From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail2-relais-roc.national.inria.fr (mail2-relais-roc.national.inria.fr [192.134.164.83]) by c5ff346549e7 (Postfix) with ESMTP id BB1795D6 for ; Wed, 31 Jul 2019 17:38:04 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.64,330,1559512800"; d="scan'208,217";a="394033157" Received: from sympa.inria.fr ([193.51.193.213]) by mail2-relais-roc.national.inria.fr with ESMTP; 31 Jul 2019 19:38:03 +0200 Received: by sympa.inria.fr (Postfix, from userid 20132) id B72E4826BB; Wed, 31 Jul 2019 19:38:03 +0200 (CEST) Received: from mail3-relais-sop.national.inria.fr (mail3-relais-sop.national.inria.fr [192.134.164.104]) by sympa.inria.fr (Postfix) with ESMTPS id 25AA8826BB for ; Wed, 31 Jul 2019 19:37:50 +0200 (CEST) Authentication-Results: mail3-smtp-sop.national.inria.fr; spf=None smtp.pra=ivg@ieee.org; spf=Pass smtp.mailfrom=ivg@ieee.org; spf=None smtp.helo=postmaster@mail-lf1-f49.google.com IronPort-PHdr: =?us-ascii?q?9a23=3AeETIJxAWG6VKZjuR/SQOUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSPT9r8bcNUDSrc9gkEXOFd2Cra4d0ayH7uu5ADZIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+?= =?us-ascii?q?KPjrFY7OlcS30P2594HObwlSizexfK1+IA+yoAjRucUanJZuJrgswRbVv3VEfP?= =?us-ascii?q?hby3l1LlyJhRb84cmw/J9n8ytOvv8q6tBNX6bncakmVLJUFDspPXw7683trhnD?= =?us-ascii?q?UBCA5mAAXWUMkxpHGBbK4RfnVZrsqCT6t+592C6HPc3qSL0/RDqv47t3RBLulS?= =?us-ascii?q?wKLCAy/n3JhcNsjaJbuBOhqAJ5w47Ie4GeKf5ycrrAcd8GWWZNW8BcWCJbAoO4?= =?us-ascii?q?coABEewPM+hFpIX5vlcDoh6yCA+xD+3t1zBInGf70qI00+sjEQ/I0g8uEc8Qvn?= =?us-ascii?q?vIt9j6LrseXPqvwaXU0TnObfVb0ir95ojSdRAhpOmBU7FuccXLz0kkCgLLjlKM?= =?us-ascii?q?qYziITOayuQNs2mH7+p7SOmijG8nqx9+ojW0x8cjlJfGiZwPxlDD7yV5z584KN?= =?us-ascii?q?ulQ0B1Zt6kFYFftyCcN4ZuQ8MiRX1otzg+yrEcpZG7ey0KxIwoxhPcavGIaZOI?= =?us-ascii?q?4hf5WOaXPzh4mGppeK+khxaq7UigzffwVsaz0FZUtiZFltfNtnYX2xzV9MeHVv?= =?us-ascii?q?1w9Vqi1zaXzw3f9P1ILEQumafYK5Mt2KM8m5sRvEjZESL7nEP7h7KMeEo+4Oin?= =?us-ascii?q?8eHnb63mppCCM490jRnzMqE0lcy+BeQ0KwwOX2aG9eil2r3u8kn0TK9Fjv0xla?= =?us-ascii?q?nZv5TaKtoBqqGlBA9V154v6xe5Dzi4zNQVhWcLIE5BdR6djIXkO0vCLO35APq9?= =?us-ascii?q?mVihnzNmy+jDPrL7A5XNKnbDkK3mfbZ480NcyRQzzd9E6pJVFL4OPuz8VlX2tN?= =?us-ascii?q?zCAR81Kxa0zPr/CNVhyoMeXnqCDbODP6PXtV+E/+YvI+iXZI8Jozv9MPgk5/v2?= =?us-ascii?q?jXAjg1MdfK+p3YEWaH+iBPhmLV+ZMjLQhYIxGHkLsxB2aOHwj0zKBS5aeXe/Re?= =?us-ascii?q?Q46ys8GaqtCoPHS4+gxbCMmSmhF5tdayZIEAbfP23vctClRf4KIA2VPsh/mTwF?= =?us-ascii?q?SaPpH44/2jmvuQL3jb19IbyHqWUjqZv/2Y0ttKXonhYo+GkxVpzBij3ffyRPhm?= =?us-ascii?q?oNAgQO8uVnu0UkkgWC3KV1xftCGo4LvqIbYkIBLZfZitdCJZX3UwPFcM2OTQ/+?= =?us-ascii?q?ENSrDDx3Scg+kYZXPhRNXu66hxWG5BKERr8Yk7vRWc4x+6PYmnz/foNzlyeA26?= =?us-ascii?q?4mgF0rBMBIMD/+iw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B5AwAC0UFdhjGnVdFlHQEBBQEHBQGBZ?= =?us-ascii?q?4FugReBBCqEHoEdjh+CD4liiRyIAAkBAwEMHhEBAYFLgnUCgk4bBwEENBMBAwE?= =?us-ascii?q?BBAEBAgEDAwETAQEBCAsLCCmFJQyCOikBgmYBAQEBAQEBIx0BATcBBAsLCw0qA?= =?us-ascii?q?gIiEgEFARwGE4MiASSBUgUPD6ERPIowcYEygnoBAQWBMgELAQYCOwQBg2WBPwk?