[ELF] Change the size of ibtplt from 24 bytes to 32 bytes

2024-09-11 21:17:28 +03:00 · 2022-02-22 16:13:45 +09:00 · 2022-02-22 16:13:45 +09:00 · 4667be6134
commit 4667be6134
parent 3f9868238b
3 changed files with 15 additions and 7 deletions
--- a/elf/arch-x86-64.cc
+++ b/elf/arch-x86-64.cc
@ -24,8 +24,8 @@ static void write_compact_plt(Context<E> &ctx) {

 // The IBTPLT is a security-enhanced version of the regular PLT.
 // It uses Indirect Branch Tracking (IBT) feature which is part of
-// Intel Control-Flow Enforcement (CET). IBTPLT is slightly larger
-// than the regular PLT (24 bytes vs 16 bytes for each entry).
+// Intel Control-Flow Enforcement (CET). IBTPLT is larger than the
+// regular PLT (32 bytes vs 16 bytes for each entry).
 //
 // Note that our IBTPLT instruction sequence is different from the one
 // used in GNU ld. GNU's IBTPLT implementation uses two separate
@ -48,12 +48,18 @@ static void write_ibtplt(Context<E> &ctx) {
  // Write PLT entries
  i64 relplt_idx = 0;

+  // The last 11 bytes are padding, so we could have shrunk each PLT
+  // entry to 24 bytes. We don't do that because according to the Intel
+  // optimization manual, all branch targets should be 16-byte aligned
+  // for optimal performance.
  static const u8 data[] = {
    0xf3, 0x0f, 0x1e, 0xfa, // endbr64
    0xff, 0x25, 0, 0, 0, 0, // jmp *foo@GOTPLT
    0x68, 0, 0, 0, 0,       // push $index_in_relplt
    0xf2, 0xe9, 0, 0, 0, 0, // jmp PLT[0]
    0x0f, 0x1f, 0x00,       // nop
+    0x0f, 0x1f, 0x40, 0x00, // nop
+    0x0f, 0x1f, 0x40, 0x00, // nop
  };

  for (Symbol<E> *sym : ctx.plt->symbols) {
--- a/elf/cmdline.cc
+++ b/elf/cmdline.cc
@ -382,7 +382,7 @@ static std::pair<i64, i64> get_plt_size(Context<E> &ctx) {
    if (ctx.arg.z_now)
      return {0, 8};
    if (ctx.arg.z_ibtplt)
-      return {16, 24};
+      return {16, 32};
    return {16, 16};
  case EM_386:
    return {16, 16};
--- a/test/elf/z-ibtplt.sh
+++ b/test/elf/z-ibtplt.sh
@ -14,9 +14,8 @@ mkdir -p $t

 cat <<EOF | $CC -fPIC -o $t/a.o -c -xc -
 #include <stdio.h>
-void hello() {
-  printf("Hello");
-}
+void hello() { printf("Hello"); }
+void world() { printf("world"); }
 EOF

 $CC -B. -o $t/b.so -shared $t/a.o -Wl,-z,ibtplt
@ -25,10 +24,13 @@ cat <<EOF | $CC -o $t/c.o -c -xc -
 #include <stdio.h>

 void hello();
+void world();

 int main() {
  hello();
-  puts(" world");
+  printf(" ");
+  world();
+  printf("\n");
 }
 EOF