From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gnu-gabi-return-185-listarch-gnu-gabi=sourceware.org@sourceware.org>
Received: (qmail 46546 invoked by alias); 28 Jul 2017 14:59:48 -0000
Mailing-List: contact gnu-gabi-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <gnu-gabi.sourceware.org>
List-Post: <mailto:gnu-gabi@sourceware.org>
List-Help: <mailto:gnu-gabi-help@sourceware.org>
List-Subscribe: <mailto:gnu-gabi-subscribe@sourceware.org>
Sender: gnu-gabi-owner@sourceware.org
Received: (qmail 46490 invoked by uid 89); 28 Jul 2017 14:59:45 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Checked: by ClamAV 0.99.2 on sourceware.org
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:1524
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.2
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org
X-Spam-Level:
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 28 Jul 2017 14:59:44 +0000
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id 02C961C13C7;	Fri, 28 Jul 2017 14:59:43 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 02C961C13C7
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com; spf=fail smtp.mailfrom=fweimer@redhat.com
Received: from oldenburg.str.redhat.com (dhcp-192-212.str.redhat.com [10.33.192.212])	by smtp.corp.redhat.com (Postfix) with ESMTPS id 0B6D977EBA;	Fri, 28 Jul 2017 14:59:41 +0000 (UTC)
Subject: Re: RFC: Update x86 psABI to support shadow stac
To: "H.J. Lu" <hjl.tools@gmail.com>
Cc: gnu-gabi@sourceware.org, IA32 System V Application Binary Interface <ia32-abi@googlegroups.com>, "x86-64-abi@googlegroups.com" <x86-64-abi@googlegroups.com>, "Shanbhogue, Vedvyas" <vedvyas.shanbhogue@intel.com>
References: <CAMe9rOq9-LXXzNQy8ov67rJM6rfQP=7+sWnK_RdHbe2OTiULtw@mail.gmail.com> <bcc0e16a-06bf-f906-9c24-777bd0230c83@redhat.com> <CAMe9rOqEDh=xhGBOYaqek2LsV8=UxE9VB2UUEsRx5yozEKPrsw@mail.gmail.com> <53356291-bb6d-3a69-3dc7-4a1f011942bd@redhat.com> <CAMe9rOpoEMgRrTy5G1jsO4A7aAtEvYx3nizwZz8haVXFceogOA@mail.gmail.com> <4a0a3d70-ff4b-9c99-810a-4537d5415594@redhat.com> <CAMe9rOozuSv623LWjQtyVnyMy6PP1xDQm5WRFB8oRKLDJyxJNw@mail.gmail.com> <20561ce4-e433-618b-86fd-5d74dbf0e56e@redhat.com> <CAMe9rOqZJ+47EB_Mq5YGaDE1GbjbG-8Tju1NrbeqdbSYE3v4Qg@mail.gmail.com>
From: Florian Weimer <fweimer@redhat.com>
Message-ID: <2cf0aaad-7c15-6040-2e5b-5e92ffaf011e@redhat.com>
Date: Sun, 01 Jan 2017 00:00:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <CAMe9rOqZJ+47EB_Mq5YGaDE1GbjbG-8Tju1NrbeqdbSYE3v4Qg@mail.gmail.com>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]); Fri, 28 Jul 2017 14:59:43 +0000 (UTC)
X-IsSubscribed: yes
X-SW-Source: 2017-q3/txt/msg00002.txt.bz2

On 07/27/2017 06:21 PM, H.J. Lu wrote:
> On Thu, Jul 27, 2017 at 8:44 AM, Florian Weimer <fweimer@redhat.com> wrote:
>> On 06/28/2017 01:21 PM, H.J. Lu wrote:
>>> On Wed, Jun 28, 2017 at 2:58 AM, Florian Weimer <fweimer@redhat.com> wrote:
>>>> On 06/22/2017 08:44 PM, H.J. Lu wrote:
>>>>>> The responsibilities for compliance are split between caller and callee,
>>>>>> which can live in different shared objects.  I think it would be prudent
>>>>>> to formulate the requirement in such a way that compliance can be
>>>>>> checked by looking at one DSO in isolation.
>>>>
>>>>> What do you mean by it?
>>>>
>>>> I suggest to word the ABI requirement in such a way that it is possible
>>>> to verify if a shared object complies with it isolation, independent of
>>>> how its functions are called.
>>>>
>>>
>>> 99% of existing binaries are compatible with shadow stack.
>>
>> I find that surprising, or does this number to refer to x86-64 binaries
>> only?
> 
> CET is x86 specific.  You can take a look at the current CET changes for
> GCC at
> 
> https://github.com/hjl-tools/gcc/tree/hjl/cet/reorg16

So i386 is supported?  Then I find your claim about 99% compatibility
surprising because LLVM uses this instruction sequence

	calll	.L0$pb
.L0$pb:
	popl	%ebx
.Ltmp0:
	addl	$_GLOBAL_OFFSET_TABLE_+(.Ltmp0-.L0$pb), %ebx

to set %ebx to the GOT pointer.

Older GCC did as well for some CPU tunings, until:

  https://gcc.gnu.org/ml/gcc-patches/2011-06/msg02295.html

Thanks,
Florian