= =?us-ascii?q?SgSKLYBeBQD+BEYJkLj6CVgsBAgEYgTFDgl6CWJQrlmgJghyGXIRzMYgZG4Iub?= =?us-ascii?q?YpIijOVEJAtDyGBHCqBeX0IOzEGgjUJFoF/JBqDV4F/glo7hVsmMAGPQAEB?= X-IPAS-Result: =?us-ascii?q?A0B5AwAC0UFdhjGnVdFlHQEBBQEHBQGBZ4FugReBBCqEHoE?= =?us-ascii?q?djh+CD4liiRyIAAkBAwEMHhEBAYFLgnUCgk4bBwEENBMBAwEBBAEBAgEDAwETA?= =?us-ascii?q?QEBCAsLCCmFJQyCOikBgmYBAQEBAQEBIx0BATcBBAsLCw0qAgIiEgEFARwGE4M?= =?us-ascii?q?iASSBUgUPD6ERPIowcYEygnoBAQWBMgELAQYCOwQBg2WBPwkSgSKLYBeBQD+BE?= =?us-ascii?q?YJkLj6CVgsBAgEYgTFDgl6CWJQrlmgJghyGXIRzMYgZG4IubYpIijOVEJAtDyG?= =?us-ascii?q?BHCqBeX0IOzEGgjUJFoF/JBqDV4F/glo7hVsmMAGPQAEB?= X-IronPort-AV: E=Sophos;i="5.64,330,1559512800"; d="scan'208,217";a="315285059" X-MGA-submission: =?us-ascii?q?MDEJgF/Os+yOwxC6jT7ckPXci26jzNdnl7lB86?= =?us-ascii?q?bcrawhJock5PuZd9P42QdJWfvVEd68fjhHrntZop4Fu03I5aqgtHpdT3?= =?us-ascii?q?nPV6Z07iC4ipBMFlK68R+Ilr92nuhdquUjgC+FxuZHYzERpC8hZq0v8f?= =?us-ascii?q?A6aBuemEvNUXy7WZNcu4rzEA=3D=3D?= Received: from mail-lf1-f49.google.com ([209.85.167.49]) by mail3-smtp-sop.national.inria.fr with ESMTP/TLS/AES128-GCM-SHA256; 31 Jul 2019 19:37:48 +0200 Received: by mail-lf1-f49.google.com with SMTP id x3so48145826lfc.0 for ; Wed, 31 Jul 2019 10:37:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ieee.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kHzI5hadFVRqSSSeTdrMTkIdQgkcn4RbY+CKWeXfSPA=; b=I49kB56xL46vB8DMMZUFGYBz4Os9yqs7Y26VCllxYRg8f1hvROvmBSKYoFnWfhgSY7 vq6B+MAtxmIRtz6UMzAxHpUC0rmOmulK6DLxPkwOttt6LbY2J7xjK0TI2WVg1c3Ei+Iz dlU653nsPf8aRAsNWsX0socFVs/NcR+LfL+qo= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kHzI5hadFVRqSSSeTdrMTkIdQgkcn4RbY+CKWeXfSPA=; b=qnABquNrBoG4nggD4/AD4n+WdQLFZwyCmBNDZrE0roT6o+XYrjMVTJwX21FrAV4/5X c5OFaLjqAM9QONQV67f0zSklIKeuFoaRTlC4uNCbPmmDfawy/iJwxwt9bWY0Ug7VB6Ii upOlp6KLXU9Sh1nFg4L/uvVA6Wq5VXUcFE30NyVxWOI7+HsSJo+AKNbhexg2PfdhWoJK Uv7GFtcOjgVvybQEwKh2uA2E04nk8zR0y1TPHcufxfzumdXgNsTkQj4332hAfksX+ZP1 vXh48vXt8f9T5TGWdhnKRyRwbJnIkl9IfUo6fM7IL+kegjf79ZtkplIf33ReewGPWucF 3NEQ== X-Gm-Message-State: APjAAAXhy0EmRU45ohIOsu8MlkWTOcjszho6EmRrit3fl2Fsz+9c4++H BjSUpN7vjrTLJYPZa1JfcH3+aDhN7OihSNXedEw9HXa36oY= X-Google-Smtp-Source: APXvYqzDzmxSqjZ3bXltT2PWf/NONW6zvF887akWfqAnvRKfWUwPPrKg9QVXJxj6Y7IT9OTFaUw11l3uM26zVwcK/p8= X-Received: by 2002:a05:6512:15a:: with SMTP id m26mr57412156lfo.71.1564594667711; Wed, 31 Jul 2019 10:37:47 -0700 (PDT) MIME-Version: 1.0 References: <20190725142821.hf524xbdgqcshrei@annexia.org> <20190731141952.zod7aftusgchoiyq@topoi.pooq.com> In-Reply-To: From: Ivan Gotovchits Date: Wed, 31 Jul 2019 13:40:11 -0400 Message-ID: To: Xavier Leroy Cc: Hendrik Boom , caml users Content-Type: multipart/alternative; boundary="000000000000631bea058efd95d1" Subject: Re: [Caml-list] Any plans for supporting Intel CET in OCaml? Reply-To: Ivan Gotovchits X-Loop: caml-list@inria.fr X-Sequence: 17724 Errors-to: caml-list-owner@inria.fr Precedence: list Precedence: bulk Sender: caml-list-request@inria.fr X-no-archive: yes List-Id: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --000000000000631bea058efd95d1 Content-Type: