https://gcc.gnu.org/bugzilla/show_bug.cgi?id=104816
Bug ID: 104816
Summary: -fcf-protection=branch should generate endbr instead
of notrack jumps
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: joao at overdrivepizza dot com
Target Milestone: ---
When -fcf-protection=branch is used, the compiler will generate jump tables
where the indirect jump is prefixed with the NOTRACK prefix, so it can jump to
non-ENDBR targets. Yet, for NOTRACK prefixes to work, the NOTRACK specific
enable bit must be set, what renders the binary broken on any environment where
this is not the case. In fact, having NOTRACK disabled was a design choice for
the Linux kernel CET support [https://lkml.org/lkml/2022/3/7/1068].
With the above, the compiler should generate jump tables with ENDBRs, for
proper correctness. And, if security regarding the additional ENDBRs is a
concern, the code can be explicitly compiled with -fno-jump-tables.
