r355624 - Delete x86_64 ShadowCallStack support
Vlad Tsyrklevich via cfe-commits
cfe-commits at lists.llvm.org
Thu Mar 7 10:56:36 PST 2019
Author: vlad.tsyrklevich
Date: Thu Mar 7 10:56:36 2019
New Revision: 355624
URL: http://llvm.org/viewvc/llvm-project?rev=355624&view=rev
Log:
Delete x86_64 ShadowCallStack support
Summary:
ShadowCallStack on x86_64 suffered from the same racy security issues as
Return Flow Guard and had performance overhead as high as 13% depending
on the benchmark. x86_64 ShadowCallStack was always an experimental
feature and never shipped a runtime required to support it, as such
there are no expected downstream users.
Reviewers: pcc
Reviewed By: pcc
Subscribers: mgorny, javed.absar, hiraditya, jdoerfert, cfe-commits, #sanitizers, llvm-commits
Tags: #clang, #sanitizers, #llvm
Differential Revision: https://reviews.llvm.org/D59034
Modified:
cfe/trunk/docs/ShadowCallStack.rst
Modified: cfe/trunk/docs/ShadowCallStack.rst
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/docs/ShadowCallStack.rst?rev=355624&r1=355623&r2=355624&view=diff
==============================================================================
--- cfe/trunk/docs/ShadowCallStack.rst (original)
+++ cfe/trunk/docs/ShadowCallStack.rst Thu Mar 7 10:56:36 2019
@@ -9,7 +9,7 @@ Introduction
============
ShadowCallStack is an instrumentation pass, currently only implemented for
-aarch64 and x86_64, that protects programs against return address overwrites
+aarch64, that protects programs against return address overwrites
(e.g. stack buffer overflows.) It works by saving a function's return address
to a separately allocated 'shadow call stack' in the function prolog in
non-leaf functions and loading the return address from the shadow call stack
@@ -18,11 +18,10 @@ for compatibility with unwinders, but is
The aarch64 implementation is considered production ready, and
an `implementation of the runtime`_ has been added to Android's libc
-(bionic). The x86_64 implementation was evaluated using Chromium and was
-found to have critical performance and security deficiencies, and may be
-removed in a future release of the compiler. This document only describes
-the aarch64 implementation; details on the x86_64 implementation are found
-in the `Clang 7.0.1 documentation`_.
+(bionic). An x86_64 implementation was evaluated using Chromium and was found
+to have critical performance and security deficiencies--it was removed in
+LLVM 9.0. Details on the x86_64 implementation can be found in the
+`Clang 7.0.1 documentation`_.
.. _`implementation of the runtime`: https://android.googlesource.com/platform/bionic/+/808d176e7e0dd727c7f929622ec017f6e065c582/libc/bionic/pthread_create.cpp#128
.. _`Clang 7.0.1 documentation`: https://releases.llvm.org/7.0.1/tools/clang/docs/ShadowCallStack.html
@@ -37,10 +36,9 @@ consuming more memory for shorter functi
memory accesses.
`Return Flow Guard`_ is a pure software implementation of shadow call stacks
-on x86_64. It is similar to the ShadowCallStack x86_64 implementation but
-trades off higher memory usage for a shorter prologue and epilogue. Like
-x86_64 ShadowCallStack, it is inherently racy due to the architecture's use
-of the stack for calls and returns.
+on x86_64. Like the previous implementation of ShadowCallStack on x86_64, it is
+inherently racy due to the architecture's use of the stack for calls and
+returns.
Intel `Control-flow Enforcement Technology`_ (CET) is a proposed hardware
extension that would add native support to use a shadow stack to store/check
More information about the cfe-commits
mailing list