* H. J. Lu: > How about this? > > @item -mcet-switch > @opindex mcet-switch > By default, CET instrumentation is turned off on switch statements that > use a jump table and indirect branch track is disabled.
Maybe add here: “Since jump tables are stored in read-only memory, this does not result in a direct loss of hardening. But if the jump table index is attacker-controlled, the indirect jump may not be constrained by CET.” > This option turns on CET instrumentation to enable indirect branch > track for switch statements with jump tables. “This results in a loss of hardening because the jump targets are mow reachable via all indirect jumps.” Maybe GCC should just emit a forced (unoptimized) bounds check for jump tables in CET mode … Thanks, Florian
