www.digitalmars.com         C & C++   DMDScript  

digitalmars.D - IBT/BTI instructions and D compilers

reply Brian Callahan <bcallah openbsd.org> writes:
Hi all (but probably mostly Walter) --

OpenBSD has moved to an all-BTI world. Binaries produced by DMD 
and LDC no longer work because of this. If other OSes make this 
move, this problem will be further compounded. Is there any 
thought about enabling IBT/BTI instructions in DMD and LDC?

Thanks.
Jul 10 2023
next sibling parent reply "Richard (Rikki) Andrew Cattermole" <richard cattermole.co.nz> writes:
It looks like there is a workaround by adding PT_OPENBSD_NOBTCFI segment 
header. https://man.openbsd.org/ld.bfd.1

Have you tried that?
Jul 10 2023
parent reply Brian Callahan <bcallah openbsd.org> writes:
On Monday, 10 July 2023 at 11:39:39 UTC, Richard (Rikki) Andrew 
Cattermole wrote:

 It looks like there is a workaround by adding 
 PT_OPENBSD_NOBTCFI segment header. 
 https://man.openbsd.org/ld.bfd.1

 Have you tried that?


You know I'm an OpenBSD developer, right? We are not accepting 
this for compilers.
Jul 10 2023
parent reply "Richard (Rikki) Andrew Cattermole" <richard cattermole.co.nz> writes:
No, I am not aware of what projects people work upon unless I've helped 
them with it typically.

But yes, sorry for not seeing the from email address and making noise 
that wasn't helpful for continuing D support.
Jul 10 2023
next sibling parent reply Brian Callahan <bcallah openbsd.org> writes:
On Monday, 10 July 2023 at 12:06:37 UTC, Richard (Rikki) Andrew 
Cattermole wrote:

 No, I am not aware of what projects people work upon unless 
 I've helped them with it typically.

 But yes, sorry for not seeing the from email address and making 
 noise that wasn't helpful for continuing D support.


All good. I'm just asking about the status of IBT/BTI 
instructions being emitted by DMD and LDC. That's all.
Jul 10 2023
next sibling parent reply "Richard (Rikki) Andrew Cattermole" <richard cattermole.co.nz> writes:
On 11/07/2023 12:16 AM, Brian Callahan wrote:

 All good. I'm just asking about the status of IBT/BTI instructions being 
 emitted by DMD and LDC. That's all.


I should give you some feedback however.

When I looked up the appropriate keywords, all I got from Google was all 
but one completely useless links. The one useful one is by Intel 
targeting people who are already pretty deep into attack mitigation.

If this is anything to go by, there are no migration guidelines. So not 
very likely its going to have an implementation by anyone ;)
Jul 10 2023
parent Brian Callahan <bcallah openbsd.org> writes:
On Monday, 10 July 2023 at 12:46:14 UTC, Richard (Rikki) Andrew 
Cattermole wrote:

 On 11/07/2023 12:16 AM, Brian Callahan wrote:

 All good. I'm just asking about the status of IBT/BTI 
 instructions being emitted by DMD and LDC. That's all.


 I should give you some feedback however.

 When I looked up the appropriate keywords, all I got from 
 Google was all but one completely useless links. The one useful 
 one is by Intel targeting people who are already pretty deep 
 into attack mitigation.

 If this is anything to go by, there are no migration 
 guidelines. So not very likely its going to have an 
 implementation by anyone ;)


That's why I asked. I didn't know if Walter had thought about it 
and I figured it was cheap and easy to ask him.
Jul 10 2023
prev sibling parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 7/10/2023 5:16 AM, Brian Callahan wrote:

 All good. I'm just asking about the status of IBT/BTI instructions being
emitted 
 by DMD and LDC. That's all.


Are you talking about the ENDBR32 and ENDBR64 instructions?
Jul 10 2023
parent max haughton <maxhaton gmail.com> writes:
On Monday, 10 July 2023 at 19:54:59 UTC, Walter Bright wrote:

 On 7/10/2023 5:16 AM, Brian Callahan wrote:

 All good. I'm just asking about the status of IBT/BTI 
 instructions being emitted by DMD and LDC. That's all.


 Are you talking about the ENDBR32 and ENDBR64 instructions?


