On Sat, Mar 7, 2020 at 11:49 AM Niels Möller <[email protected]> wrote: > > "H.J. Lu" <[email protected]> writes: > > > Intel Control-flow Enforcement Technology (CET): > > > > https://software.intel.com/en-us/articles/intel-sdm > > > > contains shadow stack (SHSTK) and indirect branch tracking (IBT). When > > CET is enabled, ELF object files must be marked with .note.gnu.property > > section. Also when IBT is enabled, all indirect branch targets must > > start with ENDBR instruction. > > > > This patch adds X86_ENDBR and the CET marker to config.m4.in when CET > > is enabled. It updates PROLOGUE with X86_ENDBR. > > I'd like to have a look at what gcc produces. How is it enabled with > gcc? In the docs, I find > > -mshstk > > The -mshstk option enables shadow stack built-in functions from x86 > Control-flow Enforcement Technology (CET). > > but when I try compiling a trivial function, > > $ cat foo-cet.c > int foo(void) {return 0;} > $ gcc -save-temps -c -mshstk foo-cet.c > > I get no endbr instruction and no note in the foo-cet.s. I'm using > gcc-8.3. I do get an > > .section .note.GNU-stack,"",@progbits
I use -fcf-protection=full -mcet to determine if CET is available in the compiler. (And subsequently run a test with the shadow stack enabled). I have not used -mshstk, but I may be testing for CET incorrectly. Jeff _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
