July 10, 2023 Re: IBT/BTI instructions and D compilers | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Richard (Rikki) Andrew Cattermole | On Monday, 10 July 2023 at 12:46:14 UTC, Richard (Rikki) Andrew Cattermole wrote:
> On 11/07/2023 12:16 AM, Brian Callahan wrote:
>> All good. I'm just asking about the status of IBT/BTI instructions being emitted by DMD and LDC. That's all.
>
> I should give you some feedback however.
>
> When I looked up the appropriate keywords, all I got from Google was all but one completely useless links. The one useful one is by Intel targeting people who are already pretty deep into attack mitigation.
>
> If this is anything to go by, there are no migration guidelines. So not very likely its going to have an implementation by anyone ;)
That's why I asked. I didn't know if Walter had thought about it and I figured it was cheap and easy to ask him.
| |||
July 10, 2023 Re: IBT/BTI instructions and D compilers | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Ernesto Castellotti | On Monday, 10 July 2023 at 13:08:03 UTC, Ernesto Castellotti wrote: >For LDC it should be very simple to do the same, it would be useful to open an issue in the LDC repo The real problem is DMD, I'm afraid it needs some tweaking in the backend Good idea. I made an Issue on GitHub for LDC and I made a Bugzilla report for DMD. | |||
July 10, 2023 Re: IBT/BTI instructions and D compilers | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Brian Callahan | On Monday, 10 July 2023 at 11:24:37 UTC, Brian Callahan wrote: >Hi all (but probably mostly Walter) -- OpenBSD has moved to an all-BTI world. Binaries produced by DMD and LDC no longer work because of this. If other OSes make this move, this problem will be further compounded. Is there any thought about enabling IBT/BTI instructions in DMD and LDC? Thanks. This is Intel CET, right? It's on by default at configure-time. https://github.com/gcc-mirror/gcc/commit/08c1d39d3a822dfe7d91524ec290e0f230504242 Speaking of which, the asm support code for Fibers does not support shadow stacks, so you'll need to fall back to ucontext_t's swapcontext unless someone figures out what the correct way to handle it is. | |||
July 10, 2023 Re: IBT/BTI instructions and D compilers | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Brian Callahan | On Monday, 10 July 2023 at 13:25:37 UTC, Brian Callahan wrote: >On Monday, 10 July 2023 at 13:08:03 UTC, Ernesto Castellotti wrote: >For LDC it should be very simple to do the same, it would be useful to open an issue in the LDC repo The real problem is DMD, I'm afraid it needs some tweaking in the backend Good idea. I made an Issue on GitHub for LDC and I made a Bugzilla report for DMD. I did raise a bug report back in 2020 https://issues.dlang.org/show_bug.cgi?id=20933 I guess I didn't word it clearly enough. :-) | |||
July 10, 2023 Re: IBT/BTI instructions and D compilers | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Iain Buclaw | On Monday, 10 July 2023 at 14:19:38 UTC, Iain Buclaw wrote: >On Monday, 10 July 2023 at 13:25:37 UTC, Brian Callahan wrote: >On Monday, 10 July 2023 at 13:08:03 UTC, Ernesto Castellotti wrote: >For LDC it should be very simple to do the same, it would be useful to open an issue in the LDC repo The real problem is DMD, I'm afraid it needs some tweaking in the backend Good idea. I made an Issue on GitHub for LDC and I made a Bugzilla report for DMD. I did raise a bug report back in 2020 https://issues.dlang.org/show_bug.cgi?id=20933 I guess I didn't word it clearly enough. :-) Hi Iain -- Yes, it is. We do enable it by default on OpenBSD :) | |||
July 10, 2023 Re: IBT/BTI instructions and D compilers | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Brian Callahan | On Monday, 10 July 2023 at 14:45:48 UTC, Brian Callahan wrote: >On Monday, 10 July 2023 at 14:19:38 UTC, Iain Buclaw wrote: >On Monday, 10 July 2023 at 13:25:37 UTC, Brian Callahan wrote: >On Monday, 10 July 2023 at 13:08:03 UTC, Ernesto Castellotti wrote: >For LDC it should be very simple to do the same, it would be useful to open an issue in the LDC repo The real problem is DMD, I'm afraid it needs some tweaking in the backend Good idea. I made an Issue on GitHub for LDC and I made a Bugzilla report for DMD. I did raise a bug report back in 2020 https://issues.dlang.org/show_bug.cgi?id=20933 I guess I didn't word it clearly enough. :-) Hi Iain -- Yes, it is. We do enable it by default on OpenBSD :) Actually, I take that back. We don't do the --enable-cet flag for libphobos (didn't know that existed). But we build all of GCC with -fcf-protection=branch. | |||
July 10, 2023 Re: IBT/BTI instructions and D compilers | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Brian Callahan | On Monday, 10 July 2023 at 14:46:47 UTC, Brian Callahan wrote: >On Monday, 10 July 2023 at 14:45:48 UTC, Brian Callahan wrote: >On Monday, 10 July 2023 at 14:19:38 UTC, Iain Buclaw wrote: >On Monday, 10 July 2023 at 13:25:37 UTC, Brian Callahan wrote: >On Monday, 10 July 2023 at 13:08:03 UTC, Ernesto Castellotti wrote: >For LDC it should be very simple to do the same, it would be useful to open an issue in the LDC repo The real problem is DMD, I'm afraid it needs some tweaking in the backend Good idea. I made an Issue on GitHub for LDC and I made a Bugzilla report for DMD. I did raise a bug report back in 2020 https://issues.dlang.org/show_bug.cgi?id=20933 I guess I didn't word it clearly enough. :-) Hi Iain -- Yes, it is. We do enable it by default on OpenBSD :) Actually, I take that back. We don't do the --enable-cet flag for libphobos (didn't know that existed). But we build all of GCC with -fcf-protection=branch. And because Intel I don't think was all that good at explaining things, and we have this flag that does one or both of two very different things: -fcf-protection=return does shadow stacks and -fcf-protection=full does both shadow stacks and IBT. Neither of these are what we're talking about. Just -fcf-protection=branch which only does IBT. Intel says you can do one without the other. But both are controlled by the same flag. Go figure. | |||
July 10, 2023 Re: IBT/BTI instructions and D compilers | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Brian Callahan | On Monday, 10 July 2023 at 14:46:47 UTC, Brian Callahan wrote: >Actually, I take that back. We don't do the --enable-cet flag for libphobos (didn't know that existed). But we build all of GCC with -fcf-protection=branch. Grep | |||
July 10, 2023 Re: IBT/BTI instructions and D compilers | ||||
|---|---|---|---|---|
| ||||
Posted in reply to Iain Buclaw | On Monday, 10 July 2023 at 14:53:34 UTC, Iain Buclaw wrote: >On Monday, 10 July 2023 at 14:46:47 UTC, Brian Callahan wrote: >Actually, I take that back. We don't do the --enable-cet flag for libphobos (didn't know that existed). But we build all of GCC with -fcf-protection=branch. Grep I get: | |||
July 10, 2023 Re: IBT/BTI instructions and D compilers | ||||
|---|---|---|---|---|
| ||||
 Posted in reply to Brian Callahan | On 7/10/2023 5:16 AM, Brian Callahan wrote:
> All good. I'm just asking about the status of IBT/BTI instructions being emitted by DMD and LDC. That's all.
Are you talking about the ENDBR32 and ENDBR64 instructions?
| |||
Permalink
Reply
