arm64: Add Kconfig for Guarded Control Stack (GCS)

Provide a Kconfig option allowing the user to select if GCS support is
built into the kernel.

Reviewed-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
Reviewed-by: Catalin Marinas <catalin.marinas@arm.com>
Signed-off-by: Mark Brown <broonie@kernel.org>
Link: https://lore.kernel.org/r/20241001-arm64-gcs-v13-28-222b78d87eee@kernel.org
Signed-off-by: Catalin Marinas <catalin.marinas@arm.com>

diff --git a/arch/arm64/Kconfig b/arch/arm64/Kconfig
index 3e29b44d2d7bd693c6209383a67b8d0d14345406..dcb12f041c1344130791f37721c2e4e865e62c31 100644 (file)
--- a/arch/arm64/Kconfig
+++ b/arch/arm64/Kconfig
@@ -2178,6 +2178,27 @@ config ARCH_PKEY_BITS
 
 endmenu # "ARMv8.9 architectural features"
 
+menu "v9.4 architectural features"
+
+config ARM64_GCS
+       bool "Enable support for Guarded Control Stack (GCS)"
+       default y
+       select ARCH_HAS_USER_SHADOW_STACK
+       select ARCH_USES_HIGH_VMA_FLAGS
+       depends on !UPROBES
+       help
+         Guarded Control Stack (GCS) provides support for a separate
+         stack with restricted access which contains only return
+         addresses.  This can be used to harden against some attacks
+         by comparing return address used by the program with what is
+         stored in the GCS, and may also be used to efficiently obtain
+         the call stack for applications such as profiling.
+
+         The feature is detected at runtime, and will remain disabled
+         if the system does not implement the feature.
+
+endmenu # "v9.4 architectural features"
+
 config ARM64_SVE
        bool "ARM Scalable Vector Extension support"
        default y