From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.4 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 60F47C35E04 for ; Tue, 25 Feb 2020 17:40:02 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 39E1B20CC7 for ; Tue, 25 Feb 2020 17:40:02 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="rcZDangc" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731030AbgBYRkA (ORCPT ); Tue, 25 Feb 2020 12:40:00 -0500 Received: from mail-qv1-f74.google.com ([209.85.219.74]:46144 "EHLO mail-qv1-f74.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730704AbgBYRj6 (ORCPT ); Tue, 25 Feb 2020 12:39:58 -0500 Received: by mail-qv1-f74.google.com with SMTP id l1so46985qvu.13 for ; Tue, 25 Feb 2020 09:39:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=euAiLk7SvDA/PnGZzpLLTI9flOv+YzdznFtW1y3XFgk=; b=rcZDangcxdPLQ8c/UeSJooK9TmmcaDC40GzTyXoR+zBGLCamuGVic+lOltfCliyqYp Qy8x3/XWiF5TB8IYJLOgBrOoaX/kfXC+FQpjknL3PmAvzLsHKIG8DFoA74qXXIQXcNUZ 0OPMc9Q6heNg+Um6Kgciy/F5zEx8rAtsKgU3ZM7obRhY5/2A+Kk5A2CEjGk/5z4KifOG 9Z6jS9mj4n9vzgOcBl5JrDZVyk1nzFBi2cDuhhMmE7njtr4mtFSRw2VEqaau0AxfNwT+ T7LcR9LbC/GlbWKawMf7nnsCnVxQ4M+uxzYY1Vt1qL5/aWpfYaqxMkUArMyYV5gLmZTm 3Obg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=euAiLk7SvDA/PnGZzpLLTI9flOv+YzdznFtW1y3XFgk=; b=N3nqoPyZz2XKFA1UrMsK7BGfwZiNDQhykfDuzguAOiUv6SD32iXDFKogPGylAxOgvn 5WA9cCxN0KtiQ47V6DCFUM77F+1NDfW0Nks17agyL9AVy2bmYAAfoFOJ+a+JN8sB0k9X 3b7x7f2eGYQ5/i51eSIHFZlS5BCP26IyNvSjc2lc5NaTsUaWtiM4opeCxjh5PO7Fd5Mr G7u/+4pyvRt/dQgpmX0aeB7cTOl8Ge88MmS0qGPcI0I3ZQHl9BeWjCdbpAxgMcYaGFmt l4o1pbTdvA0O0NYEA0KA8M4plFNvMZvA8W9gMBmbbJqRLcdQ2WuLPvETNwKqbuQy3DgM /FOg== X-Gm-Message-State: APjAAAU1O728dVHkACBHALbh38NAfAzMFezQ66tkMymHYtVTE29wXXBf YjK9JzrvvTFvcDMMYYHJtyAId6dIl/mTrqFS9k4= X-Google-Smtp-Source: APXvYqxlqJxQl5BI1MzivwW+BHpAHu+yoCC0b4OSIv8tWhwsj+eyaqOdONKRweH1H/aDrmbR0wf2esPZBfRljhjv3g8= X-Received: by 2002:ac8:3aa6:: with SMTP id x35mr39983775qte.38.1582652397221; Tue, 25 Feb 2020 09:39:57 -0800 (PST) Date: Tue, 25 Feb 2020 09:39:25 -0800 In-Reply-To: <20200225173933.74818-1-samitolvanen@google.com> Message-Id: <20200225173933.74818-5-samitolvanen@google.com> Mime-Version: 1.0 References: <20191018161033.261971-1-samitolvanen@google.com> <20200225173933.74818-1-samitolvanen@google.com> X-Mailer: git-send-email 2.25.0.265.gbab2e86ba0-goog Subject: [PATCH v9 04/12] scs: disable when function graph tracing is enabled From: Sami Tolvanen To: Will Deacon , Catalin Marinas , James Morse , Steven Rostedt , Masami Hiramatsu , Ard Biesheuvel , Mark Rutland Cc: Dave Martin , Kees Cook , Laura Abbott , Marc Zyngier , Nick Desaulniers , Jann Horn , Miguel Ojeda , Masahiro Yamada , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Sami Tolvanen Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org The graph tracer hooks returns by modifying frame records on the (regular) stack, but with SCS the return address is taken from the shadow stack, and the value in the frame record has no effect. As we don't currently have a mechanism to determine the corresponding slot on the shadow stack (and to pass this through the ftrace infrastructure), for now let's