From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 69161 invoked by alias); 20 Feb 2019 04:35:58 -0000 Mailing-List: contact gnu-gabi-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: gnu-gabi-owner@sourceware.org Received: (qmail 69038 invoked by uid 89); 20 Feb 2019 04:35:57 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.100.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-11.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,GIT_PATCH_1,GIT_PATCH_2,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=UD:intel.com, bnd, Procedure, waste X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM,GIT_PATCH_1,GIT_PATCH_2,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mail-ot1-f50.google.com Received: from mail-ot1-f50.google.com (HELO mail-ot1-f50.google.com) (209.85.210.50) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 20 Feb 2019 04:35:55 +0000 Received: by mail-ot1-f50.google.com with SMTP id v62so29233890otb.3 for ; Tue, 19 Feb 2019 20:35:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=csASRb0Nq/Lr3Or5rkaM2pTGfClmm6aefPHk1l64ci4=; b=mBX3CYyevJwavND/X3H9jcrRS/zYjbdaynjrQRQDcWvcdzISn1ptXe/ej37XfrLfY0 QPkezddvZYUdnGHet60JATKYRw/ZZL9q4rIHujxE2MM3iEh3VlyL9fyJCz9xiAfq7Wuu KiP5EMXCjaKIwhbWydBEu/WyKuIgmlhSIY23erNGCHI/doXGitSwaOdm0sYCHH6YrQ9x jzl8E9gx60WmO9nVd8/D9SrpAJMY3zGHF/OsntVLiyMh6s3uMLfKE+nkHlHtyUExzq0b F4pgjUyPInaQ5y35HN5VK/5FjMtrm84FZK9HgOuKl+a4C3qIXnhXOfRL9rjNgSKc2EQf KJBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=csASRb0Nq/Lr3Or5rkaM2pTGfClmm6aefPHk1l64ci4=; b=CYLskTCMkdNs0sv3T8FoOS6usfmucY6CSlpeA3/EFF9pYAN1EuMCsE6Mqo4F8v5Au4 BR6uHvFXWyczNqmPdJT7pdvfcrstj3QOfVu6m43dpXacW+72IXaCMeDFb7mDbQqYLstc 1ooZgIQ6dRFrzizgzhrOqrORF93P1tNEHYd2EJpeplHAkW52ktsjLjKMgT90vWh54ch7 BP39YcI9ORveAOzjuNa2sju0kWTNVdWk7PALQ+KJgHD9zDeKNwVJczk3vwvQJaeNu02D t4pbJ/HC0EL56nJBWzBptB9fXt1D02M1R9WFma/14PTl1loZz4/vNvhqfECrcnjg+za3 iwQA== X-Gm-Message-State: AHQUAuaxwg2PNintDTX50+CuS/EX75DaCcbm8LOghqU1lsLro9tyH+vr VdoxgE7iPEjMqz0SwURi6FXQR0rUIGVWEtP+RWQ= X-Google-Smtp-Source: AHgI3Ib74Nh/jKG6XbTAjvvHmTiwSEhbW7ZnWm/+Ctor9vRvzPJgl33qvUCI1MbWZvUr/Arynzbs1NyyHH7wn7+mB+w= X-Received: by 2002:a05:6830:1053:: with SMTP id b19mr11672183otp.118.1550637353901; Tue, 19 Feb 2019 20:35:53 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: "H.J. Lu" Date: Tue, 01 Jan 2019 00:00:00 -0000 Message-ID: Subject: Re: RFC: Update x86 psABIs to support IBT To: IA32 System V Application Binary Interface , "x86-64-abi@googlegroups.com" , gnu-gabi@sourceware.org Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2019-q1/txt/msg00005.txt.bz2 On Tue, Jun 20, 2017 at 9:38 AM H.J. Lu wrote: > > On Tue, Jun 13, 2017 at 12:11 PM, H.J. Lu wrote: > > To support ENDBR in Intel Control-flow Enforcement Technology (CET) > > instructions: > > > > https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf > > > > following changes to i386 psABI are required. > > Here is the updated extension for both i386 and x86-64 psABI to > support IBT. I will post a binutls patch later. > > Any comments? > > -- > H.J. > --- > To support indirect branch tracking (IBT) in Intel Control-flow Enforcement > Technology (CET) instructions: > > https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf > > following changes to x86 psABI are required. > > To program properties, add > > #define GNU_PROPERTY_X86_FEATURE_1_AND 0xc0000002 > > #define GNU_PROPERTY_X86_FEATURE_1_IBT (1U << 0) > > to indicate that all executable sections are compatible with IBT when > ENDBR instruction is inserted at: > > a. All function entries whose addresses may be taken. > b. All branch targets whose addresses have been taken. > > GNU_PROPERTY_X86_FEATURE_1_IBT is set on output only if it is set on > all relocatable inputs, which means that the C library must be compiled > with IBT-enabled compiler. > > The followings changes are made to the Procedure Linkage Table (PLT) to > enable IBT: > > 1. For 64-bit x86-64, PLT is changed to: > > PLT0: push GOT[1] > bnd jmp *GOT[2] > nop > ... > PLTn: endbr64 > push namen_reloc_index > bnd jmp PLT0 > > together with the second PLT section: > > PLTn: endbr64 > bnd jmp *GOT[namen_index] > nop > > BND prefix is also added so that IBT-enabled PLT is compatible with MPX. > > 2. For 32-bit x86-64 (x32) and i386, PLT is changed to > > PLT0: push GOT[1] > jmp *GOT[2] > nop > ... > PLTn: endbr64 # endbr32 for i386. > push namen_reloc_index > jmp PLT0 > > together with the second PLT section: > > PLTn: endbr64 # endbr32 for i386. > jmp *GOT[namen_index] > nop > > BND prefix isn't used since MPX isn't supported on x32 and BND registers > aren't used in parameter passing on i386. > There are 2 reasons for this 2-PLT scheme: 1. Provide compatibility with other tools that have an hardcoded limit of 16 bytes for an x86 PLT entry. 2. Improve code cache locality: since most of the instructions in .plt would be executed only the first time a symbol is resolved they would waste space in the cache and, by having a .plt.sec, only instructions that are often executed would be cached. -- H.J.