From b62a991ee62a3b9c976b517835b0a6a7891feff4 Mon Sep 17 00:00:00 2001 From: PeterYang12 Date: Thu, 12 May 2022 18:57:43 -0700 Subject: [PATCH] Add support for Indirect Branch Tracking (IBT) Indirect Branch Tracking(IBT) is part of Intel's Control-Flow Enforcement Technology(CET). IBT is hardware based, forward edge Control-Flow-Integrity mechanism where any indirect CALL/JMP must target an ENDBR instruction or suffer #CP. This commit inserts endbr64 instruction in assembly to support IBT. --- src/asm/jump_x86_64_sysv_elf_gas.S | 7 ++++++- src/asm/make_x86_64_sysv_elf_gas.S | 9 ++++++++- src/asm/ontop_x86_64_sysv_elf_gas.S | 7 ++++++- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/src/asm/jump_x86_64_sysv_elf_gas.S b/src/asm/jump_x86_64_sysv_elf_gas.S index 0c4a1a39..49726699 100644 --- a/src/asm/jump_x86_64_sysv_elf_gas.S +++ b/src/asm/jump_x86_64_sysv_elf_gas.S @@ -23,13 +23,18 @@ * ---------------------------------------------------------------------------------- * * * ****************************************************************************************/ - +# if defined __CET__ +# include +# else +# define _CET_ENDBR +# endif .file "jump_x86_64_sysv_elf_gas.S" .text .globl jump_fcontext .type jump_fcontext,@function .align 16 jump_fcontext: + _CET_ENDBR leaq -0x38(%rsp), %rsp /* prepare stack */ #if !defined(BOOST_USE_TSX) diff --git a/src/asm/make_x86_64_sysv_elf_gas.S b/src/asm/make_x86_64_sysv_elf_gas.S index 0ef37569..7b760082 100644 --- a/src/asm/make_x86_64_sysv_elf_gas.S +++ b/src/asm/make_x86_64_sysv_elf_gas.S @@ -23,13 +23,18 @@ * ---------------------------------------------------------------------------------- * * * ****************************************************************************************/ - +# if defined __CET__ +# include +# else +# define _CET_ENDBR +# endif .file "make_x86_64_sysv_elf_gas.S" .text .globl make_fcontext .type make_fcontext,@function .align 16 make_fcontext: + _CET_ENDBR /* first arg of make_fcontext() == top of context-stack */ movq %rdi, %rax @@ -64,6 +69,7 @@ make_fcontext: ret /* return pointer to context-data */ trampoline: + _CET_ENDBR /* store return address on stack */ /* fix stack alignment */ push %rbp @@ -71,6 +77,7 @@ trampoline: jmp *%rbx finish: + _CET_ENDBR /* exit code is zero */ xorq %rdi, %rdi /* exit application */ diff --git a/src/asm/ontop_x86_64_sysv_elf_gas.S b/src/asm/ontop_x86_64_sysv_elf_gas.S index 4cdba400..2b764d35 100644 --- a/src/asm/ontop_x86_64_sysv_elf_gas.S +++ b/src/asm/ontop_x86_64_sysv_elf_gas.S @@ -23,13 +23,18 @@ * ---------------------------------------------------------------------------------- * * * ****************************************************************************************/ - +# if defined __CET__ +# include +# else +# define _CET_ENDBR +# endif .file "ontop_x86_64_sysv_elf_gas.S" .text .globl ontop_fcontext .type ontop_fcontext,@function .align 16 ontop_fcontext: + _CET_ENDBR /* preserve ontop-function in R8 */ movq %rdx, %r8