From: Florian Weimer <fweimer@redhat.com>
To: Sandra Loosemore <sandra@codesourcery.com>,
"Tsimbalist, Igor V" <igor.v.tsimbalist@intel.com>,
Uros Bizjak <ubizjak@gmail.com>
Cc: "gcc-patches@gcc.gnu.org" <gcc-patches@gcc.gnu.org>
Subject: Re: 0005-Part-5.-Add-x86-CET-documentation
Date: Wed, 27 Sep 2017 08:52:00 -0000 [thread overview]
Message-ID: <f5e8586c-051d-dd26-9424-c6a8d1083c23@redhat.com> (raw)
In-Reply-To: <59CB1DB9.1010700@codesourcery.com>
On 09/27/2017 05:40 AM, Sandra Loosemore wrote:
>>
>> +@emph{x86 implementation:} when @option{-fcf-protection} option is
>> +specified the compiler inserts an ENDBR instruction at function's
>> +prologue if the function's type does not have the @code{nocf_check}
>> +attribute and addresses to which indirect control-flow transfer can
>> +happen. The instruction triggers the HW check if a control-flow
>> +transfer to the address of ENDBR instruction is valid.
>
> Implementation details like this should be comments in the code, not
> included in the user-facing documentation.
This is part of the ABI GCC implements, so it has to be documented
somewhere, and not just as part of the GCC source code.
CET is not properly described in the ABI supplement and I don't think
this will change, so detailed documentation in the GCC manual is very
much desirable.
That being said, the implementation notes above need some clarification.
It's not clear to me what the conditions are under which the ENDBR
instruction is emitted (and we probably should use @code{endbr} in the
manual), what it is trying to achieve, and how the x86 calling
convention changes. I assume it is somehow related to what we call
internally âthe suffix problemâ: without control flow integrity, an
attacker might skip over precondition/hardening checks, directly to the
critical changes we want to protect, executing only the suffix of a
function (hence the name).
Thanks,
Florian
next prev parent reply other threads:[~2017-09-27 8:52 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-01 8:57 0005-Part-5.-Add-x86-CET-documentation Tsimbalist, Igor V
2017-09-20 9:21 ` 0005-Part-5.-Add-x86-CET-documentation Tsimbalist, Igor V
2017-09-20 14:13 ` 0005-Part-5.-Add-x86-CET-documentation Uros Bizjak
2017-09-25 3:43 ` 0005-Part-5.-Add-x86-CET-documentation Sandra Loosemore
2017-09-26 13:47 ` 0005-Part-5.-Add-x86-CET-documentation Tsimbalist, Igor V
2017-09-27 3:40 ` 0005-Part-5.-Add-x86-CET-documentation Sandra Loosemore
2017-09-27 8:52 ` Florian Weimer [this message]
2017-09-27 11:52 ` 0005-Part-5.-Add-x86-CET-documentation Tsimbalist, Igor V
2017-09-27 16:48 ` 0005-Part-5.-Add-x86-CET-documentation Sandra Loosemore
2017-09-27 17:01 ` 0005-Part-5.-Add-x86-CET-documentation Joseph Myers
2017-09-28 23:29 ` 0005-Part-5.-Add-x86-CET-documentation Jeff Law
2017-09-27 15:17 ` 0005-Part-5.-Add-x86-CET-documentation Tsimbalist, Igor V
2017-09-28 23:32 ` 0005-Part-5.-Add-x86-CET-documentation Jeff Law
2017-09-29 5:15 ` 0005-Part-5.-Add-x86-CET-documentation Sandra Loosemore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f5e8586c-051d-dd26-9424-c6a8d1083c23@redhat.com \
--to=fweimer@redhat.com \
--cc=gcc-patches@gcc.gnu.org \
--cc=igor.v.tsimbalist@intel.com \
--cc=sandra@codesourcery.com \
--cc=ubizjak@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).