ShadowCallStack.rst - OpenGrok cross reference for /llvm-project/clang/docs/ShadowCallStack.rst

Lines Matching +full:docs +full:- +full:libunwind +full:- +full:html
12 aarch64 and RISC-V, that protects programs against return address overwrites
15 non-leaf functions and loading the return address from the shadow call stack
22 to have critical performance and security deficiencies--it was removed in
27 .. _`Clang 7.0.1 documentation`: https://releases.llvm.org/7.0.1/tools/clang/docs/ShadowCallStack.html
30 ----------
34 schemes, like :doc:`SafeStack`, that mirror the entire stack and trade-off
43 Intel `Control-flow Enforcement Technology`_ (CET) is a proposed hardware
49 .. _`Return Flow Guard`: https://xlab.tencent.com/en/2016/11/02/return-flow-guard/
50 .. _`Control-flow Enforcement Technology`: https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
53 -------------
55 A runtime is not provided in compiler-rt so one must be provided by the
61 ``x3`` (``gp``) on RISC-V with software shadow stack and ``ssp`` on RISC-V with
62 hardware shadow stack, which needs `Zicfiss`_ and ``-fcf-protection=return``.
64 implementation on RISC-V backend by passing ``-fsanitize=shadowcallstack``
65 or ``Zicfiss`` with ``-fcf-protection=return``.
71 compiled with a flag to reserve that register (e.g., ``-ffixed-x18``). If
77 .. _`Zicfiss`: https://github.com/riscv/riscv-cfi/blob/main/cfi_backward.adoc
78 .. _`example in Android`: https://android-review.googlesource.com/c/platform/frameworks/base/+/803717
85 published in AAPCS64 and the RISC-V psABI.
89 ``-fexceptions`` (which is the default in C++). Some unwinders (such as the
91 when encountering it. LLVM libunwind processes this unwind info correctly,
99 ``-fstack-protector``. It protects from non-linear overflows and arbitrary
110 .. _`[1]`: https://eyalitkin.wordpress.com/2017/09/01/cartography-lighting-up-the-shadows/
111 .. _`[2]`: https://www.blackhat.com/docs/eu-16/materials/eu-16-Goktas-Bypassing-Clangs-SafeStack.pdf
126 .. _`will do this`: https://android-review.googlesource.com/c/platform/bionic/+/891622
127 .. _`changed`: https://android-review.googlesource.com/c/platform/frameworks/av/+/837745
148 .. _`avoids this`: https://android.googlesource.com/platform/bionic/+/808d176e7e0dd727c7f929622ec017f6e065c582/libc/arch-arm64/bionic/setjmp.S#49
157 To enable ShadowCallStack, just pass the ``-fsanitize=shadow-call-stack`` flag
159 ``-ffixed-x18`` unless your target already reserves ``x18``. No additional flags
160 need to be passed on RISC-V because the software based shadow stack uses
164 software based shadow call stack on RISC-V. This can be done with the
165 ``--no-relax-gp`` flag in GNU ld, and is off by default in LLD.
167 Low-level API
168 -------------
177 .. code-block:: c
185 ``__attribute__((no_sanitize("shadow-call-stack")))``
188 Use ``__attribute__((no_sanitize("shadow-call-stack")))`` on a function
197 .. code-block:: c++
203 Generates the following aarch64 assembly when compiled with ``-O2``:
205 .. code-block:: none
207     stp     x29, x30, [sp, #-16]!
214 Adding ``-fsanitize=shadow-call-stack`` would output the following assembly:
216 .. code-block:: none
219     stp     x29, x30, [sp, #-16]!
224     ldr     x30, [x18, #-8]!