clangand `gcc-12` as compilers.
Nevertheless, it brings into attention current work for Shadow Stack, which relies heavily on firstly providing a working environment for the complex apps mentioned earlier.
As mentioned in the previous blog post, the first step meant to be taken moving forward was completing a matrix with the current progress regarding different compilers and architectures on complex apps, which can be found here.
This step took way more time than expected, due to debugging work: some minor functionalities were buggy and investigating and pinpointing the issues became, for a short period of time, the main goal of my project.
Nonetheless, I feel like this stage was critical and working with the community towards improving already upstreamed technologies was exciting.
For now, my biggest achievement was coming up with workarounds for compiling and running complex apps using both
What was so challenging about building apps like
clang was fixing some assembly
gcc-isms found in the
newlib library; as a result, I plan on providing a series of patches that would address this issue.
When it comes to the Shadow Stack progress, my draft PR is slowly growing; adding multithreading support for Shadow Stack is critical and represents the starting point of proving such a mechanism is possible and works on apps that deal with multithreading (on Unikraft,
One major problem that needs to be addressed is the way I allocate the Shadow Stack for threads; current implementation reserves memory right after the traditional stack which increases chances of giving out its position and consequently inducing security breaches.
On the other hand, however, a series of issues opened during the last month will better illustrate the struggles I was met with when working with
Documenting each and every step I took when testing the aforementioned apps proved to be a great way of keeping track of all the relevant findings.
For instance, with help from the community, I was able to pinpoint the exact reason as to why
AArch64 wasn't accepting requests.
But more on that, here.
As GSoC'22 is rapidly coming to an end, my project is also approaching its final state: testing the Shadow Stack for threads, its impact on performance and security are just a few more steps I need to go through.
Moreover, preparing an internal library (
ukshadow), the configuration parameters used by the
make build system and optimizations will also be achieved during this period.
You'll find a more detailed roadmap here.
Feel free to ask questions, report issues, and meet new people.