~tkchia

Asia

https://codeberg.org/tkchia

😴 "MOV AX,​0D500H​+CMOS_REG_D​+NMI" • https://mastodon.social/@tkchia • https://gitlab.com/tkchia

Recent activity

Re: Control-flow integrity overhead 3 months ago

From TK Chia to ~mpu/qbe

Hello Lorenz,

> i think this is out of scope for QBE - this could be done by a linker
> script or simply using gcc (or clang) as the linker.

On Linux the extra ELF note is indeed part of GCC cc1's assembly
language output.  The note looks something like this:

```
	.section	.note.gnu.property,"a"
	.align 8
	.long	1f - 0f
	.long	4f - 1f
	.long	5

Re: Control-flow integrity overhead 3 months ago

From TK Chia to ~mpu/qbe

Hello all,

>> endbr64 instructions and assemble them [1], so i'd like to kindly
>> ask if you could re-add the patch again. CFI has really minimal
>> overhead considering that it is really great for security when

I feel the patch is still incomplete.  On Linux at least -- and probably
other BSDs too -- the object module also needs to include a special ELF
note in .note.gnu.property, which will go into the final program, so
that the OS will know to enable the CPU's hardware checks at runtime.
GCC 11 does this.

(Without the note, there will be no control flow integrity checking, so
no added security, despite any `endbr64' opcodes.)