From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 109652 invoked by alias); 20 Jun 2017 16:38:13 -0000 Mailing-List: contact gnu-gabi-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Post: List-Help: List-Subscribe: Sender: gnu-gabi-owner@sourceware.org Received: (qmail 109630 invoked by uid 89); 20 Jun 2017 16:38:12 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Checked: by ClamAV 0.99.2 on sourceware.org X-Virus-Found: No X-Spam-SWARE-Status: No, score=-12.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_1,GIT_PATCH_2,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=namen, H*Ad:D*googlegroups.com, bnd, HTo:U*gnu-gabi X-Spam-Status: No, score=-12.8 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,GIT_PATCH_1,GIT_PATCH_2,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on sourceware.org X-Spam-Level: X-HELO: mail-oi0-f51.google.com Received: from mail-oi0-f51.google.com (HELO mail-oi0-f51.google.com) (209.85.218.51) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 20 Jun 2017 16:38:10 +0000 Received: by mail-oi0-f51.google.com with SMTP id p66so42739839oia.0 for ; Tue, 20 Jun 2017 09:38:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=YVQLkdax7f3hw5d/nlYmB9JudOMYDHTLiCGHNuqGxT4=; b=WZ3+Vhr0AchsWTCTxzJWKJF592QHU+3rPCXBvL9zgjnYdEJHYcAhMPBljUf90umgyg hTd0lI7GjPul20IQQ7nUUrX2lu1l9smylURoQ7kHk1/WT0PdruGLEIjhUZKgOZhsH5nd y40bhudwdQpI4sOSW+GGuCs/pprAh3xTwCQkPZvsDU0HeYSHyCNgLC9JlKKLWJYVfn2w DAOo+Be/FmGBIS0XV3POjVgnjyr38Z/wff9QX4ACPgkqZZm+w8AKmH7YY5RGrEQLLlVd B2itvnNuxgr7xTZrNA8GIIsu4KZ7Gpf8j++RAL5gPNyfkTYYewmSH1TnNH80iD3VEUyN TcTw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=YVQLkdax7f3hw5d/nlYmB9JudOMYDHTLiCGHNuqGxT4=; b=Nj0IvcV7EMXSk+s43hLPNH8YWOEvT2cLXAm6kZof2qMUQDnIBSULmQal9/c6pl7vSE /rmXlJyM4o5GbgoJ155QABL9RAFwx5KZpxy0EpWRK6zOpVjoSjSDWKxXb1rfy4TT/NJk oTR+EzYLjXrgLpjjefKBf4mSeyOxuTuswbzaKUtWwav6+lrv4M3ibEQzGbRxV0PPlV2o LRiCWa1iJEHgEz9IkUwWVwIsziMoJ5xlQ32BgEmUPF4VCKh4DTBmtCraI+a/MHs8rZQA yP1kD3jX96NgsfagOCfb6xe18JFq00jdWggTN2AJLpgObfkOA1jyRHEvIpmMWvol5E7C 7oEg== X-Gm-Message-State: AKS2vOwzSkdjQeOJ3DHJrP5KpTNNFzLUJw9J8WO01Rpez1VcXTbvaThG 3Xcxb6xulSXRJrg2WLf2MtmrMe827w== X-Received: by 10.202.237.199 with SMTP id l190mr14635399oih.128.1497976689057; Tue, 20 Jun 2017 09:38:09 -0700 (PDT) MIME-Version: 1.0 Received: by 10.74.141.84 with HTTP; Tue, 20 Jun 2017 09:38:08 -0700 (PDT) From: "H.J. Lu" Date: Sun, 01 Jan 2017 00:00:00 -0000 Message-ID: Subject: RFC: Update x86 psABIs to support IBT To: IA32 System V Application Binary Interface , "x86-64-abi@googlegroups.com" , gnu-gabi@sourceware.org Content-Type: text/plain; charset="UTF-8" X-IsSubscribed: yes X-SW-Source: 2017-q2/txt/msg00033.txt.bz2 On Tue, Jun 13, 2017 at 12:11 PM, H.J. Lu wrote: > To support ENDBR in Intel Control-flow Enforcement Technology (CET) > instructions: > > https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf > > following changes to i386 psABI are required. Here is the updated extension for both i386 and x86-64 psABI to support IBT. I will post a binutls patch later. Any comments? -- H.J. --- To support indirect branch tracking (IBT) in Intel Control-flow Enforcement Technology (CET) instructions: https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf following changes to x86 psABI are required. To program properties, add #define GNU_PROPERTY_X86_FEATURE_1_AND 0xc0000002 #define GNU_PROPERTY_X86_FEATURE_1_IBT (1U << 0) to indicate that all executable sections are compatible with IBT when ENDBR instruction is inserted at: a. All function entries whose addresses may be taken. b. All branch targets whose addresses have been taken. GNU_PROPERTY_X86_FEATURE_1_IBT is set on output only if it is set on all relocatable inputs, which means that the C library must be compiled with IBT-enabled compiler. The followings changes are made to the Procedure Linkage Table (PLT) to enable IBT: 1. For 64-bit x86-64, PLT is changed to: PLT0: push GOT[1] bnd jmp *GOT[2] nop ... PLTn: endbr64 push namen_reloc_index bnd jmp PLT0 together with the second PLT section: PLTn: endbr64 bnd jmp *GOT[namen_index] nop BND prefix is also added so that IBT-enabled PLT is compatible with MPX. 2. For 32-bit x86-64 (x32) and i386, PLT is changed to PLT0: push GOT[1] jmp *GOT[2] nop ... PLTn: endbr64 # endbr32 for i386. push namen_reloc_index jmp PLT0 together with the second PLT section: PLTn: endbr64 # endbr32 for i386. jmp *GOT[namen_index] nop BND prefix isn't used since MPX isn't supported on x32 and BND registers aren't used in parameter passing on i386. GOT is an array of addresses. Initially, GOT[namen_index] is filled with the address of the ENDBR instruction of the corresponding entry in the first PLT section. The function, namen, is called via the ENDBR instruction in the second PLT entry. GOT[namen_index] is updated to the actual address of the function, namen, at run-time. Load-time processing On an IBT capable processor, the following steps should be taken: 1. When loading an executable, if GNU_PROPERTY_X86_FEATURE_1_IBT is set on the executable, enable IBT. 2. If IBT is enabled, when loading a shared object without GNU_PROPERTY_X86_FEATURE_1_IBT: a. If legacy interwork is allowed, then mark all pages in executable PL_LOAD segments in legacy code page bitmap. Failure of legacy code page bitmap allocation causes an error. b. If legacy interwork isn't allowed, it causes an error.