Hi Richard,
[expanding CC to include others who may be interested in this]
On Fri, Dec 14, 2018 at 04:57:02PM -0600, Richard Henderson wrote:
This seems like a tricky extension to deploy to the operating system.
What is the proposed interface for setting GP on application pages? There are several things that seem plausible to me, and I wondered how far planning has gotten.
I've not seen anything set in stone yet, so I think this is all still up for grabs. Ramana?
An mmap/mprotect flag?
I'm not aware of any precedent for arch-specific mmap/mprotect flags, but it looks like PowerPC adds its own PROT bit for "Strong Access Ordering" so something similar might be do-able for GP on arm64.
However, if we anticipate that pages are either GP or !GP for the lifetime of the mapping, I think your suggestions below relating to encoding this in the ELF make more sense.
An ELF program header PT_ARM_BTI (a-la PT_GNU_RELRO) to direct the loader to set said flag when mapping binaries? Or equivalently, a PF_MASKOS bit that could be set on the normal PT_LOAD header.
An ELF section flag set by the compiler for sections that use -mbti, which are then collected into the PT_GNU_BTI segment by the linker?
That seems like the most plausible way to indicate on a per-binary basis that it has been compiled with the BTI hints in place. But probably there are other ways that make an equal amount of sense.
Is there any coordination going on with Intel wrt their similar gadget protection scheme(s)?
I'm not familiar with that. Are there patches out for review?
Will