Linux 6.2 Implementing Dynamic Shadow Call Stack Support For AArch64

Written by Michael Larabel in Arm on 14 November 2022 at 05:20 AM EST. Add A Comment
ARM --
The Linux kernel built with Clang has supported Shadow Call Stack "SCS: to prevent return address overwrites. With patches building up for Linux 6.2, Dynamic Shadow Call Stack is being implemented to avoid the overhead of SCS on processors supporting pointer authentication (PAC).

The Shadow Call Stack support is useful for protecting against return address overwrites / stack buffer overflows. But on AArch64 processors with pointer authentication, it's harder to justify the usefulness of the Shadow Call Stack. So for Linux 6.2 the plan is to enable dynamic SCS support to allow it to be enabled/disabled at boot time.This Dynamic Shadow Call Stack support is done at boot/run-time via code patching.

Thereby no alternative kernel build with SCS disabled is needed for those not wanting this security feature for their AArch64 SoC due to other hardware protections already in place.

"Implement dynamic shadow call stack support on Clang, by parsing the unwind tables at init time to locate all occurrences of PACIASP/AUTIASP instructions, and replacing them with the shadow call stack push and pop instructions, respectively.

This is useful because the overhead of the shadow call stack is difficult to justify on hardware that implements pointer authentication (PAC), and given that the PAC instructions are executed as NOPs on hardware that doesn't, we can just replace them without breaking anything. As PACIASP/AUTIASP are guaranteed to be paired with respect to manipulations of the return address, replacing them 1:1 with shadow call stack pushes and pops is guaranteed to result in the desired behavior."

Queued via ARM64's "for-next" core material is dynamic SCS and implementing it for ARM64 with Clang. Barring any issues from coming up, this code in turn will then be submitted for the Linux 6.2 merge window next month.

Those wanting to learn more about Clang's Shadow Call Stack instrumentation pass can do so via the Clang docs.
Related News
About The Author
Author picture

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week