From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id 1762D3858D39; Tue, 26 Oct 2021 17:01:21 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1762D3858D39 From: "andrew.cooper3 at citrix dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c/102953] New: Improvements to CET-IBT and ENDBR generation Date: Tue, 26 Oct 2021 17:01:20 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c X-Bugzilla-Version: unknown X-Bugzilla-Keywords: X-Bugzilla-Severity: normal X-Bugzilla-Who: andrew.cooper3 at citrix dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version bug_status bug_severity priority component assigned_to reporter target_milestone Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: gcc-bugs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-bugs mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 26 Oct 2021 17:01:21 -0000 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D102953 Bug ID: 102953 Summary: Improvements to CET-IBT and ENDBR generation Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: andrew.cooper3 at citrix dot com Target Milestone: --- Hello, With CET-IBT, ENDBR{32,64} instructions are used to mark legitimate forward edges for indirect branches. GCC can generate a CET-IBT binary with -fcf-protection, but the default behaviour is to generate ENDBR instructions for every function. This creat= es more "legal" forward edges than necessary in the eyes of CET-IBT. https://godbolt.org/z/M15rjMb4G is almost excellent, but it would be far mo= re helpful if all functions were implicitly nocf_check, so this example produc= es a diagnostic. That way, GCC can point out all functions used by function pointers, rather than the result compiling and failing to be CET-IBT compatible. This on its own would be enough to let embedded projects minimise their END= BR* count while having some compiler assistance while doing so. More generally, a lot of common cases (e.g. Linux) could be computed automatically. Drivers filling in ops structures typically refer to local symbols, so these defaulting to cf_check would be an improvement still. Th= is would leave only global symbols needing explicit cf_check. (Maybe LTO could even figure out the global symbols cases correctly?) Finally, one minor code generation improvement. When GCC emits a direct call/jmp to an ENDBR'd symbol, it can actually use sym+4 as an optimisation= to skip the ENDBR instruction (not needed for direct call/jmp's) and save on decode bandwidth.=