On Wed, May 11, 2022 at 11:22 AM Florian Weimer <fwei...@redhat.com> wrote: > > * H. J. Lu: > > >> >> > Generate jump tables with ENDBR and skip the NOTRACK prefix for > >> >> > indirect > >> >> > jump. Document -mno-cet-switch to turn off CET instrumentation on > >> >> > jump > >> >> > tables for switch statements. > >> >> > >> >> Of course, that is a slight regression in security hardening. > >> >> > >> >> Quite frankly, I'm puzzled why the kernel decided to require these > >> >> additional ENDBR instructions. > >> > > >> > Kernel is using -mcet-switch today. Should we document -mcet-switch > >> > and keep it off by default instead? > >> > >> Sorry, I'm not 100% certain of the mechanics/options involved. > >> > >> I think the default should reflect userspace requirements, like with the > >> red zone and vector register usage for integer code. > > > > The question is if the compiler should use NOTRACK by default for > > the jump table. It is independent of whether NOTRACK is enabled or > > not. > > NOTRACK avoids the need for ENDBR instructions, right? That's a > hardening improvement, so it should be used by default.
NOTRACK weakens IBT since it disables IBT on the indirect jump instruction. GCC uses it in the jump table to avoid ENDBR. -- H.J.
