[ShadowCallStack][RISCV] Update shadow stack doc.

Yeting Kuo · Yeting Kuo · commit fd1bb8c74055 · 2024-01-08T13:30:45.000+08:00
diff --git a/clang/docs/ShadowCallStack.rst b/clang/docs/ShadowCallStack.rst
@@ -57,11 +57,11 @@ compiled application or the operating system. Integrating the runtime into
 the operating system should be preferred since otherwise all thread creation
 and destruction would need to be intercepted by the application.
 
-The instrumentation makes use of the platform register ``x18`` on AArch64 and
-``x3`` (``gp``) on RISC-V. For simplicity we will refer to this as the
-``SCSReg``. On some platforms, ``SCSReg`` is reserved, and on others, it is
-designated as a scratch register.  This generally means that any code that may
-run on the same thread as code compiled with ShadowCallStack must either target
+The instrumentation makes use of the platform register ``x18`` on AArch64,
+``x3`` (``gp``) on RISC-V without `Zicfiss`_ and ``ssp`` on RISCV with `Zicfiss`_.
+For simplicity we will refer to this as the ``SCSReg``. On some platforms,
+``SCSReg`` is reserved, and on others, it is designated as a scratch register.
+This generally means that any code that may run on the same thread as code compiled with ShadowCallStack must either target
 one of the platforms whose ABI reserves ``SCSReg`` (currently Android, Darwin,
 Fuchsia and Windows) or be compiled with a flag to reserve that register (e.g.,
 ``-ffixed-x18``). If absolutely necessary, code compiled without reserving the
@@ -70,6 +70,7 @@ saving the register value temporarily on the stack (`example in Android`_) but
 this should be done with care since it risks leaking the shadow call stack
 address.
 
+.. _`Zicfiss`: https://github.com/riscv/riscv-cfi/blob/main/cfi_backward.adoc
 .. _`example in Android`: https://android-review.googlesource.com/c/platform/frameworks/base/+/803717
 
 Because it requires a dedicated register, the ShadowCallStack feature is
@@ -151,9 +152,10 @@ Usage
 
 To enable ShadowCallStack, just pass the ``-fsanitize=shadow-call-stack`` flag
 to both compile and link command lines. On aarch64, you also need to pass
-``-ffixed-x18`` unless your target already reserves ``x18``. On RISC-V, ``x3``
-(``gp``) is always reserved. It is, however, important to disable GP relaxation
-in the linker. This can be done with the ``--no-relax-gp`` flag in GNU ld.
+``-ffixed-x18`` unless your target already reserves ``x18``. On RISC-V without
+`Zicfiss`_, ``x3`` (``gp``) is always reserved. It is, however, important to
+disable GP relaxation in the linker. This can be done with the ``--no-relax-gp``
+flag in GNU ld.
 
 Low-level API
 -------------
