ldc icon indicating copy to clipboard operation
ldc copied to clipboard

Published 20 hours ago verified publisher icon ldc-developers

Emit IBT/BTI instructions

Open ibara opened this issue 2 years ago • 8 comments
trafficstars

Hi LDC developers --

OpenBSD moved to an IBT/BTI world. This causes binaries created with LDC to fail, as LDC does not emit the proper instructions for IBT/BTI.

This should be fixable with the addition of a flag that enables these instructions, as LLVM supports IBT/BTI very well.

ibara avatar Jul 10 '23 13:07 ibara

Hi. Is this clang's -fcf-protection={return,branch,full}? That would set module flags according to https://github.com/ldc-developers/llvm-project/blob/c12d3509ebf75bb6a16798d5fed91acca86f7899/clang/lib/CodeGen/CodeGenModule.cpp#L771-L783

Is this supposed to be the default setting starting with what OpenBSD version? And OpenBSD only, not for FreeBSD etc.?

kinke avatar Jul 10 '23 14:07 kinke

Hi. Yes. This is -fcf-protection=branch only. This is the default on OpenBSD -current today, which will eventually become OpenBSD 7.4.

OpenBSD only. The BSDs aren't like Linux. One should think of OpenBSD and FreeBSD as differently as you would think of Linux and FreeBSD.

ibara avatar Jul 10 '23 14:07 ibara

Note: this should also set a __CET__ enum value. Or perhaps we should define __CET_x__ versions with x = 1,2,3.

// RUN: %clang -target i386-unknown-unknown -x c -E -dM -o - -fcf-protection=return %s | FileCheck %s --check-prefix=RETURN
// RUN: %clang -target i386-unknown-unknown -x c -E -dM -o - -fcf-protection=branch %s | FileCheck %s --check-prefix=BRANCH
// RUN: %clang -target i386-unknown-unknown -x c -E -dM -o - -fcf-protection=full %s   | FileCheck %s --check-prefix=FULL

// RETURN: #define __CET__ 2
// BRANCH: #define __CET__ 1
// FULL: #define __CET__ 3
void foo() {}

JohanEngelen avatar Jul 11 '23 16:07 JohanEngelen

https://github.com/llvm/llvm-project/blob/fbe4ff8149a2b656a66cc0c64a38a5302c051c6e/clang/lib/CodeGen/CodeGenModule.cpp#L1015-L1027

JohanEngelen avatar Jul 11 '23 19:07 JohanEngelen

This should be fixable with the addition of a flag that enables these instructions, as LLVM supports IBT/BTI very well.

@ibara I implemented just that. Is that sufficient? This would mean that OpenBSD ldc2 packaging would have to modify ldc2.conf by adding -fcf-protection, before building druntime&phobos.

JohanEngelen avatar Jul 11 '23 21:07 JohanEngelen

This should be fixable with the addition of a flag that enables these instructions, as LLVM supports IBT/BTI very well.

@ibara I implemented just that. Is that sufficient? This would mean that OpenBSD ldc2 packaging would have to modify ldc2.conf by adding -fcf-protection, before building druntime&phobos.

I will test over the next few days and let you know.

ibara avatar Jul 11 '23 22:07 ibara

Please remember that aarch64 also needs this, the Clang flag for aarch64 is -mbranch-protection.

Nobody143745 avatar Jul 11 '23 22:07 Nobody143745

Please remember that aarch64 also needs this, the Clang flag for aarch64 is -mbranch-protection.

-mbranch-protection implementation in clang/llvm, see ARM::parseBranchProtection (LLVM lib function) and how it is used to generate function attributes by clang.

JohanEngelen avatar Jul 12 '23 17:07 JohanEngelen