CFI: enable indirect branch tracking on amd64 arch iand Sysv systems …

…to check jmp/call supported by clang and gcc.
Snaipe · Mar 27, 2023 · 4185c32 · 4185c32
1 parent 93b10bf
commit 4185c32
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 0 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -61,6 +61,11 @@ else ()
       set (MMK_ABI "win")
     else ()
       set (MMK_ABI "systemv")
+      if (CMAKE_C_COMPILER_ID MATCHES "GNU")
+        set (CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fcf-protection")
+        set (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} -Wl,-zibt -Wl,-zshstk")
+        set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -Wl,-zibt -Wl,-zshstk")
+      endif ()
     endif ()
     set (MMK_ARCH "x86_64")
     set (MMK_BITS 64)

diff --git a/src/asm/trampoline-x86_64-systemv.S b/src/asm/trampoline-x86_64-systemv.S
@@ -31,11 +31,19 @@
     movdqu (%rsp), Reg; \
     add $0x10, %rsp
 
+# if defined(__CET__)
+#  define mmk_cet endbr64
+# else
+#  define mmk_cet
+# endif
+
 .globl MANGLE(mmk_trampoline)
 MANGLE(mmk_trampoline):
 start:
+    mmk_cet
     call    next                                // Retrieve IP
 next:
+    mmk_cet
     pop     %r11
 
     push    %r11                                // Setup mock context