[PATCH] D59780: Support Intel Control-flow Enforcement Technology
Xiang Zhang via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Tue Mar 26 18:12:00 PDT 2019
xiangzhangllvm added a comment.
In D59780#1442728 <https://reviews.llvm.org/D59780#1442728>, @MaskRay wrote:
> > Is --force-cet the best option name? H. J. Lu pointed out that gold has -z ibtplt and other options, but I couldn't find these options in the binutils' repository. Is the option really implemneted to gold?
>
> The binutils-gdb repository hosts two linkers: `ld/ld-new` (GNU ld) and `gold/ld-new` (GNU gold). `-z ibtplt` and `-z ibt` are ld.bfd options, not gold's. I asked in https://reviews.llvm.org/D58102 if there is a proposal to add support to gold but get no response so far...
>
> I've done some experiments and let me clarify things. @xiangzhangllvm Please correct me I missed something.
>
> 1. On the compiler side
>
> Support for Intel CET requires GCC 8 (https://gcc.gnu.org/gcc-8/changes.html).
>
> `-fcf-protection=` is used to define `__CET__` (`branch`: 1, `return`: 2, `full`: 3) and emit `.note.gnu.property` in object files.
>
> In some older releases of GCC 8 (before Apr 20, 2018), CET requires two other options `-mibt` and `-mshstk`, which enable the macros `__IBT__` `__SHSTK__`, respectively. `-mcet` implies both `-mibt` and `-mshstk` and defines `__CET__`. `-mshstk` enables several builtin functions.
>
> `-mibt` is deleted in some newer GCC 8 release. `-mshstk` controls only the availability of some builtin options. If you are using some older releases of GCC 8:
>
> ``` gcc a.c -mibt -c # `__IBT__` is defined but no .note.gnu.property gcc a.c -fcf-protection=branch -mibt -c # NT_GNU_PROPERTY_X86_FEATURE_IBT tag gcc a.c -fcf-protection=return -mshstk -c # NT_GNU_PROPERTY_X86_FEATURE_SHSTK tag gcc a.c -fcf-protection=full -mcet -c # -mcet is short for -mibt -mshstk, IBT + SHSTK ```
>
> In newer GCC, forget about `-mibt` `-mshstk` and just use `-fcf-protection=`. All these options do no affect codegen.
> 2. On the linker side
>
> `ibt` is what concerns linkers. `shstk` has no influence other than the output note section. The feature is only implemented in ld.bfd, not in gold.
>
> `-z ibtplt` generates the second PLT `.plt.sec` (not `.splt`). `-z ibt` implies `-z ibtplt`. The option does not check the input NT_GNU_PROPERTY_X86_FEATURE_IBT tag.
>
> `-z ibt` emits `NT_GNU_PROPERTY_X86_FEATURE_IBT` but plain `-z ibtplt` doesn't.
>
> GCC 5~8 support Intel MPX and you shall see the `bnd` prefix in some jump instructions. Note that GCC 9/Linux kernel 4.18 drop MPX. Fortunately it seems MPX doesn't change the size of PLT entries. Thus in lld we don't have to support MPX, but we are still flexible enough to add related support if it revives in the future.
I think you have elaborate them.
I have check it. it is really ld.bfd not ld.gold, sorry for my misremember.
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D59780/new/
https://reviews.llvm.org/D59780
More information about the llvm-commits
mailing list