disable SCS when the graph tracer is enabled. With SCS the return address is taken from the shadow stack and the value in the frame record has no effect. The mcount based graph tracer hooks returns by modifying frame records on the (regular) stack, and thus is not compatible. The patchable-function-entry graph tracer used for DYNAMIC_FTRACE_WITH_REGS modifies the LR before it is saved to the shadow stack, and is compatible. Modifying the mcount based graph tracer to work with SCS would require a mechanism to determine the corresponding slot on the shadow stack (and to pass this through the ftrace infrastructure), and we expect that everyone will eventually move to the patchable-function-entry based graph tracer anyway, so for now let's disable SCS when the mcount-based graph tracer is enabled. SCS and patchable-function-entry are both supported from LLVM 10.x. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Reviewed-by: Mark Rutland --- arch/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/Kconfig b/arch/Kconfig index a67fa78c92e7..d53ade0950a5 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -535,6 +535,7 @@ config ARCH_SUPPORTS_SHADOW_CALL_STACK config SHADOW_CALL_STACK bool "Clang Shadow Call Stack" + depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER depends on ARCH_SUPPORTS_SHADOW_CALL_STACK help This option enables Clang's Shadow Call Stack, which uses a -- 2.25.0.265.gbab2e86ba0-goog From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_ADSP_CUSTOM_MED,DKIM_SIGNED,DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 260EFC35E01 for ; Tue, 25 Feb 2020 17:41:24 +0000 (UTC) Received: from bombadil.infradead.org (bombadil.infradead.org [198.137.202.133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id EF7BD2082F for ; Tue, 25 Feb 2020 17:41:23 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="ic7hstph"; dkim=fail reason="signature verification failed" (2048-bit key) header.d=google.com header.i=@google.com header.b="rcZDangc" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org EF7BD2082F Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:Cc:List-Subscribe:List-Help:List-Post: List-Archive:List-Unsubscribe:List-Id:To:From:Subject:References:Mime-Version :Message-Id:In-Reply-To:Date:Reply-To:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: List-Owner; bh=ojM4H/G6kFWNXkJs031jbRvAkQnTHpz0c6emLeQmCLs=; b=ic7hstph3ZQymc Sbxhk4IMfdILM+q+Ty01rm2p6wUCDJMdFsR0jVwk3QFWG8zv1Wi1Ruf2fKfnt/DJ8EHvjDjdFH5OI U009X+oitsNCW3eUrJ1RbAAwdh2rwW+g+NfiOpWIUKI3oeHhOhCWglo7//kxwyDv66lBTQc5FV4S8 00diwDrrT7P0qfV2yryqLEyZ+VA9IxKXCRupaty5F+bQiZpz2hF/tAoqIUbg+FArDNHu1msLlpHoS ONN03eZ8eYJNBVtBnvHauY/KxIVQfIG+UcrAh2J2KcOjkCcR9a5UQUH6pqH0dsOe8GKxzTTx0FAHG 1irLTrkwi4CsAJCPSUNg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.92.3 #3 (Red Hat Linux)) id 1j6eCr-0003e5-L1; Tue, 25 Feb 2020 17:41:17 +0000 Received: from mail-qk1-x749.google.com ([2607:f8b0:4864:20::749]) by bombadil.infradead.org with esmtps (Exim 4.92.3 #3 (Red Hat Linux)) id 1j6eBb-0001Sh-P2 for linux-arm-kernel@lists.infradead.org; Tue, 25 Feb 2020 17:40:01 +0000 Received: by mail-qk1-x749.google.com