On Wed, Jan 10, 2018 at 11:18 AM, Eric Botcazou <ebotca...@adacore.com> wrote: >> It's really just a couple of new primitives to emit a jump as a call and >> one to slam in a new return address. Given those I think you can do the >> entire implementation as RTL at expansion time and you've got a damn >> good shot at protecting most architectures from these kinds of attacks. > > I think that you're a bit optimistic here and that implementing a generic and > robust framework at the RTL level might require some time. Given the time and > (back-)portability constraints, it might be wiser to rush into architecture- > specific countermeasures than to rush into an half-backed RTL framework.
Let me also say that while it might be nice to commonize code introducing these mitigations as late as possible to not disrupt optimization is important. So I don't see a very strong motivation in trying very hard to make this more middle-endish, apart from maybe sharing helper functions where possible. Richard. > -- > Eric Botcazou