GCC 12 Adds Support For AArch64 Shadow Call Stack

Written by Michael Larabel in GNU on 22 February 2022 at 04:42 AM EST. Add A Comment
GNU
Squeezing into the GCC 12 compiler release is support for the Shadow Call Stack functionality on 64-bit Arm (AArch64).

LLVM/Clang spearheaded Shadow Call Stack (SCS) for protecting the return address of a function at run-time. Shadow Call Stack has proven useful on AArch64 while was a bust on x86_64 and already removed.

The LLVM documentation sums up Shadow Call Stack as:
ShadowCallStack is an instrumentation pass, currently only implemented for aarch64, that protects programs against return address overwrites (e.g. stack buffer overflows.) It works by saving a function’s return address to a separately allocated ‘shadow call stack’ in the function prolog in non-leaf functions and loading the return address from the shadow call stack in the function epilog. The return address is also stored on the regular stack for compatibility with unwinders, but is otherwise unused.

The aarch64 implementation is considered production ready, and an implementation of the runtime has been added to Android’s libc (bionic). An x86_64 implementation was evaluated using Chromium and was found to have critical performance and security deficiencies–it was removed in LLVM 9.0.

Thanks to the work of an Alibaba engineer, GCC now has Shadow Call Stack support on AArch64 too for the compiler-side changes for SCS support.

Like with Clang, the GCC SCS AArch64 functionality can be enabled with the -fsanitize=shadow-call-stack compiler option.
Add A Comment
Related News
GCC 14 Compiler Adds AArch64 GNU/Hurd Support
GCC 14 Boasts Nice ASCII Art For Visualizing Buffer Overflows
GNU Poke 4.0 & Poke-ELF 1.0 Released For Dealing With Binary Data
GNU Coreutils 9.5 Can Yield 10~20% Throughput Boost For cp, mv & cat Commands
IBM Posts GCC Patches For -mcpu=power11 Support
GNU Linux-libre 6.8-gnu Dealing With Blobs From New Intel Drivers
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them
Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora 41 Looks To "-O3" Optimizations For Its Python Build
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More
Fedora Linux 40 Cleared For Release Next Week
Proposed "LibGodot" Lets You Embed Godot Game Engine Into Other Apps