with SMTP id z124so15874500qkd.20 for ; Tue, 25 Feb 2020 09:39:58 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=euAiLk7SvDA/PnGZzpLLTI9flOv+YzdznFtW1y3XFgk=; b=rcZDangcxdPLQ8c/UeSJooK9TmmcaDC40GzTyXoR+zBGLCamuGVic+lOltfCliyqYp Qy8x3/XWiF5TB8IYJLOgBrOoaX/kfXC+FQpjknL3PmAvzLsHKIG8DFoA74qXXIQXcNUZ 0OPMc9Q6heNg+Um6Kgciy/F5zEx8rAtsKgU3ZM7obRhY5/2A+Kk5A2CEjGk/5z4KifOG 9Z6jS9mj4n9vzgOcBl5JrDZVyk1nzFBi2cDuhhMmE7njtr4mtFSRw2VEqaau0AxfNwT+ T7LcR9LbC/GlbWKawMf7nnsCnVxQ4M+uxzYY1Vt1qL5/aWpfYaqxMkUArMyYV5gLmZTm 3Obg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=euAiLk7SvDA/PnGZzpLLTI9flOv+YzdznFtW1y3XFgk=; b=RlJYX4ruovIpW+BszJE7e1BFEX95TVImyBohqcQZZQkBW3kviZdSaTuNzu1wmwBrjX pknNX+VA44dQZPdKOFuCe+aEU5UWJC6Z5SMSa4Nfwzoy+2isi1h0hnLX0cPue8FxhKKo vaaAj+v7Dy+pVh/Ojf9tq+gI0/GS+4tZKnxUtXF2tc+rdFHQ5KgJ1O63imG3ctvVVCmp YdJnXnrfwfxrMKhg/wzr2COFoeo6pbpm6pq/LjTJq/Hi1J5dV1qM2LAWXv4KC00MweDH S37AWMSTg5W+knod6yjXfxeOqFxXu97U15mkomrTnUaKX9TrU+/6aIp2//EiPacpm34P N5ug== X-Gm-Message-State: APjAAAWk1Syie64/ThBpRTdG6ueAEcgxC5ZC+OdvpoCtLBTF41pAG8Ha wUI1kDJv+AW5deKW+st2D9k/5HFyhnYiioHDp+c= X-Google-Smtp-Source: APXvYqxlqJxQl5BI1MzivwW+BHpAHu+yoCC0b4OSIv8tWhwsj+eyaqOdONKRweH1H/aDrmbR0wf2esPZBfRljhjv3g8= X-Received: by 2002:ac8:3aa6:: with SMTP id x35mr39983775qte.38.1582652397221; Tue, 25 Feb 2020 09:39:57 -0800 (PST) Date: Tue, 25 Feb 2020 09:39:25 -0800 In-Reply-To: <20200225173933.74818-1-samitolvanen@google.com> Message-Id: <20200225173933.74818-5-samitolvanen@google.com> Mime-Version: 1.0 References: <20191018161033.261971-1-samitolvanen@google.com> <20200225173933.74818-1-samitolvanen@google.com> X-Mailer: git-send-email 2.25.0.265.gbab2e86ba0-goog Subject: [PATCH v9 04/12] scs: disable when function graph tracing is enabled From: Sami Tolvanen To: Will Deacon , Catalin Marinas , James Morse , Steven Rostedt , Masami Hiramatsu , Ard Biesheuvel , Mark Rutland X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20200225_093959_849472_59572A55 X-CRM114-Status: GOOD ( 12.16 ) X-BeenThere: linux-arm-kernel@lists.infradead.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Kees Cook , Jann Horn , Masahiro Yamada , Marc Zyngier , kernel-hardening@lists.openwall.com, Nick Desaulniers , linux-kernel@vger.kernel.org, Miguel Ojeda , clang-built-linux@googlegroups.com, Sami Tolvanen , Laura Abbott , Dave Martin , linux-arm-kernel@lists.infradead.org Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: "linux-arm-kernel" Errors-To: linux-arm-kernel-bounces+infradead-linux-arm-kernel=archiver.kernel.org@lists.infradead.org The graph tracer hooks returns by modifying frame records on the (regular) stack, but with SCS the return address is taken from the shadow stack, and the value in the frame record has no effect. As we don't currently have a mechanism to determine the corresponding slot on the shadow stack (and to pass this through the ftrace infrastructure), for now let's disable SCS when the graph tracer is enabled. With SCS the return address is taken from the shadow stack and the value in the frame record has no effect. The mcount based graph tracer hooks returns by modifying frame records on the (regular) stack, and thus is not compatible. The patchable-function-entry graph tracer used for DYNAMIC_FTRACE_WITH_REGS modifies the LR before it is saved to the shadow stack, and is compatible. Modifying the mcount based graph tracer to work with SCS would require a mechanism to determine the corresponding slot on the shadow stack (and to pass this through the ftrace infrastructure), and we expect that everyone will eventually move to the patchable-function-entry based graph tracer anyway, so for now let's disable SCS when the mcount-based graph tracer is enabled. SCS and patchable-function-entry are both supported from LLVM 10.x. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Reviewed-by: Mark Rutland --- arch/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/Kconfig b/arch/Kconfig index a67fa78c92e7..d53ade0950a5 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -535,6 +535,7 @@ config ARCH_SUPPORTS_SHADOW_CALL_STACK config SHADOW_CALL_STACK bool "Clang Shadow Call Stack" + depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER depends on ARCH_SUPPORTS_SHADOW_CALL_STACK help This option enables Clang's Shadow Call Stack, which uses a -- 2.25.0.265.gbab2e86ba0-goog _______________________________________________ linux-arm-kernel mailing list linux-arm-kernel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/linux-arm-kernel From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.4 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED, USER_AGENT_GIT,USER_IN_DEF_DKIM_WL autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3A284C35E01 for ; Tue, 25 Feb 2020 17:40:39 +0000 (UTC) Received: from mother.openwall.net (mother.openwall.net [195.42.179.200]) by mail.kernel.org (Postfix) with SMTP id 8D87B2084E for ; Tue, 25 Feb 2020 17:40:38 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="rcZDangc" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8D87B2084E Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=kernel-hardening-return-17909-kernel-hardening=archiver.kernel.org@lists.openwall.com Received: (qmail 1416 invoked by uid 550); 25 Feb 2020 17:40:09 -0000 Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Received: (qmail 1349 invoked from network); 25 Feb 2020 17:40:09 -0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:in-reply-to:message-id:mime-version:references:subject:from:to :cc; bh=euAiLk7SvDA/PnGZzpLLTI9flOv+YzdznFtW1y3XFgk=; b=rcZDangcxdPLQ8c/UeSJooK9TmmcaDC40GzTyXoR+zBGLCamuGVic+lOltfCliyqYp Qy8x3/XWiF5TB8IYJLOgBrOoaX/kfXC+FQpjknL3PmAvzLsHKIG8DFoA74qXXIQXcNUZ 0OPMc9Q6heNg+Um6Kgciy/F5zEx8rAtsKgU3ZM7obRhY5/2A+Kk5A2CEjGk/5z4KifOG 9Z6jS9mj4n9vzgOcBl5JrDZVyk1nzFBi2cDuhhMmE7njtr4mtFSRw2VEqaau0AxfNwT+ T7LcR9LbC/GlbWKawMf7nnsCnVxQ4M+uxzYY1Vt1qL5/aWpfYaqxMkUArMyYV5gLmZTm 3Obg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=euAiLk7SvDA/PnGZzpLLTI9flOv+YzdznFtW1y3XFgk=; b=SY9RSftACSsaSq8iPrzPexHI697ESQnj8U1bnFv50kGHAf23wQDL0Smoe21T7rppFG mdzCrE7JOrClaHOMK/Gk+mFUuTvxfFD5lYRM0b53oKCziLewLazhovJi0UyXaPjf4RF3 3gJyyN+gfEQbAWFk6P2s0HrGNb61xy8yqYFw8wh8N7/VRcNLKQkdK4fk1SZ1MemS0wBm ZORy9gTLApDVGcI5meXfi/6gdRN6QhYPpaf1fKppBSuwwN2JhyrkMG9/Iv1TYz3uXtPe