https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96350
Bug ID: 96350 Summary: [cet] For ENDBR immediate, the binary would include a gadget that starts with a fake ENDBR64 opcode. Product: gcc Version: 11.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: target Assignee: unassigned at gcc dot gnu.org Reporter: crazylht at gmail dot com CC: hjl.tools at gmail dot com Target Milestone: --- Target: i386, x86-64 ENDBR32 and ENDBR64 have specific opcodes: - ENDBR32: F3 0F 1E FB - ENDBR64: F3 0F 1E FA And we want that attackers won’t find unintended ENDBR32/64 opcode matches in the binary Here’s an example: If the compiler had to generate asm for the following code: a = 0xF30F1EFA it could, for example, generate: mov 0xF30F1EFA, dword ptr[a] In such a case, the binary would include a gadget that starts with a fake ENDBR64 opcode. Therefore, the requirement from the compilers is to split such generation into multiple operations, such that the explicit immediate never shows in the binary