On 30.01.2020 15:08, hjl.tools at gmail.com (H.J. Lu) wrote:
Intel Control-flow Enforcement Technology (CET):
https://software.intel.com/en-us/articles/intel-sdm
contains shadow stack (SHSTK) and indirect branch tracking (IBT). When
CET is enabled, ELF object files must be marked with .note.gnu.property
section. Also when IBT is enabled, all indirect branch targets must
start with ENDBR instruction and notrack prefix can be used to disable
IBT on indirect branch.
This patch series defines 3 macros:
1. X86_ENDBR. Defined as endbr32/endbr64 if CET is enabled.
2. X86_NOTRACK. Defined as notrack prefix if CET is enabled.
3. X86_GNU_PROPERTY. Add a .note.gnu.property section to mark Intel
CET support if needed.
and uses them to enable Intel CET.
Tested with
$ CC="gcc -Wl,-z,cet-report=error -fcf-protection" ./configure
in i686, x32 and x86-64 modes on Linux CET machine.
H.J. Lu (12):
x86: Add GMP_ASM_X86_CET_MACROS to acinclude.m4
x86-defs.m4: Use X86_GNU_PROPERTY and X86_ENDBR
x86: Append missing ASM_END to asm files
x86_64-defs.m4: Use X86_GNU_PROPERTY and X86_ENDBR
x86_64: Append ASM_END to assembly codes
x86_64/coreibwl/mullo_basecase.asm: Add X86_ENDBR
x86_64/k10/popcount.asm: Prepend X86_NOTRACK to "jmp *%rdx"
mpn/x86_64: Add X86_ENDBR to indirect branch targets
x86/aors_n.asm: Add X86_ENDBR to indirect jump targets
x86/p6: Prepend X86_NOTRACK to "jmp *%reg"
x86/k6: Prepend X86_NOTRACK to "jmp *%reg"
x86/k7: Prepend X86_NOTRACK to indirect branches
Did anything come from this patch set/effort?
I cannot see it in the GMP repository and now that
shadow stack-enabled CPUs are getting more common each
program which links to libgmp cannot benefit from
shadow stack enforcement.
Thanks,
Maciej
_______________________________________________
gmp-devel mailing list
gmp-devel@gmplib.org
https://gmplib.org/mailman/listinfo/gmp-devel
