Bug 22915 - Gold doesn't support Intel CET
Summary: Gold doesn't support Intel CET
Status: ASSIGNED
Alias: None
Product: binutils
Classification: Unclassified
Component: gold (show other bugs)
Version: 2.31
: P2 normal
Target Milestone: ---
Assignee: Cary Coutant
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-02 16:41 UTC by H.J. Lu
Modified: 2018-06-23 07:18 UTC (History)
1 user (show)

See Also:
Host:
Target: x86
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description H.J. Lu 2018-03-02 16:41:57 UTC 
Intel CET psABI extension:

https://github.com/hjl-tools/x86-psABI/wiki/x86-64-psABI-cet.pdf

adds GNU_PROPERTY_X86_FEATURE_1_IBT and GNU_PROPERTY_X86_FEATURE_1_SHSTK
to GNU program property with .note.gnu.property section and
NT_GNU_PROPERTY_TYPE_0 are specified in Linux Extensions to gABI:

https://github.com/hjl-tools/linux-abi/wiki/linux-abi-draft.pdf

GNU_PROPERTY_X86_FEATURE_1_IBT is added to GNU program property to
indicate that all executable sections are compatible with IBT when
ENDBR instruction starts each valid target where an indirect branch
instruction can land.  Linker sets GNU_PROPERTY_X86_FEATURE_1_IBT on
output only if it is set on all relocatable inputs.
The followings changes are made to the Procedure Linkage Table (PLT):

1. For 64-bit x86-64,  PLT is changed to

PLT0:  push       GOT[1]
       bnd jmp    *GOT[2]
       nop
...
PLTn:  endbr64
       push       namen_reloc_index
       bnd jmp    PLT0

together with the second PLT section:

PLTn:  endbr64
       bnd jmp   *GOT[namen_index]
       nop

BND prefix is also added so that IBT-enabled PLT is compatible with MPX.

2. For 32-bit x86-64 (x32) and i386,  PLT is changed to

PLT0:  push       GOT[1]
       jmp        *GOT[2]
       nop
...
PLTn:  endbr64                                 # endbr32 for i386.
       push       namen_reloc_index
       jmp        PLT0

together with the second PLT section:

PLTn:  endbr64                                 # endbr32 for i386.
       jmp       *GOT[namen_index]
       nop

BND prefix isn't used since MPX isn't supported on x32 and BND registers
aren't used in parameter passing on i386.

GNU_PROPERTY_X86_FEATURE_1_SHSTK is added to GNU program property to
indicate that all executable sections are compatible with SHSTK where
return address popped from shadow stack always matches return address
popped from normal stack.  Linker sets GNU_PROPERTY_X86_FEATURE_1_SHSTK
on output only if it is set on all relocatable inputs.
Comment 1 Sourceware Commits 2018-06-23 07:15:49 UTC 
The master branch has been updated by Cary Coutant <ccoutant@sourceware.org>:

https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=750ea5ed38abbda8a6f25e276bff3dfc8e4ce0ee

commit 750ea5ed38abbda8a6f25e276bff3dfc8e4ce0ee
Author: Cary Coutant <ccoutant@gmail.com>
Date:   Fri Jun 22 17:28:05 2018 -0700

    Add x86-64 support for Indirect Branch Tracking (IBT).
    
    gold/
    	PR gold/22915
    	* x86_64.cc (Output_data_plt_x86_64_ibt): New class.
    	(Target_x86_64::do_make_data_plt): (All instantiations) Check for
    	IBT feature bit and create IBT PLTs.
Comment 2 Cary Coutant 2018-06-23 07:18:18 UTC 
Added x86-64 and x32 support for binutils 2.31.

i386 support not done.