Playing around with clang's shadow stack support. It was removed in clang-9 for x86_64, and even before that AFAIK there was no runtime support to actually set up the shadow stack & gs register. But with clang-8 you can try it out by using a constructor:
Conversation
Replying to
arm64 implementation is shipped for the Pixel kernels and it was landed in the upstream Linux kernel. It runs fine in arm64 QEMU/KVM too. MTE also works in QEMU/KVM which is how we intend to develop hardened_malloc support ideally in the next few months as prep for ARMv9 devices.
It's really easy to use the arm64 SCS support in QEMU/KVM though. I don't think there's currently anything missing to block simply turning it on and having it booting with everything working for recent kernel versions.
1
2
Replying to
Neat! Do you know if there's any more detail on what went wrong with the x86_64 port? The documentation is a bit vague ("was evaluated using Chromium and was found to have critical performance and security deficiencies")
1
1
Show replies