On Thu, Jul 25, 2019 at 4:28 PM Richard W.M. Jones wrote: > There's an effort to harden every binary in RHEL to protect against > ROP-style attacks. Of course this is mainly applicable when your > language is vulnerable to buffer overflows, but sadly even our OCaml > applications still link to some C libraries :-( > > I was looking into this and the indirect branch tracking (IBT) part > seems simple enough. For every indirect jump or call _target_ you > must insert one of the two instructions ENDBR64 or ENDBR32 (both are > NOP-like on older processors). The processor sets a flag when an > indirect jump is taken and #CP's if the indirect jump doesn't land on > one of these instructions. > Sounds like it should be easy to add to the OCaml x86-64 back-end. > > There's also some stuff with shadow stacks which looks a lot more > complicated and I didn't fully understand. The whole thing is > described in: > > > https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf > https://lwn.net/Articles/758245/ > > I don't understand how these shadow stacks are supposed to interact with exception handling, either Caml-style or C++/Java style. Kind regards, - Xavier Leroy > Unfortunately (but for obvious reasons) every asm object in a program > must be compiled with CET in order to enable the feature for the > program as a whole. This means that any mixed OCaml/C program can't > benefit from CET even in the C parts, unless we also support this in > the OCaml parts. > > Has anyone looked into supporting this kind of thing in the amd64 > backend? > > (I looked at the OCaml trunk and couldn't see any relevant commits, > but maybe I missed something in my grepping). > > Rich. >