public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "cvs-commit at gcc dot gnu.org" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug target/104816] -fcf-protection=branch should generate endbr instead of notrack jumps Date: Tue, 24 May 2022 16:06:08 +0000 [thread overview] Message-ID: <bug-104816-4-uLWfbfMHOd@http.gcc.gnu.org/bugzilla/> (raw) In-Reply-To: <bug-104816-4@http.gcc.gnu.org/bugzilla/> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816 --- Comment #11 from CVS Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by H.J. Lu <hjl@gcc.gnu.org>: https://gcc.gnu.org/g:2f4f7de787e5844515d27b2269fc472f95a9916a commit r13-744-g2f4f7de787e5844515d27b2269fc472f95a9916a Author: H.J. Lu <hjl.tools@gmail.com> Date: Fri Mar 11 12:51:34 2022 -0800 x86: Document -mcet-switch When -fcf-protection=branch is used, the compiler will generate jump tables for switch statements where the indirect jump is prefixed with the NOTRACK prefix, so it can jump to non-ENDBR targets. Since the indirect jump targets are generated by the compiler and stored in read-only memory, this does not result in a direct loss of hardening. But if the jump table index is attacker-controlled, the indirect jump may not be constrained by CET. Document -mcet-switch to generate jump tables for switch statements with ENDBR and skip the NOTRACK prefix for indirect jump. This option should be used when the NOTRACK prefix is disabled. PR target/104816 * config/i386/i386.opt: Remove Undocumented. * doc/invoke.texi: Document -mcet-switch.
next prev parent reply other threads:[~2022-05-24 16:06 UTC|newest] Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top 2022-03-07 11:48 [Bug c/104816] New: " joao at overdrivepizza dot com 2022-03-07 12:15 ` [Bug target/104816] " joao at overdrivepizza dot com 2022-03-07 13:53 ` rguenth at gcc dot gnu.org 2022-03-07 14:06 ` hjl.tools at gmail dot com 2022-03-07 14:18 ` andrew.cooper3 at citrix dot com 2022-03-07 14:23 ` hjl.tools at gmail dot com 2022-03-07 14:27 ` peterz at infradead dot org 2022-03-07 14:38 ` andrew.cooper3 at citrix dot com 2022-03-11 20:43 ` hjl.tools at gmail dot com 2022-03-11 20:58 ` hjl.tools at gmail dot com 2022-03-13 15:09 ` hjl.tools at gmail dot com 2022-05-24 16:06 ` cvs-commit at gcc dot gnu.org [this message] 2022-05-24 18:12 ` peterz at infradead dot org 2024-01-18 9:06 ` i at maskray dot me
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-104816-4-uLWfbfMHOd@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).