| commit | b0276f1551bfd3ea771ab6a59ace9691695c8b5c | |
| author | hjl-tools <hjl.tools@gmail.com> | |
| Fri, 17 Jan 2020 07:21:11 +0000 (16 23:21 -0800) | ||
| committer | Zoltan Herczeg <zherczeg.u-szeged@partner.samsung.com> | |
| Fri, 17 Jan 2020 07:21:11 +0000 (17 08:21 +0100) | ||
| tree | 2eecd3b2d56e3b1ee52dfe10d2b4b09b90df2124 | treesnapshot (tar.gz zip) |
| parent | 08cb6251ded26e79b883543b9741575e84e172fb | commitdiff |
x86: Add SLJIT_ENDBR to sljit_emit_op0 to generate ENDBR32/ENDBR64 (#13)
* x86: Add SLJIT_ENDBR to sljit_emit_op0 to generate ENDBR32/ENDBR64
Intel Control-flow Enforcement Technology (CET):
https://software.intel.com/en-us/articles/intel-sdm
contains indirect branch tracking (IBT). When IBT is enabled, the
indirect branch target must start with ENDBR instruction. When IBT
is enabled at the compile time, this patch does:
1. Emit ENDBR32/ENDBR64 at function entry. ENDBR32/ENDBR64 are NOPs on
non-CET machines.
2. Add SLJIT_ENDBR to sljit_emit_op0 to generate ENDBR32/ENDBR64 for x86
processors.
* sljitTest.c: Generate ENDBR32/ENDBR64 at indirect branch targets
When indirect branch tracking (IBT) from Intel Control-flow Enforcement
Technology (CET) is enabled, all indirect branch targets must start with
ENDBR32/ENDBR64. This patch calls sljit_emit_op0 (compiler, SLJIT_ENDBR)
to generate ENDBR32/ENDBR64 at indirect branch targets for x86 processors.
Tested with
$ CC="gcc -fcf-protection=branch" make
on x86-32 and x86-64 Linux CET machines.
* regexJIT.c: Generate ENDBR32/ENDBR64 at indirect branch targets
When indirect branch tracking (IBT) from Intel Control-flow Enforcement
Technology (CET) is enabled, all indirect branch targets must start with
ENDBR32/ENDBR64. This patch calls sljit_emit_op0 (compiler, SLJIT_ENDBR)
to generate ENDBR32/ENDBR64 at indirect branch targets for x86 processors.
Tested with
$ CC="gcc -fcf-protection=branch" make
on x86-32 and x86-64 Linux CET machines.
* x86: Add SLJIT_ENDBR to sljit_emit_op0 to generate ENDBR32/ENDBR64
Intel Control-flow Enforcement Technology (CET):
https://software.intel.com/en-us/articles/intel-sdm
contains indirect branch tracking (IBT). When IBT is enabled, the
indirect branch target must start with ENDBR instruction. When IBT
is enabled at the compile time, this patch does:
1. Emit ENDBR32/ENDBR64 at function entry. ENDBR32/ENDBR64 are NOPs on
non-CET machines.
2. Add SLJIT_ENDBR to sljit_emit_op0 to generate ENDBR32/ENDBR64 for x86
processors.
* sljitTest.c: Generate ENDBR32/ENDBR64 at indirect branch targets
When indirect branch tracking (IBT) from Intel Control-flow Enforcement
Technology (CET) is enabled, all indirect branch targets must start with
ENDBR32/ENDBR64. This patch calls sljit_emit_op0 (compiler, SLJIT_ENDBR)
to generate ENDBR32/ENDBR64 at indirect branch targets for x86 processors.
Tested with
$ CC="gcc -fcf-protection=branch" make
on x86-32 and x86-64 Linux CET machines.
* regexJIT.c: Generate ENDBR32/ENDBR64 at indirect branch targets
When indirect branch tracking (IBT) from Intel Control-flow Enforcement
Technology (CET) is enabled, all indirect branch targets must start with
ENDBR32/ENDBR64. This patch calls sljit_emit_op0 (compiler, SLJIT_ENDBR)
to generate ENDBR32/ENDBR64 at indirect branch targets for x86 processors.
Tested with
$ CC="gcc -fcf-protection=branch" make
on x86-32 and x86-64 Linux CET machines.
15 files changed: