On Wed, Jan 10, 2018 at 11:18 AM, Eric Botcazou <ebotca...@adacore.com> wrote:
>> It's really just a couple of new primitives to emit a jump as a call and
>> one to slam in a new return address.  Given those I think you can do the
>> entire implementation as RTL at expansion time and you've got a damn
>> good shot at protecting most architectures from these kinds of attacks.
>
> I think that you're a bit optimistic here and that implementing a generic and
> robust framework at the RTL level might require some time.  Given the time and
> (back-)portability constraints, it might be wiser to rush into architecture-
> specific countermeasures than to rush into an half-backed RTL framework.

Let me also say that while it might be nice to commonize code introducing these
mitigations as late as possible to not disrupt optimization is important.  So I
don't see a very strong motivation in trying very hard to make this more
middle-endish, apart from maybe sharing helper functions where possible.

Richard.

> --
> Eric Botcazou

Reply via email to