x86TjVi31l3CWUmproAulM7BFj73BPuYwUDv3G0pU61aW0yYFJEoHZBcGN5IHOEVDGu2 SO7A== X-Gm-Message-State: APjAAAXm8lUTY3RdYkimwpxZ7z9ZY+IR3PvN8rc+0cuT8duThkGR9X7p 6+Ati0NKeLtvQ0PeF5DQ0KyWUaA4IhFL8a0Sbg4= X-Google-Smtp-Source: APXvYqxlqJxQl5BI1MzivwW+BHpAHu+yoCC0b4OSIv8tWhwsj+eyaqOdONKRweH1H/aDrmbR0wf2esPZBfRljhjv3g8= X-Received: by 2002:ac8:3aa6:: with SMTP id x35mr39983775qte.38.1582652397221; Tue, 25 Feb 2020 09:39:57 -0800 (PST) Date: Tue, 25 Feb 2020 09:39:25 -0800 In-Reply-To: <20200225173933.74818-1-samitolvanen@google.com> Message-Id: <20200225173933.74818-5-samitolvanen@google.com> Mime-Version: 1.0 References: <20191018161033.261971-1-samitolvanen@google.com> <20200225173933.74818-1-samitolvanen@google.com> X-Mailer: git-send-email 2.25.0.265.gbab2e86ba0-goog Subject: [PATCH v9 04/12] scs: disable when function graph tracing is enabled From: Sami Tolvanen To: Will Deacon , Catalin Marinas , James Morse , Steven Rostedt , Masami Hiramatsu , Ard Biesheuvel , Mark Rutland Cc: Dave Martin , Kees Cook , Laura Abbott , Marc Zyngier , Nick Desaulniers , Jann Horn , Miguel Ojeda , Masahiro Yamada , clang-built-linux@googlegroups.com, kernel-hardening@lists.openwall.com, linux-arm-kernel@lists.infradead.org, linux-kernel@vger.kernel.org, Sami Tolvanen Content-Type: text/plain; charset="UTF-8" The graph tracer hooks returns by modifying frame records on the (regular) stack, but with SCS the return address is taken from the shadow stack, and the value in the frame record has no effect. As we don't currently have a mechanism to determine the corresponding slot on the shadow stack (and to pass this through the ftrace infrastructure), for now let's disable SCS when the graph tracer is enabled. With SCS the return address is taken from the shadow stack and the value in the frame record has no effect. The mcount based graph tracer hooks returns by modifying frame records on the (regular) stack, and thus is not compatible. The patchable-function-entry graph tracer used for DYNAMIC_FTRACE_WITH_REGS modifies the LR before it is saved to the shadow stack, and is compatible. Modifying the mcount based graph tracer to work with SCS would require a mechanism to determine the corresponding slot on the shadow stack (and to pass this through the ftrace infrastructure), and we expect that everyone will eventually move to the patchable-function-entry based graph tracer anyway, so for now let's disable SCS when the mcount-based graph tracer is enabled. SCS and patchable-function-entry are both supported from LLVM 10.x. Signed-off-by: Sami Tolvanen Reviewed-by: Kees Cook Reviewed-by: Mark Rutland --- arch/Kconfig | 1 + 1 file changed, 1 insertion(+) diff --git a/arch/Kconfig b/arch/Kconfig index a67fa78c92e7..d53ade0950a5 100644 --- a/arch/Kconfig +++ b/arch/Kconfig @@ -535,6 +535,7 @@ config ARCH_SUPPORTS_SHADOW_CALL_STACK config SHADOW_CALL_STACK bool "Clang Shadow Call Stack" + depends on DYNAMIC_FTRACE_WITH_REGS || !FUNCTION_GRAPH_TRACER depends on ARCH_SUPPORTS_SHADOW_CALL_STACK help This option enables Clang's Shadow Call Stack, which uses a -- 2.25.0.265.gbab2e86ba0-goog