[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 3/7] configure: add CET support
From: |
Paolo Bonzini |
Subject: |
Re: [Qemu-devel] [PATCH 3/7] configure: add CET support |
Date: |
Thu, 14 Mar 2019 11:46:42 +0100 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 |
On 14/03/19 01:56, Richard Henderson wrote:
> Hmm. The gcc for aarch64 names the similar feature -mbranch-protection. I'm
> rather annoyed that the i386 gcc folk appropriated a generic -f name without
> actually making the feature generic at the same time.
Wouldn't -fcf-protection=branch also apply to ARM BTI? Pointer
authentication can even be enabled by default on GCC 9 if I remember
correctly, so it doesn't need an option at all.
> Thankfully the aarch64 version does not include shadow stacks, and so is less
> invasive into the normal abi -- ARM uses pointer authentication instead.
Branch target authentication should probably should be one or more
separate -fcf-protection options, but it is reasonable to make it
generic as well.
One could even implement a (much) weaker version of pointer
authentication without hardware support. You could mangle the return
address on entry and return, for example with a XOR/XOR or ADD/SUB of a
per-thread datum, and likewise mangle function pointers with a
per-process datum or with a hash based on the function's type signature.
Both would need debugger support, and the latter would require
modifying hand-written assembly.
Paolo
[Qemu-devel] [PATCH 7/7] coroutine-x86: add CET shadow stack support, Paolo Bonzini, 2019/03/13
[Qemu-devel] [PATCH 4/7] tcg: add tcg_out_start, Paolo Bonzini, 2019/03/13
[Qemu-devel] [PATCH 6/7] linux-user: add IBT support to x86 safe-syscall.S, Paolo Bonzini, 2019/03/13