Yes. Intel's documentation on this is terrible 
https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-2/006/indirect-branch-tracking/
Jul 10 2023
prev sibling parent FeepingCreature <feepingcreature gmail.com> writes:
On Monday, 10 July 2023 at 12:06:37 UTC, Richard (Rikki) Andrew 
Cattermole wrote:

 No, I am not aware of what projects people work upon unless 
 I've helped them with it typically.

 But yes, sorry for not seeing the from email address and making 
 noise that wasn't helpful for continuing D support.


If you're in the webforum, there's no way to see the From header 
anyways, afaict.
Jul 10 2023
prev sibling next sibling parent reply Ernesto Castellotti <erny.castell gmail.com> writes:
On Monday, 10 July 2023 at 11:24:37 UTC, Brian Callahan wrote:

 Hi all (but probably mostly Walter) --

 OpenBSD has moved to an all-BTI world. Binaries produced by DMD 
 and LDC no longer work because of this. If other OSes make this 
 move, this problem will be further compounded. Is there any 
 thought about enabling IBT/BTI instructions in DMD and LDC?

 Thanks.


BTI should work on GCC D Compiler (GDC) with 
-branch-protection=bti, LDC as far as I know lacks flag support 
but it should be very easy to implement because LLVM supports BTI.
Regarding DMD I think it's very complex because probably the 
backend doesn't support it.
Jul 10 2023
next sibling parent reply Brian Callahan <bcallah openbsd.org> writes:
On Monday, 10 July 2023 at 12:46:57 UTC, Ernesto Castellotti 
wrote:

 On Monday, 10 July 2023 at 11:24:37 UTC, Brian Callahan wrote:

 Hi all (but probably mostly Walter) --

 OpenBSD has moved to an all-BTI world. Binaries produced by 
 DMD and LDC no longer work because of this. If other OSes make 
 this move, this problem will be further compounded. Is there 
 any thought about enabling IBT/BTI instructions in DMD and LDC?

 Thanks.


 BTI should work on GCC D Compiler (GDC) with 
 -branch-protection=bti, LDC as far as I know lacks flag support 
 but it should be very easy to implement because LLVM supports 
 BTI.
 Regarding DMD I think it's very complex because probably the 
 backend doesn't support it.


AFAIK, it does work on GDC.
Jul 10 2023
parent reply Ernesto Castellotti <erny.castell gmail.com> writes:
On Monday, 10 July 2023 at 13:01:46 UTC, Brian Callahan wrote:

 On Monday, 10 July 2023 at 12:46:57 UTC, Ernesto Castellotti 
 wrote:

 On Monday, 10 July 2023 at 11:24:37 UTC, Brian Callahan wrote:

 Hi all (but probably mostly Walter) --

 OpenBSD has moved to an all-BTI world. Binaries produced by 
 DMD and LDC no longer work because of this. If other OSes 
 make this move, this problem will be further compounded. Is 
 there any thought about enabling IBT/BTI instructions in DMD 
 and LDC?

 Thanks.


 BTI should work on GCC D Compiler (GDC) with 
 -branch-protection=bti, LDC as far as I know lacks flag 
 support but it should be very easy to implement because LLVM 
 supports BTI.
 Regarding DMD I think it's very complex because probably the 
 backend doesn't support it.


 AFAIK, it does work on GDC.



Yes I tried now, no problem with -fcf-protection and 
-mbranch-protection in GDC.

For LDC it should be very simple to do the same, it would be 
useful to open an issue in the LDC repo

The real problem is DMD, I'm afraid it needs some tweaking in the 
backend
Jul 10 2023
parent reply Brian Callahan <bcallah openbsd.org> writes:
On Monday, 10 July 2023 at 13:08:03 UTC, Ernesto Castellotti 
wrote:

 For LDC it should be very simple to do the same, it would be 
 useful to open an issue in the LDC repo

 The real problem is DMD, I'm afraid it needs some tweaking in 
 the backend


Good idea. I made an Issue on GitHub for LDC and I made a 
Bugzilla report for DMD.
Jul 10 2023
parent reply Iain Buclaw <ibuclaw gdcproject.org> writes:
On Monday, 10 July 2023 at 13:25:37 UTC, Brian Callahan wrote:

 On Monday, 10 July 2023 at 13:08:03 UTC, Ernesto Castellotti 
 wrote:

 For LDC it should be very simple to do the same, it would be 
 useful to open an issue in the LDC repo

 The real problem is DMD, I'm afraid it needs some tweaking in 
 the backend


 Good idea. I made an Issue on GitHub for LDC and I made a 
 Bugzilla report for DMD.


