Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

-fcf-protection=branch should generate endbr instead of notrack jumps #54247

Open
lvwr opened this issue Mar 7, 2022 · 2 comments
Open

-fcf-protection=branch should generate endbr instead of notrack jumps #54247

lvwr opened this issue Mar 7, 2022 · 2 comments
Labels
backend:X86

Comments

@lvwr
Copy link
Contributor

lvwr commented Mar 7, 2022

When -fcf-protection=branch is used, the compiler will generate jump tables where the indirect jump is prefixed with the NOTRACK prefix, so it can jump to non-ENDBR targets. Yet, for NOTRACK prefixes to work, the NOTRACK specific enable bit must be set, what renders the binary broken on any environment where this is not the case. In fact, having NOTRACK disabled was a design choice for the Linux kernel CET support [https://lkml.org/lkml/2022/3/7/1068].

With the above, the compiler should generate jump tables with ENDBRs, for proper correctness. And, if security regarding the additional ENDBRs is a concern, the code can be explicitly compiled with -fno-jump-tables.

This was also reported on gcc: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816
@lvwr
Copy link
Contributor Author

lvwr commented Mar 7, 2022

quick reproducer, just in case: https://godbolt.org/z/TTexr89nx

@llvmbot
Copy link
Collaborator

llvmbot commented Mar 7, 2022

@llvm/issue-subscribers-backend-x86

@MaskRay MaskRay mentioned this issue Jan 18, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
backend:X86
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lvwr @EugeneZelenko @llvmbot