-
-
Notifications
You must be signed in to change notification settings - Fork 606
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This follows PR #15415 which added Intel CET IBT support and LDC PR #4437 to add support for the new CET target in order to maintain a common interface between DMD and LDC. Later it would be useful to do the same for GDC as well.
- Loading branch information
Ernesto Castellotti
committed
Jul 20, 2023
1 parent
f0b891f
commit 28d966f
Showing
5 changed files
with
34 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| Added support for Intel CET (Control-flow Enforcement Technology) IBT (Indirect Branch Tracking) protection | ||
|
|
||
| CET is a technology that is useful for preventing an attacker from redirecting a program's control flow, | ||
| specifically IBT prevents an an attacker from causing an indirect branch to go to an unintended place | ||
|
|
||
| Intel IBT expects the compiler to emit special instructions (`endbr32` and `endbr64`) which in older processors | ||
| that do not support IBT are equivalent to `nop` instructions, consequently a program compiled with active IBT | ||
| will be compatible on any x86 processor and the protection will be opportunistically active on supported processors. | ||
|
|
||
| To enable Intel IBT protection in DMD you need to pass the `-fIBT` flag to the compiler, consequently the compiler | ||
| will manage the emission of instructions for IBT by itself. | ||
| Be careful when using inline assembly, the compiler will not automatically handle IBT inside an inline assembly. | ||
|
|
||
| To find out within a D program whether IBT has been activated or not use the traits getTargetInfo as follows: | ||
|
|
||
| --- | ||
| // IBT active | ||
| static assert(__traits(getTargetInfo, "CET") == 1); // CET == 1 if IBT is active | ||
|
|
||
| // IBT not active | ||
| static assert(__traits(getTargetInfo, "CET") == 0); // CET == 0 if IBT is not active | ||
| --- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -8256,6 +8256,7 @@ struct Target final | |
| cppStd = 1, | ||
| floatAbi = 2, | ||
| objectFormat = 3, | ||
| CET = 4, | ||
| }; | ||
|
|
||
| public: | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| // Test for Intel CET protection disabled | ||
|
|
||
| static assert(__traits(getTargetInfo, "CET") == 0); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,5 @@ | ||
| // REQUIRED_ARGS: -fIBT | ||
|
|
||
| // Test for Intel CET IBT (branch) protection | ||
|
|
||
| static assert(__traits(getTargetInfo, "CET") == 1); |