On Wed, Jul 31, 2019 at 11:21 AM Xavier Leroy < xavier.leroy@college-de-france.fr> wrote: > On Wed, Jul 31, 2019 at 4:20 PM Hendrik Boom > wrote: > >> >> There is, of course, also the question what would happen on nonintel or >> older machines if they don't have those ENDBR64 or ENDBR32 >> instructions in the hardware. >> > > I read somewhere that those instructions look like no-ops on older > machines. > The `endbr64` is encoded as `f3 0f 1e fa` which [1] is a hintable [2] opcode prefixed with `repz`, e.g., something like ` repz nop %edx`. Though theoretically `0f 1e fa` should be considered as a nop by most more or less modern CPU it is not really guaranteed, so whether it will work on old AMD/Cyrix/etc is a big question (I bet no). Not to say that the `f3` prefix complicates things even more. The truth is that the introduction of `endrbr` actually broke most of the code analyzers and emulators, e.g., LLVM, QEMU, Valgrind to name a few. [1]: http://ref.x86asm.net/geek.html#x0F1E [2]: http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=/netahtml/PTO/search-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN/5701442 > >> (Such as, perhaps, an actual AMD-manufactured AMD64? Like my >> 10-year-old AMD server?) >> >> Do we now have two distinct platforms to support? >> > > It could be a configure-time choice. I wouldn't call that two distinct > platforms, more like two variants of the same platform. > > Just speculating here. All this needs to be discussed and agreed on, of > course. > > - Xavier Leroy > > >> -- hendrik >> >> > >> > >> > > >> > > There's also some stuff with shadow stacks which looks a lot more >> > > complicated and I didn't fully understand. The whole thing is >> > > described in: >> > > >> > > >> > > >> https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf >> > > https://lwn.net/Articles/758245/ >> > > >> > > >> > I don't understand how these shadow stacks are supposed to interact with >> > exception handling, either Caml-style or C++/Java style. >> > >> > They are not supposed to. C++ exceptions, setjmp/longjmp, signal handlers, etc are not covered by this technology. So the compiler should be clever enough no to enable shadow stack if any of these features are used. > > Kind regards, >> > >> > - Xavier Leroy >> > >> > >> > > Unfortunately (but for obvious reasons) every asm object in a program >> > > must be compiled with CET in order to enable the feature for the >> > > program as a whole. This means that any mixed OCaml/C program can't >> > > benefit from CET even in the C parts, unless we also support this in >> > > the OCaml parts. >> > > >> > > Has anyone looked into supporting this kind of thing in the amd64 >> > > backend? >> > > >> > > (I looked at the OCaml trunk and couldn't see any relevant commits, >> > > but maybe I missed something in my grepping). >> > > >> > > Rich. >> > > >> >