There's an effort to harden every binary in RHEL to protect against
ROP-style attacks.  Of course this is mainly applicable when your
language is vulnerable to buffer overflows, but sadly even our OCaml
applications still link to some C libraries :-(

I was looking into this and the indirect branch tracking (IBT) part
seems simple enough.  For every indirect jump or call _target_ you
must insert one of the two instructions ENDBR64 or ENDBR32 (both are
NOP-like on older processors).  The processor sets a flag when an
indirect jump is taken and #CP's if the indirect jump doesn't land on
one of these instructions.

There's also some stuff with shadow stacks which looks a lot more
complicated and I didn't fully understand.  The whole thing is
described in:

https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
https://lwn.net/Articles/758245/

Unfortunately (but for obvious reasons) every asm object in a program
must be compiled with CET in order to enable the feature for the
program as a whole.  This means that any mixed OCaml/C program can't
benefit from CET even in the C parts, unless we also support this in
the OCaml parts.

Has anyone looked into supporting this kind of thing in the amd64
backend?

(I looked at the OCaml trunk and couldn't see any relevant commits,
but maybe I missed something in my grepping).

Rich.