GCC 12 Adds Support For AArch64 Shadow Call Stack

Written by Michael Larabel in GNU on 22 February 2022 at 04:42 AM EST. Add A Comment
GNU
Squeezing into the GCC 12 compiler release is support for the Shadow Call Stack functionality on 64-bit Arm (AArch64).

LLVM/Clang spearheaded Shadow Call Stack (SCS) for protecting the return address of a function at run-time. Shadow Call Stack has proven useful on AArch64 while was a bust on x86_64 and already removed.

The LLVM documentation sums up Shadow Call Stack as:
ShadowCallStack is an instrumentation pass, currently only implemented for aarch64, that protects programs against return address overwrites (e.g. stack buffer overflows.) It works by saving a function’s return address to a separately allocated ‘shadow call stack’ in the function prolog in non-leaf functions and loading the return address from the shadow call stack in the function epilog. The return address is also stored on the regular stack for compatibility with unwinders, but is otherwise unused.

The aarch64 implementation is considered production ready, and an implementation of the runtime has been added to Android’s libc (bionic). An x86_64 implementation was evaluated using Chromium and was found to have critical performance and security deficiencies–it was removed in LLVM 9.0.

Thanks to the work of an Alibaba engineer, GCC now has Shadow Call Stack support on AArch64 too for the compiler-side changes for SCS support.

Like with Clang, the GCC SCS AArch64 functionality can be enabled with the -fsanitize=shadow-call-stack compiler option.
Add A Comment
Related News
Glibc 2.41 Adds C23's sinpi / cospi / tanpi Functions
GCC 15 Ends Support For Altera Nios II Embedded Processors
GNU Linux-libre 6.12-gnu Continues Dealing With More Blobs In The Kernel
GCC 15 Compiler Development Shifts From Features To Bug Fixing
GCC 15 Moves C Default Language Version To C23
GCC 15 Adds Option For Arm Guarded Control Stack "GCS" Code Generation
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
Linus Torvalds Comes Out Against "Completely Broken" x86_64 Feature Levels
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
COSMIC Alpha 4 Released For System76's Rust-Based Desktop
Rustls Multi-Threaded Performance Is Battering OpenSSL
Fedora 42 Aims To Enhance The Windows Subsystem For Linux Experience
KDE Starts December By Landing A Number Of New Features
Linux 6.12 Officially Promoted To Being An LTS Kernel