Re: [Caml-list] Any plans for supporting Intel CET in OCaml?

[Ivan Gotovchits <ivg@ieee.org>]

[-- Attachment #1: Type: text/plain, Size: 2977 bytes --]

On Wed, Jul 31, 2019 at 11:21 AM Xavier Leroy <
xavier.leroy@college-de-france.fr> wrote:

> On Wed, Jul 31, 2019 at 4:20 PM Hendrik Boom <hendrik@topoi.pooq.com>
> wrote:
>
>>
>> There is, of course, also the question what would happen on nonintel or
>> older  machines if they don't have those ENDBR64 or ENDBR32
>> instructions in the hardware.
>>
>
> I read somewhere that those instructions look like no-ops on older
> machines.
>

The `endbr64` is encoded as `f3 0f 1e fa` which [1] is a hintable [2]
opcode prefixed with `repz`, e.g., something like ` repz nop %edx`. Though
theoretically `0f 1e fa` should be considered as a nop
by most more or less modern CPU it is not really guaranteed, so whether it
will work on old AMD/Cyrix/etc is a big question (I bet no). Not to say
that the `f3` prefix complicates things even more.
The truth is that the introduction of `endrbr` actually broke most of the
code analyzers and emulators, e.g., LLVM, QEMU, Valgrind to name a few.


[1]: http://ref.x86asm.net/geek.html#x0F1E
[2]:
http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=/netahtml/PTO/search-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN/5701442


>
>> (Such as, perhaps, an actual AMD-manufactured AMD64?  Like my
>> 10-year-old AMD server?)
>>
>> Do we now have two distinct platforms to support?
>>
>
> It could be a configure-time choice.  I wouldn't call that two distinct
> platforms, more like two variants of the same platform.
>
> Just speculating here.  All this needs to be discussed and agreed on, of
> course.
>
> - Xavier Leroy
>
>
>> -- hendrik
>>
>> >
>> >
>> > >
>> > > There's also some stuff with shadow stacks which looks a lot more
>> > > complicated and I didn't fully understand.  The whole thing is
>> > > described in:
>> > >
>> > >
>> > >
>> https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf
>> > > https://lwn.net/Articles/758245/
>> > >
>> > >
>> > I don't understand how these shadow stacks are supposed to interact with
>> > exception handling, either Caml-style or C++/Java style.
>> >
>>
>
They are not supposed to. C++ exceptions, setjmp/longjmp, signal handlers,
etc are not covered by this technology. So the compiler should be clever
enough no to enable shadow stack if any of these features are used.


> > Kind regards,
>> >
>> > - Xavier Leroy
>> >
>> >
>> > > Unfortunately (but for obvious reasons) every asm object in a program
>> > > must be compiled with CET in order to enable the feature for the
>> > > program as a whole.  This means that any mixed OCaml/C program can't
>> > > benefit from CET even in the C parts, unless we also support this in
>> > > the OCaml parts.
>> > >
>> > > Has anyone looked into supporting this kind of thing in the amd64
>> > > backend?
>> > >
>> > > (I looked at the OCaml trunk and couldn't see any relevant commits,
>> > > but maybe I missed something in my grepping).
>> > >
>> > > Rich.
>> > >
>>
>

[-- Attachment #2: Type: text/html, Size: 5463 bytes --]