text/plain; charset="UTF-8" On Wed, Jul 31, 2019 at 11:21 AM Xavier Leroy < xavier.leroy@college-de-france.fr> wrote: > On Wed, Jul 31, 2019 at 4:20 PM Hendrik Boom > wrote: > >> >> There is, of course, also the question what would happen on nonintel or >> older machines if they don't have those ENDBR64 or ENDBR32 >> instructions in the hardware. >> > > I read somewhere that those instructions look like no-ops on older > machines. > The `endbr64` is encoded as `f3 0f 1e fa` which [1] is a hintable [2] opcode prefixed with `repz`, e.g., something like ` repz nop %edx`. Though theoretically `0f 1e fa` should be considered as a nop by most more or less modern CPU it is not really guaranteed, so whether it will work on old AMD/Cyrix/etc is a big question (I bet no). Not to say that the `f3` prefix complicates things even more. The truth is that the introduction of `endrbr` actually broke most of the code analyzers and emulators, e.g., LLVM, QEMU, Valgrind to name a few. [1]: http://ref.x86asm.net/geek.html#x0F1E [2]: http://patft.uspto.gov/netacgi/nph-Parser?Sect2=PTO1&Sect2=HITOFF&p=1&u=/netahtml/PTO/search-bool.html&r=1&f=G&l=50&d=PALL&RefSrch=yes&Query=PN/5701442 > >> (Such as, perhaps, an actual AMD-manufactured AMD64? Like my >> 10-year-old AMD server?) >> >> Do we now have two distinct platforms to support? >> > > It could be a configure-time choice. I wouldn't call that two distinct > platforms, more like two variants of the same platform. > > Just speculating here. All this needs to be discussed and agreed on, of > course. > > - Xavier Leroy > > >> -- hendrik >> >> > >> > >> > > >> > > There's also some stuff with shadow stacks which looks a lot more >> > > complicated and I didn't fully understand. The whole thing is >> > > described in: >> > > >> > > >> > > >> https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf >> > > https://lwn.net/Articles/758245/ >> > > >> > > >> > I don't understand how these shadow stacks are supposed to interact with >> > exception handling, either Caml-style or C++/Java style. >> > >> > They are not supposed to. C++ exceptions, setjmp/longjmp, signal handlers, etc are not covered by this technology. So the compiler should be clever enough no to enable shadow stack if any of these features are used. > > Kind regards, >> > >> > - Xavier Leroy >> > >> > >> > > Unfortunately (but for obvious reasons) every asm object in a program >> > > must be compiled with CET in order to enable the feature for the >> > > program as a whole. This means that any mixed OCaml/C program can't >> > > benefit from CET even in the C parts, unless we also support this in >> > > the OCaml parts. >> > > >> > > Has anyone looked into supporting this kind of thing in the amd64 >> > > backend? >> > > >> > > (I looked at the OCaml trunk and couldn't see any relevant commits, >> > > but maybe I missed something in my grepping). >> > > >> > > Rich. >> > > >> > --000000000000631bea058efd95d1 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable



