Conversation

Playing around with clang's shadow stack support. It was removed in clang-9 for x86_64, and even before that AFAIK there was no runtime support to actually set up the shadow stack & gs register. But with clang-8 you can try it out by using a constructor:

gist.github.com

Example of using a constructor to set up the shadow callstack and assign gs appropriately

Example of using a constructor to set up the shadow callstack and assign gs appropriately - shadowstack.c

Replying to

arm64 implementation is shipped for the Pixel kernels and it was landed in the upstream Linux kernel. It runs fine in arm64 QEMU/KVM too. MTE also works in QEMU/KVM which is how we intend to develop hardened_malloc support ideally in the next few months as prep for ARMv9 devices.

Replying to

and

It's really easy to use the arm64 SCS support in QEMU/KVM though. I don't think there's currently anything missing to block simply turning it on and having it booting with everything working for recent kernel versions.

7:47 PM · Mar 23, 2022Twitter Web App

Replying to

Neat! Do you know if there's any more detail on what went wrong with the x86_64 port? The documentation is a bit vague ("was evaluated using Chromium and was found to have critical performance and security deficiencies")

Replying to

x86 doesn't have a link register so there's a race between the check and the return. It could have been addressed within the kernel by making stack mappings thread local. Much harder to do for userspace especially since the disappointing MPK feature doesn't have enough keys.

Show replies