On Tue, Aug 01, 2023 at 03:13:20PM +0100, Will Deacon wrote:
On Mon, Jul 31, 2023 at 02:43:09PM +0100, Mark Brown wrote:
The arm64 Guarded Control Stack (GCS) feature provides support for hardware protected stacks of return addresses, intended to provide hardening against return oriented programming (ROP) attacks and to make it easier to gather call stacks for applications such as profiling.
Why is this better than Clang's software shadow stack implementation? It would be nice to see some justification behind adding all this, rather than it being an architectural tick-box exercise.
Mainly that it's hardware enforced (as the quoted paragraph says). This makes it harder to attack, and hopefully it's also a bit faster (how measurable that might be will be an open question, but even NOPs in function entry/exit tend to get noticed).