[PATCH] D59780: Support Intel Control-flow Enforcement Technology
Fangrui Song via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Dec 12 09:46:56 PST 2019
MaskRay added a comment.
In D59780#1781055 <https://reviews.llvm.org/D59780#1781055>, @xiangzhangllvm wrote:
> For MPX prefix:
> GCC have not supported the MPX from GCC 9. And intel will not support MPX code too. So we don’t consider MPX for CET in LLD.
I know that GCC has removed MPX and the Linux kernel is removing MPX (user-visible APIs and self-tests have been removed). I asked because I haven't seen a change on binutils-gdb side that will support a .plt.sec scheme without the BND prefix. So, I wonder what kind of changes are considered divergence from x86-64 psABI. After the removal of the BND prefix, the .plt entry will get the leeway of 2 bytes. If, say, in the future, a new security enhanced feature is proposed which requires a new instruction that will take more than 2 bytes, the 16-byte .plt entry no longer works, and toolchains will have to migrate a third PLT scheme, different from traditional PLT and the .plt.sec scheme.
As to the option name question, are you happy with `-z force-ibt` and `-z shstk`? (My understanding is that they should be very similar to `-z force-bti` and `-z pac-plt`, respectively.)
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D59780/new/
https://reviews.llvm.org/D59780
More information about the llvm-commits
mailing list