Enable Safe Stack for Baremetal?

zhaoshiz · March 16, 2020, 3:02am

Hello,

I’m assessing the work required to enable Safe Stack for a bare metal target.

Looking at compiler-rt/lib/safestack/, the current implementation depends on thread support for mutex & storing unsafe stack pointer.

It also need several system calls: gettid, tgkill, mmap, munmap, mprotect.

Our target doesn’t has all underlying support it needs. My question is: what’s the minimum requirement to port Safe Stack to bare metal?

Thanks,

Zhaoshi

zhaoshiz · March 16, 2020, 4:52pm

Hello,

I’m assessing the work required to enable Safe Stack for a bare metal target.

Looking at compiler-rt/lib/safestack/, the current implementation depends on thread support for mutex & storing unsafe stack pointer.

It also need several system calls: gettid, tgkill, mmap, munmap, mprotect.

Our target doesn’t has all underlying support it needs. My question is: what’s the minimum requirement to port Safe Stack to bare metal?

Thanks,

Zhaoshi

zhaoshiz · March 17, 2020, 12:52am

I also looked at shadow call stack and got myself very confused:

Why does is require common sanitizer support? so that it can be checked by clang that the only valid target is AArch64 when -fsanitize=shadow-call-stack is present?

Thanks,

Zhaoshi