https://bugs.exim.org/show_bug.cgi?id=2509
Bug ID: 2509
Summary: JIT should emit Control-flow Enforcement Technology
(CET) instructions
Product: PCRE
Version: N/A
Hardware: x86
OS: Linux
Status: NEW
Severity: wishlist
Priority: medium
Component: Code
Assignee: ph10@???
Reporter: ppisar@???
CC: pcre-dev@???
Intel extended x86-32 and x86-64 ISAs with Control-flow Enforcement Technology
(CET) instructions in order to prevent the adversaries from changing a code
flow using ROP and similar techniques. See
<
https://software.intel.com/sites/default/files/managed/4d/2a/control-flow-enforcement-technology-preview.pdf>
for more details.
I got reached by Intel that PCRE2 in Fedora distribution is missing this
protection in the code generated by sljit
<
https://bugzilla.redhat.com/show_bug.cgi?id=1789089>. Therefore I'm forwarding
the request here as it is not specific to Fedora.
In my opinion, sljit could utilize __CET__ macro defined by GCC if CET had been
requested by the compiler flags. (See gcc manual page.) If the macro is
defined, sljit should emit the instructions (ENDBR64 etc.) before entering a
function call. This way the hardening would get enabled in JIT-generated code
based on CFLAGS passed to PCRE2 ./configure script. Technically the new
instructions are NOPs for old processors and you could emit them
unconditionally, but I can image people hunting performance would like to see a
possibility to compile the code without CET.
I will respond to Intel that they should follow up here (or do you prefer sljit
on GitHub?) to help you with it. As far as I know there is still no hardware
implementing the ISA available for general public.
--
You are receiving this mail because:
You are on the CC list for the bug.