I did raise a bug report back in 2020

https://issues.dlang.org/show_bug.cgi?id=20933

I guess I didn't word it clearly enough. :-)
Jul 10 2023
parent reply Brian Callahan <bcallah openbsd.org> writes:
On Monday, 10 July 2023 at 14:19:38 UTC, Iain Buclaw wrote:

 On Monday, 10 July 2023 at 13:25:37 UTC, Brian Callahan wrote:

 On Monday, 10 July 2023 at 13:08:03 UTC, Ernesto Castellotti 
 wrote:

 For LDC it should be very simple to do the same, it would be 
 useful to open an issue in the LDC repo

 The real problem is DMD, I'm afraid it needs some tweaking in 
 the backend


 Good idea. I made an Issue on GitHub for LDC and I made a 
 Bugzilla report for DMD.


 I did raise a bug report back in 2020

 https://issues.dlang.org/show_bug.cgi?id=20933

 I guess I didn't word it clearly enough. :-)


Hi Iain --

Yes, it is. We do enable it by default on OpenBSD :)
More specifically, this is the -fcf-protection=branch flag -- no 
shadow stack stuff here.
Jul 10 2023
parent reply Brian Callahan <bcallah openbsd.org> writes:
On Monday, 10 July 2023 at 14:45:48 UTC, Brian Callahan wrote:

 On Monday, 10 July 2023 at 14:19:38 UTC, Iain Buclaw wrote:

 On Monday, 10 July 2023 at 13:25:37 UTC, Brian Callahan wrote:

 On Monday, 10 July 2023 at 13:08:03 UTC, Ernesto Castellotti 
 wrote:

 For LDC it should be very simple to do the same, it would be 
 useful to open an issue in the LDC repo

 The real problem is DMD, I'm afraid it needs some tweaking 
 in the backend


 Good idea. I made an Issue on GitHub for LDC and I made a 
 Bugzilla report for DMD.


 I did raise a bug report back in 2020

 https://issues.dlang.org/show_bug.cgi?id=20933

 I guess I didn't word it clearly enough. :-)


 Hi Iain --

 Yes, it is. We do enable it by default on OpenBSD :)
 More specifically, this is the -fcf-protection=branch flag -- 
 no shadow stack stuff here.


Actually, I take that back. We don't do the --enable-cet flag for 
libphobos (didn't know that existed). But we build all of GCC 
with -fcf-protection=branch.
Jul 10 2023
next sibling parent Brian Callahan <bcallah openbsd.org> writes:
On Monday, 10 July 2023 at 14:46:47 UTC, Brian Callahan wrote:

 On Monday, 10 July 2023 at 14:45:48 UTC, Brian Callahan wrote:

 On Monday, 10 July 2023 at 14:19:38 UTC, Iain Buclaw wrote:

 On Monday, 10 July 2023 at 13:25:37 UTC, Brian Callahan wrote:

 On Monday, 10 July 2023 at 13:08:03 UTC, Ernesto Castellotti 
 wrote:

 For LDC it should be very simple to do the same, it would 
 be useful to open an issue in the LDC repo

 The real problem is DMD, I'm afraid it needs some tweaking 
 in the backend


 Good idea. I made an Issue on GitHub for LDC and I made a 
 Bugzilla report for DMD.


 I did raise a bug report back in 2020

 https://issues.dlang.org/show_bug.cgi?id=20933

 I guess I didn't word it clearly enough. :-)


 Hi Iain --

 Yes, it is. We do enable it by default on OpenBSD :)
 More specifically, this is the -fcf-protection=branch flag -- 
 no shadow stack stuff here.


 Actually, I take that back. We don't do the --enable-cet flag 
 for libphobos (didn't know that existed). But we build all of 
 GCC with -fcf-protection=branch.


