kees added a comment. I can build and boot with this. Nice! :) One issue I see is in instruction sequence ordering.
Looking at the end of `__startup_64` without the feature enabled, everything looks "normal": 31 c0 xor %eax,%eax 5b pop %rbx 41 5e pop %r14 41 5f pop %r15 5d pop %rbp c3 ret with `-fzero-call-used-regs=used-gpr`: 31 c0 xor %eax,%eax 31 c9 xor %ecx,%ecx 31 ff xor %edi,%edi 31 d2 xor %edx,%edx 31 f6 xor %esi,%esi 45 31 c0 xor %r8d,%r8d 45 31 c9 xor %r9d,%r9d 45 31 d2 xor %r10d,%r10d 45 31 db xor %r11d,%r11d 5b pop %rbx 41 5e pop %r14 41 5f pop %r15 5d pop %rbp c3 ret The registers are being wiped, and that's what's needed for the "reducing data lifetime" part of this feature, but because of the ordering, it is not really making ROP attacks harder since all the `pop` instructions are available before the `ret`. I would have expected: 31 c0 xor %eax,%eax 5b pop %rbx 41 5e pop %r14 41 5f pop %r15 5d pop %rbp 31 c9 xor %ecx,%ecx 31 ff xor %edi,%edi 31 d2 xor %edx,%edx 31 f6 xor %esi,%esi 45 31 c0 xor %r8d,%r8d 45 31 c9 xor %r9d,%r9d 45 31 d2 xor %r10d,%r10d 45 31 db xor %r11d,%r11d c3 ret And looking at the results with GCC, that's effectively the case. (They're still using `xor`+`mov`, but I'm expecting them <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101891> to switch to all-`xor`.) 31 c0 xor %eax,%eax 5b pop %rbx 5d pop %rbp 41 5c pop %r12 31 d2 xor %edx,%edx 89 d1 mov %edx,%ecx 89 d6 mov %edx,%esi 89 d7 mov %edx,%edi 41 89 d0 mov %edx,%r8d 41 89 d1 mov %edx,%r9d 41 89 d2 mov %edx,%r10d 41 89 d3 mov %edx,%r11d c3 ret With that swapped around, this will be looking great! :) Some more details about the anti-ROP-ness are here: https://git.kernel.org/linus/a82adfd5c7cb4b8bb37ef439aed954f9972bb618 Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D110869/new/ https://reviews.llvm.org/D110869 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
