[PATCH] D58102: Support X86 Control-flow Enforcement Technology (CET) in LLD

Rui Ueyama via Phabricator via llvm-commits llvm-commits at lists.llvm.org
Thu Feb 14 17:46:36 PST 2019 

ruiu added a comment.

> 1 Yes, we will disable the feature if not all the input object files contain the .note.gnu.property section, because the CET feature will supervise all the indirect jumps in the program. If one input file do not contain the CET info (flags which is set in  .note.gnu.property section's GNU_PROPERTY_X86_FEATURE_1_AND property ),  it means it can‘t be check by the CET hardware, so we need to disable the CET feature. This is  important to link the non-CET library.

Looks like the behavior implemented in this patch is this: if all object files are compiled with the CET-enabling compiler option, lld marks the resulting executable as CET-enabled, and if not, mark as otherwise. I think that behavior is error-prone and can be dangerous. Imagine that you already have a program that you use CET. If you make a change to the program and link it against a CET-unaware static library, it would disable CET altogether. I could imagine many different scenarios in which you would accidentally disable CET without knowing.

So I think a safer approach here is to add a new option to the linker to enable/disable CET. If enabled, lld should verify that all input object files has the .note section and report error if not.

> 2 Here we can optimize,  when IBT enabled, we need to insert the ENDBRANCH instructions in the old PLT, at first we don't want to change the PLT size, so we add a SPLT ,the caller first jump to SPLT and then go to PLT. The function of PLT +SPLT = old PLT.

Can you elaborate a bit as to why you didn't want to change the PLT size? I think PLT should work with a different PLT entry size.

We actually have an alternative PLT format for a Spectre mitigation, whose PLT entry size is different from the standard one, and that's working fine.

> 3 We both support it in x86 and x86-64, please refer line 2017 in Driver.cpp. The control flow attack threat both exist in 32-bit and 64-bit, So the further 32-bit CPU will support the CET too, In fact GCC has supported the CET feature in 32-bit machines by Lu HongJiu who write the https://github.com/hjl-tools/linux-abi/wiki/linux-abi-draft.pdf.

Got it.


Repository:
  rLLD LLVM Linker

CHANGES SINCE LAST ACTION
  https://reviews.llvm.org/D58102/new/

https://reviews.llvm.org/D58102

More information about the llvm-commits mailing list