[PATCH 0/4] x86: Enable Intel Control-flow Enforcement Technology (CET)
Jussi Kivilinna
jussi.kivilinna at iki.fi
Sun Jan 19 10:20:58 CET 2020
Hello,
On 17.1.2020 19.29, H.J. Lu via Gcrypt-devel wrote:
> Intel Control-flow Enforcement Technology (CET):
>
> https://software.intel.com/en-us/articles/intel-sdm
>
> contains shadow stack (SHSTK) and indirect branch tracking (IBT). When
> CET is enabled, ELF object files must be marked with .note.gnu.property
> section. CET enabled compiler provides <cet.h> which can be included
> in assembly sources to automatically generate .note.gnu.property section.
> Also when IBT is enabled, all indirect branch targets must start with
> ENDBR instruction. <cet.h> defines _CET_ENDBR to generate proper ENDBR
> instruction.
Thanks for your contribution. I've few generic comments.
First, we need your signed DCO, please check 'License policy' in docs/HACKING.
In each patch, commit log should start with ChangeLog entries without leading
TABs followed by separator line with -- and then commit message. Check git
history for examples.
-Jussi
>
> Tested with
>
> $ CC="gcc -Wl,-z,cet-report=error -fcf-protection" ./configure
>
> in i686 and x86-64 modes on Linux CET machine.
>
> H.J. Lu (4):
> x86: Add .note.gnu.property section for Intel CET
> mpi: Add .note.gnu.property section for Intel CET
> amd64: Always include <config.h> in cipher assembly codes
> i386: Add _CET_ENDBR to indirect jump targets
>
> cipher/camellia-aesni-avx-amd64.S | 3 ++-
> cipher/camellia-aesni-avx2-amd64.S | 3 ++-
> cipher/serpent-avx2-amd64.S | 3 ++-
> configure.ac | 6 +++++
> mpi/config.links | 10 +++++++++
> mpi/i386/mpih-add1.S | 35 ++++++++++++++++++++++++++++++
> mpi/i386/mpih-sub1.S | 35 ++++++++++++++++++++++++++++++
> 7 files changed, 92 insertions(+), 3 deletions(-)
>
More information about the Gcrypt-devel
mailing list