Linux 5.8 Tightens ARM 64-Bit Security With BTI, Shadow Call Stack Support

Written by Michael Larabel in Arm on 3 June 2020 at 03:38 AM EDT. 1 Comment
ARM
The 64-bit ARM (ARM64 / AArch64) architecture changes have already landed into the progressing Linux 5.8 codebase.

When it comes to modern Arm architectural changes for Linux 5.8, this cycle it primarily revolves around two security features now being supported: Branch Target Identification and Shadow Call Stack.

Branch Target Identification (BTI) support as part of the ARMv8.5 specification. Branch Target Identification marks valid targets of indirect branches and the CPU will trap an instruction in a protected page that is trying to perform an indirect branch to an instruction other than a marked BTI.

Unlike BTI that needs ARMv8.5 SoC support, Shadow Call Stack is a compiler-level feature when building with LLVM/Clang. Shadow Call Stack support, which works in conjunction with the LLVM Clang compiler. Shadow Call Stack is designed to prevent against return address overwrites. Currently though the LLVM/Clang compiler code only supports this on AArch64 and so does this current kernel code for Linux 5.8. This kernel code could be ported to other architectures if LLVM ends up supporting the Shadow Call Stack elsewhere. SCS support was previously dropped on x86_64 over big performance hits.

The rest of the ARM64 changes are mostly minor and outlined via this merge. Still coming up in the days ahead for the Linux 5.8 merge window are all of the SoC/platform/DeviceTree changes.
1 Comment
Related News
LLVM Clang 19 Adds Arm Neoverse-N3 / Neoverse-V3 / Neoverse-V3AE Support
Acer Aspire One ARM Laptop To Have "Almost Full" Support With Linux 6.10
Linux 6.10 To Add Script For Building ARM64 Flat Image Trees
Arm China Looking At Upstreaming Their "Zhouyi" NPU Driver Into The Linux Kernel
Panthor DRM Driver Queued For Linux 6.10 To Support Newer Arm Mali GPUs
ARM SCMI CPUFreq Driver Enabling Boost Support By Default With Linux 6.9
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Fedora Linux 40 Available For Download As A Wonderful Upgrade
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Systemd 256-rc1 Brings A Huge Number Of New Features
NVIDIA Developer Opens Feature Pull Request For Open-Source NVK Driver
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance
Microsoft Open-Sources MS-DOS 4.0 Under MIT License
GNOME Working To Make Key Rack A Viable Password Manager, Better Printing For Flatpaks
Ubuntu 24.04 LTS Downloads Now Available