Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Intel CET to getTargetInfo #15433

Merged
merged 1 commit into from
Aug 27, 2023
Merged

Add Intel CET to getTargetInfo #15433

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions changelog/dmd.intel-cet-ibt-protection.dd
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
Added support for Intel CET (Control-flow Enforcement Technology) IBT (Indirect Branch Tracking) protection

CET is a technology that is useful for preventing an attacker from redirecting a program's control flow,
specifically IBT prevents an attacker from causing an indirect branch to go to an unintended place.

Intel IBT expects the compiler to emit special instructions (`endbr32` and `endbr64`) which in older processors
that do not support IBT are equivalent to `nop` instructions, consequently a program compiled with active IBT
will be compatible on any x86 processor and the protection will be opportunistically active on supported processors.

To enable Intel IBT protection in DMD you need to pass the `-fIBT` flag to the compiler, consequently the compiler
will manage the emission of instructions for IBT by itself.
Be careful when using inline assembly, the compiler will not automatically handle IBT inside an inline assembly.

To find out within a D program whether IBT has been activated or not use the traits getTargetInfo as follows:

---
// IBT active
static assert(__traits(getTargetInfo, "CET") == 1); // CET == 1 if IBT is active
WalterBright marked this conversation as resolved.
Show resolved Hide resolved

// IBT not active
static assert(__traits(getTargetInfo, "CET") == 0); // CET == 0 if IBT is not active
---
1 change: 1 addition & 0 deletions compiler/src/dmd/frontend.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8256,6 +8256,7 @@ struct Target final
cppStd = 1,
floatAbi = 2,
objectFormat = 3,
CET = 4,
};

public:
Expand Down
3 changes: 3 additions & 0 deletions compiler/src/dmd/target.d
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1206,6 +1206,7 @@ extern (C++) struct Target
cppStd,
floatAbi,
objectFormat,
CET
}

/**
Expand Down Expand Up @@ -1248,6 +1249,8 @@ extern (C++) struct Target
return stringExp("");
case cppStd.stringof:
return new IntegerExp(params.cplusplus);
case CET.stringof:
return new IntegerExp(driverParams.ibt);

default:
return null;
Expand Down
3 changes: 3 additions & 0 deletions compiler/test/compilable/cet_disabled.d
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
// Test for Intel CET protection disabled

static assert(__traits(getTargetInfo, "CET") == 0);
5 changes: 5 additions & 0 deletions compiler/test/compilable/cet_ibt.d
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
// REQUIRED_ARGS: -fIBT

// Test for Intel CET IBT (branch) protection

static assert(__traits(getTargetInfo, "CET") == 1);
Loading