On 2022-10-25 16:10 +0100, Simon McVittie wrote: > On Tue, 25 Oct 2022 at 15:34:26 +0100, Wookey wrote: > > These are hardware features (new instructions) that 'tag' pointers and > > branch targets to make it much harder for malicious code to implement > > ROP (return oriented programming) and JOP (Jump oriented programming) > > attacks. > > > > They have been implemented on both architectures in such a way that > > they can be generally enabled and are simply ignored on hardware that > > doesn't support them (the new instructions are in the NOP space). > > Does this have the same restrictions as CET, which gcc briefly enabled > on x86 by default, but had to roll back[1] and later enable on a smaller > subset of architectures[2], because the new instructions are only NOPs > on x86_64 and modern i386, and are non-baseline (illegal instruction) > on older or more-embedded i386 like the ones in our current i386 baseline?
I'm not sure (I know a lot more about the arm64 side of this than the
amd64 side), but we are only enabling this on amd64, not i386. amd64
binaries don't run on i386 so I don't think any practical issue
actually arises. You have reminded me that I guess it should be turned
on for x32 too.
> If yes, we'll have to be careful to only enable this on architectures
> where our baseline allows it. IIRC, Geode and VIA CPUs are the ones that
> usually cause trouble for i386.
Right, and that's the plan.
The patch looks approx like this:
+ # Branch protection
+ if ($use_feature{hardening}{branch}) {
+ my $flag;
+ if ($cpu eq 'arm64') {
+ $flag = '-mbranch-protection=standard';
+ } elsif ($cpu eq 'amd64') {
+ $flag = '-fcf-protection';
+ }
+ $flags->append($_, $flag) foreach @compile_flags;
+ }
Wookey
--
Principal hats: Debian, Wookware, ARM
http://wookware.org/
signature.asc
Description: PGP signature
