| |
| Posted by Brian Callahan in reply to Brian Callahan | PermalinkReply |
|
Brian Callahan
Posted in reply to Brian Callahan
| On Monday, 10 July 2023 at 14:46:47 UTC, Brian Callahan wrote:
> On Monday, 10 July 2023 at 14:45:48 UTC, Brian Callahan wrote:
> On Monday, 10 July 2023 at 14:19:38 UTC, Iain Buclaw wrote:
> On Monday, 10 July 2023 at 13:25:37 UTC, Brian Callahan wrote:
> On Monday, 10 July 2023 at 13:08:03 UTC, Ernesto Castellotti wrote:
> For LDC it should be very simple to do the same, it would be useful to open an issue in the LDC repo
The real problem is DMD, I'm afraid it needs some tweaking in the backend
Good idea. I made an Issue on GitHub for LDC and I made a Bugzilla report for DMD.
I did raise a bug report back in 2020
https://issues.dlang.org/show_bug.cgi?id=20933
I guess I didn't word it clearly enough. :-)
Hi Iain --
Yes, it is. We do enable it by default on OpenBSD :)
More specifically, this is the -fcf-protection=branch flag -- no shadow stack stuff here.
Actually, I take that back. We don't do the --enable-cet flag for libphobos (didn't know that existed). But we build all of GCC with -fcf-protection=branch.
And because Intel I don't think was all that good at explaining things, and we have this flag that does one or both of two very different things: -fcf-protection=return does shadow stacks and -fcf-protection=full does both shadow stacks and IBT. Neither of these are what we're talking about. Just -fcf-protection=branch which only does IBT. Intel says you can do one without the other. But both are controlled by the same flag. Go figure.
|