[Bug target/104816] -fcf-protection=branch should generate endbr instead of notrack jumps

i at maskray dot me via Gcc-bugs Thu, 18 Jan 2024 01:06:14 -0800

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816


Fangrui Song <i at maskray dot me> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |i at maskray dot me

--- Comment #13 from Fangrui Song <i at maskray dot me> ---
I created https://gcc.gnu.org/pipermail/gcc-patches/2024-January/643303.html
before I realized that there is a trade-off between two modes.

* (current default, -mno-cet-switch) NOTRACK indirect jump + case handlers
without ENDBR, GCC -mno-cet-switch. Vulnerable to unconstrained indirect jump
and Branch Target Injection.
* (-mcet-switch) tracked indirect jump + case handlers with ENDBR. Increases
the number of gadgets. Whether they can be usefully exploited depends on the
program.

It seems that the majority of the opinions so far are about the concern of
NOTRACK, so enabling -mcet-switch by default perhaps still makes sense.
-fno-jump-tables isn't a bad choice if users are really concerned about the
gadgets...

[Bug target/104816] -fcf-protection=branch should generate endbr instead of notrack jumps

Reply via email to