https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816
H.J. Lu <hjl.tools at gmail dot com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |WAITING --- Comment #8 from H.J. Lu <hjl.tools at gmail dot com> --- (In reply to Joao Moreira from comment #0) > When -fcf-protection=branch is used, the compiler will generate jump tables > where the indirect jump is prefixed with the NOTRACK prefix, so it can jump > to non-ENDBR targets. Yet, for NOTRACK prefixes to work, the NOTRACK > specific enable bit must be set, what renders the binary broken on any > environment where this is not the case. In fact, having NOTRACK disabled was > a design choice for the Linux kernel CET support > [https://lkml.org/lkml/2022/3/7/1068]. > > With the above, the compiler should generate jump tables with ENDBRs, for > proper correctness. And, if security regarding the additional ENDBRs is a > concern, the code can be explicitly compiled with -fno-jump-tables. There is an undocumented option: -mcet-switch. It does exactly what you are looking for. Currently it is off by default. We can document it and turn it on by default.