[PATCH 00/12] x86: Enable Intel Control-flow Enforcement Technology (CET)

[Maciej S. Szmigiero]

On 30.01.2020 15:08, hjl.tools at gmail.com (H.J. Lu) wrote:
> Intel Control-flow Enforcement Technology (CET):
> 
> https://software.intel.com/en-us/articles/intel-sdm
> 
> contains shadow stack (SHSTK) and indirect branch tracking (IBT).  When
> CET is enabled, ELF object files must be marked with .note.gnu.property
> section.  Also when IBT is enabled, all indirect branch targets must
> start with ENDBR instruction and notrack prefix can be used to disable
> IBT on indirect branch.
> 
> This patch series defines 3 macros:
> 
> 1. X86_ENDBR.  Defined as endbr32/endbr64 if CET is enabled.
> 2. X86_NOTRACK.  Defined as notrack prefix if CET is enabled.
> 3. X86_GNU_PROPERTY.  Add a .note.gnu.property section to mark Intel
> CET support if needed.
> 
> and uses them to enable Intel CET.
> 
> Tested with
> 
> $ CC="gcc -Wl,-z,cet-report=error -fcf-protection" ./configure
> 
> in i686, x32 and x86-64 modes on Linux CET machine.
> 
> H.J. Lu (12):
>    x86: Add GMP_ASM_X86_CET_MACROS to acinclude.m4
>    x86-defs.m4: Use X86_GNU_PROPERTY and X86_ENDBR
>    x86: Append missing ASM_END to asm files
>    x86_64-defs.m4: Use X86_GNU_PROPERTY and X86_ENDBR
>    x86_64: Append ASM_END to assembly codes
>    x86_64/coreibwl/mullo_basecase.asm: Add X86_ENDBR
>    x86_64/k10/popcount.asm: Prepend X86_NOTRACK to "jmp *%rdx"
>    mpn/x86_64: Add X86_ENDBR to indirect branch targets
>    x86/aors_n.asm: Add X86_ENDBR to indirect jump targets
>    x86/p6: Prepend X86_NOTRACK to "jmp *%reg"
>    x86/k6: Prepend X86_NOTRACK to "jmp *%reg"
>    x86/k7: Prepend X86_NOTRACK to indirect branches

Did anything come from this patch set/effort?

I cannot see it in the GMP repository and now that
shadow stack-enabled CPUs are getting more common each
program which links to libgmp cannot benefit from
shadow stack enforcement.

Thanks,
Maciej