On Wed, Jul 31, 2019= at 11:21 AM Xavier Leroy <xavier.leroy@college-de-france.fr> wrote:
On Wed, Jul 31, 2019 at 4:2= 0 PM Hendrik Boom <hendrik@topoi.pooq.com> wrote:

There is, of course, also the question what would happen on nonintel or older=C2=A0 machines if they don't have those ENDBR64 or ENDBR32
instructions in the hardware.

I read so= mewhere that those instructions look like no-ops on older machines.

The `endbr64` is encoded as= `f3 0f 1e fa` which [1] is a hintable [2] opcode prefixed with `repz`, e.g= ., something like ` repz nop %edx`. Though theoretically `0f 1e fa` should = be considered as a nop
by most more or less modern CPU it is not = really guaranteed, so whether it will work on old AMD/Cyrix/etc is a big qu= estion (I bet no). Not to say that the `f3` prefix complicates things even = more.=C2=A0
The truth is that the introduction of `endrbr` actual= ly broke most of the code analyzers and emulators, e.g., LLVM, QEMU, Valgri= nd to name a few.=C2=A0


[1]:=C2=A0<= a href=3D"http://ref.x86asm.net/geek.html#x0F1E">http://ref.x86asm.net/geek= .html#x0F1E
=C2=A0

(Such as, perhaps, an actual AMD-manufactured AMD64?=C2=A0 Like my
10-year-old AMD server?)

Do we now have two distinct platforms to support?

=
It could be a configure-time choice.=C2=A0 I wouldn't call t= hat two distinct platforms, more like two variants of the same platform.=C2= =A0

Just speculating here.=C2=A0 All this nee= ds to be discussed and agreed on, of course.

-= Xavier Leroy


-- hendrik

>
>
> >
> > There's also some stuff with shadow stacks which looks a lot = more
> > complicated and I didn't fully understand.=C2=A0 The whole th= ing is
> > described in:
> >
> >
> > https://software.intel.com/sites/default/files/managed/4d= /2a/control-flow-enforcement-technology-preview.pdf
> > https://lwn.net/Articles/758245/
> >
> >
> I don't understand how these shadow stacks are supposed to interac= t with
> exception handling, either Caml-style or C++/Java style.
>

They are= not supposed to. C++ exceptions, setjmp/longjmp, signal handlers, etc are = not covered by this technology. So the compiler should be clever enough no = to enable shadow stack if any of these features are used.=C2=A0
= =C2=A0
> Kind regards,
>
> - Xavier Leroy
>
>
> > Unfortunately (but for obvious reasons) every asm object in a pro= gram
> > must be compiled with CET in order to enable the feature for the<= br> > > program as a whole.=C2=A0 This means that any mixed OCaml/C progr= am can't
> > benefit from CET even in the C parts, unless we also support this= in
> > the OCaml parts.
> >
> > Has anyone looked into supporting this kind of thing in the amd64=
> > backend?
> >
> > (I looked at the OCaml trunk and couldn't see any relevant co= mmits,
> > but maybe I missed something in my grepping).
> >
> > Rich.
> >
--000000000000631bea058efd95d1--