Jump to content
Toggle sidebar
JookWiki
Search
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Navigation
Main page
Recent changes
Random page
All pages
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information
Editing
Nopl
(section)
Page
Discussion
English
Read
Edit
Edit source
View history
More
Read
Edit
Edit source
View history
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Intel CET == In 2016 Intel announced [https://web.archive.org/web/20160614162220/http://blogs.intel.com/evangelists/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks/ Control-flow Enforcement Technology] and released the [https://web.archive.org/web/20170320213641/https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf Intel CET specification]. These CPU extensions run not just in 64-bit mode but in 32-bit mode. While management for the shadow stack uses new instructions, the ENDBRANCH instruction intended to be compiled in to user space code re-uses the hinting NOP 0F 1E. Unlike the multi-byte NOP there's no indication in the specifications that these instructions are limited to Pentium Pro or newer CPUs. In 2017 [https://sourceware.org/git/?p=binutils-gdb.git;a=commitdiff;h=603555e563725616246912711419637add54c961 Add support for Intel CET instructions] was committed to the GNU Assembler. Later in 2017 [https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=2a25448c490b16eea276521d818640bcaca75e35 Update x86 backend to enable Intel CET.] was committed to GNU GCC. Even later in 2017 [https://github.com/llvm/llvm-project/commit/fec21ec0c6257eb24290c483b03b4fd9e6a9d0d1 LLVM r318995] added support for CET. As far as I can still this doesn't limit the use of these CET instructions. In 2021 [https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98667 gcc generates endbr32 invalid opcode on -march=i486] was reported to GCC. The next day [https://gcc.gnu.org/git/?p=gcc.git;a=commitdiff;h=77d372abec0fbf2cfe922e3140ee3410248f979e x86: Error on -fcf-protection with incompatible target] was committed to GNU GCC. This patch limits CET to architectures with CMOV. That's a safe bet, but seems like it would break on the Geode LX800 and other i686-compatibles that lack multi-byte NOPs. In 2022 [https://github.com/rust-lang/rust/issues/93059 i586-unknown-linux-gnu target generates binaries containing Intel CET opcodes which are illegal on i586 processors] was reported to the Rust bug tracker. A day or so later Gentoo committed [https://github.com/gentoo/gentoo/commit/bff66eedb4ae530ef21187d617daeba5472320a1 dev-lang/rust: pass -fcf-protection=none on i586] despite Rust not being available on i586 yet. It's unclear how much things will break if someone gets an actual i686 build of Rust going. Rust uses LLVM so this might indicate that LLVM doesn't check if an architecture supports CET before adding its instructions. As of early 2022 Intel CET support is not in the kernel yet.
Summary:
Please note that all contributions to JookWiki are considered to be released under the Creative Commons Zero (Public Domain) (see
JookWiki:Copyrights
for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource.
Do not submit copyrighted work without permission!
To edit this page, please answer the question that appears below (
more info
):
Who owns this wiki?
Cancel
Editing help
(opens in new window)