[PATCH] D59780: Support Intel Control-flow Enforcement Technology
Xiang Zhang via Phabricator via llvm-commits
llvm-commits at lists.llvm.org
Thu Dec 12 18:43:06 PST 2019
xiangzhangllvm added a comment.
In D59780#1782133 <https://reviews.llvm.org/D59780#1782133>, @MaskRay wrote:
> In D59780#1781055 <https://reviews.llvm.org/D59780#1781055>, @xiangzhangllvm wrote:
>
> > For MPX prefix:
> > GCC have not supported the MPX from GCC 9. And intel will not support MPX code too. So we don’t consider MPX for CET in LLD.
>
>
> I know that GCC has removed MPX and the Linux kernel is removing MPX (user-visible APIs and self-tests have been removed). I asked because I haven't seen a change on binutils-gdb side that will support a .plt.sec scheme without the BND prefix. So, I wonder what kind of changes are considered divergence from x86-64 psABI. After the removal of the BND prefix, the .plt entry will get the leeway of 2 bytes. If, say, in the future, a new security enhanced feature is proposed which requires a new instruction that will take more than 2 bytes, the 16-byte .plt entry no longer works, and toolchains will have to migrate a third PLT scheme, different from traditional PLT and the .plt.sec scheme.
>
> As to the option name question, are you happy with `-z force-ibt` and `-z shstk`? (My understanding is that they should be very similar to `-z force-bti` and `-z pac-plt`, respectively.)
These options are OK for us, thank you again!
By the way, as I know, gnu ld have no CET options, (excepted -z cet-report=xxx you point out before). it just try to add CET flags if all input file CETed.
For MPX prefix, in my eyes, it seems the new Binutils just forget to remove it. Try ld --help you can see it list "-z nobndplt Generate a regular PLT (**default**)"
Repository:
rG LLVM Github Monorepo
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D59780/new/
https://reviews.llvm.org/D59780
More information about the llvm-commits
mailing list