Tweet
Originally posted by Jannik2099
View Post
-
This is true. CET consists of two features: IBT and Shadow Stack in Zen 3. AMD only implements Shadow Stack. The reason likely is that there is a software version of this: CFI in GCC and LLVM and XFG (Windows) as they provide superior protection. IBT offers the weaker protection that CFG on Windows provides today but at lower overheadLast edited by CKing123; 05 September 2022, 02:52 PM. -
-
I stand corrected. So GCC has to rely on IBT for forward indirect branch protection it seemsOriginally posted by Jannik2099 View Post
Comment
-
And you have to rely on your software to be compiled with that version of GCC.Originally posted by CKing123 View PostComment
-
I do wish that finer CFI be implemented in GCC, with IBT on x86 and BTI on arm64 be reserved in cases where the requirements of fine-grained CFI like LTO are not available. In addition, finer-grained CFI would work on all processors including older processors that don't support IBT. That said, Window's version of course-grained CFI called CFG works even on older processors and provides IBT/BTI level protection, while more fine-grained CFI is XFG (and Clang's CFI protection are comparable here). Perhaps GCC could implement CFG-like protection in cases where finer-grained protection is not available and processor does not support IBT/BTI for protection for all processors.Originally posted by strtj View PostComment
-
This turned out not to be the case. Zen 4 continues to support Shadow Stack (as Zen 3 does), but does not include support for IBTOriginally posted by Jannik2099 View PostComment
Comment