[PATCH 00/12] x86: Enable Intel Control-flow Enforcement Technology (CET)
H.J. Lu
hjl.tools at gmail.com
Fri Jan 31 11:33:10 UTC 2020
On Thu, Jan 30, 2020 at 11:52 PM Richard Biener <rguenther at suse.de> wrote:
>
> On Thu, 30 Jan 2020, H.J. Lu wrote:
>
> > Intel Control-flow Enforcement Technology (CET):
> >
> > https://software.intel.com/en-us/articles/intel-sdm
> >
> > contains shadow stack (SHSTK) and indirect branch tracking (IBT). When
> > CET is enabled, ELF object files must be marked with .note.gnu.property
> > section. Also when IBT is enabled, all indirect branch targets must
> > start with ENDBR instruction and notrack prefix can be used to disable
> > IBT on indirect branch.
> >
> > This patch series defines 3 macros:
> >
> > 1. X86_ENDBR. Defined as endbr32/endbr64 if CET is enabled.
> > 2. X86_NOTRACK. Defined as notrack prefix if CET is enabled.
> > 3. X86_GNU_PROPERTY. Add a .note.gnu.property section to mark Intel
> > CET support if needed.
> >
> > and uses them to enable Intel CET.
> >
> > Tested with
> >
> > $ CC="gcc -Wl,-z,cet-report=error -fcf-protection" ./configure
> >
> > in i686, x32 and x86-64 modes on Linux CET machine.
>
> Is it really needed to mark asm flavors that appear to not be
> written for CPUs ever getting CET support (just seeing the
> p6/k6/k7 dirs)? Or do we sometimes mix-and-match routines
> and those get executed on CET enabled HW?
>
It is required to support --enable-fat.
--
H.J.
More information about the gmp-devel
mailing list