About
Shadow stacks are a security feature meant to detect/prevent classes of attacks where a malicious actor has gained control over a function's return pointer. Shadow stack mechanisms typically need a combination of compiler, library, dynamic loader and kernel support, they often require special support for JITs as well. This work item is only tracking the core LLVM functionality needed to support shadow stacks. Shadow stacks are seen as a blocking issue for Android on RISC-V.
...
Page Properties | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Updates
- A PR for Spike with Zicfiss v0.4.0 support has been submitted: https://github.com/riscv-software-src/riscv-isa-sim/pull/1560
- As Zicfiss extension has passed architectural review, we will bump the Zicfiss version to v0.4.0, the latest and stable version, for glibc/setjmp and Spike.
- Preparing patches for upstreaming. This includes polishing the patches and adding tests. We will also bump to the latest spec version after Zicfiss gets ratified.
- One missing piece is Spike pk support to read the ELF flag of executables and enable shadow stack protection accordingly. We will also work on that later.
- Implemented the linking policy for Zicfiss and Zicfilp in LLD. The draft can be found here: https://github.com/SuHo-llrr/llvm-project/pull/1/commits
The patch set also includes the emission of ELF .note.gnu.property section and llvm-readobj changes to display the content of the section.
There Since there are ongoing discussions on the linking policy, and we will update the implementation when the decision is made.
Besides, we will also add test cases for upstreaming.
...