++++++++++++++++++++++++
> > 12 files changed, 323 insertions(+)
> > create mode 100644 include/linux/scs.h
> > create mode 100644 kernel/scs.c
> >
> > diff --git a/Makefile b/Makefile
> > index ffd7a912fc46..e401fa500f62 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -846,6 +846,12 @@ ifdef CONFIG_LIVEPATCH
> > KBUILD_CFLAGS += $(call cc-option, -flive-patching=inline-clone)
> > endif
> >
> > +ifdef CONFIG_SHADOW_CALL_STACK
> > +KBUILD_CFLAGS += -fsanitize=shadow-call-stack
> > +DISABLE_SCS := -fno-sanitize=shadow-call-stack
> > +export DISABLE_SCS
> > +endif
>
> I think it would be preferable to follow the example of CC_FLAGS_FTRACE
> so that this can be filtered out, e.g.
>
> ifdef CONFIG_SHADOW_CALL_STACK
> CFLAGS_SCS := -fsanitize=shadow-call-stack
^^^ was this meant to be CC_FLAGS_SCS here

> KBUILD_CFLAGS += $(CFLAGS_SCS)
^^^ and here?

> export CC_FLAGS_SCS
> endif
>
> ... with removal being:
>
> CFLAGS_REMOVE := $(CC_FLAGS_SCS)
>
> ... or:
>
> CFLAGS_REMOVE_obj.o := $(CC_FLAGS_SCS)
>
> That way you only need to define the flags once, so the enable and
> disable falgs remain in sync by construction.
>
> [...]

--
Kees Cook

Next message: Philipp Zabel: "[PATCH] reset: document (devm_)reset_control_get_optional variants"
Previous message: Tony Lindgren: "Re: [Patch 0/3] ARM: dts: dra7: add vpe nodes"
In reply to: Mark Rutland: "Re: [PATCH 06/18] add support for Clang's Shadow Call Stack (SCS)"
Next in thread: Mark Rutland: "Re: [PATCH 06/18] add support for Clang's Shadow Call Stack (SCS)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]