And because Intel I don't think was all that good at explaining 
things, and we have this flag that does one or both of two very 
different things: -fcf-protection=return does shadow stacks and 
-fcf-protection=full does both shadow stacks and IBT. Neither of 
these are what we're talking about. Just -fcf-protection=branch 
which only does IBT. Intel says you can do one without the other. 
But both are controlled by the same flag. Go figure.
Jul 10 2023
prev sibling parent reply Iain Buclaw <ibuclaw gdcproject.org> writes:
On Monday, 10 July 2023 at 14:46:47 UTC, Brian Callahan wrote:

 Actually, I take that back. We don't do the --enable-cet flag 
 for libphobos (didn't know that existed). But we build all of 
 GCC with -fcf-protection=branch.


Grep `build/*/libphobos/config.log` for CET_DFLAGS.  You 
shouldn't need to enable it explicitly on x86/64.
Jul 10 2023
parent Brian Callahan <bcallah openbsd.org> writes:
On Monday, 10 July 2023 at 14:53:34 UTC, Iain Buclaw wrote:

 On Monday, 10 July 2023 at 14:46:47 UTC, Brian Callahan wrote:

 Actually, I take that back. We don't do the --enable-cet flag 
 for libphobos (didn't know that existed). But we build all of 
 GCC with -fcf-protection=branch.


 Grep `build/*/libphobos/config.log` for CET_DFLAGS.  You 
 shouldn't need to enable it explicitly on x86/64.


I get:
CET_DFLAGS=''
Jul 10 2023
prev sibling parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 7/10/2023 5:46 AM, Ernesto Castellotti wrote:

 Regarding DMD I think it's very complex because probably the backend doesn't 
 support it.


Ye of little faith! 20 lines of code.

https://github.com/dlang/dmd/pull/15415
Jul 14 2023
next sibling parent reply "Richard (Rikki) Andrew Cattermole" <richard cattermole.co.nz> writes:
Ooooo are we challenging you to things that dmd-be can't possibly 
support and you proving us wrong?

Okay, I'll begin: dmd-be cannot support atomics as intrinsics. How do I 
know this? You're too clever to have not implemented it if it was 
possible and instead had to rely on the slow non-inlining memory 
segfaulting inline assembly instead. After all, if ldc and gdc both 
support it and dmd doesn't, it must be because it can't do it!
Jul 14 2023
parent reply Walter Bright <newshound2 digitalmars.com> writes:
On 7/14/2023 11:41 PM, Richard (Rikki) Andrew Cattermole wrote:

 Ooooo are we challenging you to things that dmd-be can't possibly support and 
 you proving us wrong?


The dmd back end started out as an 8086 code generator. It survived:

1. adding 8087 instruction set (very different)
2. upgrade to 286
3. upgrade to 32 bit code
4. upgrade to 64 bit code
5. upgrade to SIMD
6. upgrade to VEX
Jul 15 2023
parent reply "Richard (Rikki) Andrew Cattermole" <richard cattermole.co.nz> writes:
Yeah quite an impressive life cycle!
Jul 15 2023
parent reply Iain Buclaw <ibuclaw gdcproject.org> writes:
On Sunday, 16 July 2023 at 02:54:29 UTC, Richard (Rikki) Andrew 
Cattermole wrote:

 Yeah quite an impressive life cycle!


Though, even GCC [started 
out](https://groups.google.com/g/mod.compilers/c/ynAVuwR7dPw) as 
an 8020 (and vax) code generator.
Jul 16 2023
next sibling parent Walter Bright <newshound2 digitalmars.com> writes:
On 7/16/2023 12:41 PM, Iain Buclaw wrote:

 Though, even GCC [started 
 out](https://groups.google.com/g/mod.compilers/c/ynAVuwR7dPw) as an 8020 (and 
 vax) code generator.


I didn't know that! Cool
Jul 17 2023
prev sibling parent Walter Bright <newshound2 digitalmars.com> writes:
The advantage it has was being designed for the very irregular, inconsistent
use 
of registers.
Jul 17 2023
prev sibling parent reply Brian Callahan <bcallah openbsd.org> writes:
On Saturday, 15 July 2023 at 05:09:42 UTC, Walter Bright wrote:

 On 7/10/2023 5:46 AM, Ernesto Castellotti wrote:

 Regarding DMD I think it's very complex because probably the 
 backend doesn't support it.


 Ye of little faith! 20 lines of code.

 https://github.com/dlang/dmd/pull/15415


Hi Walter --

Thanks for working on this! It is much appreciated. I'll have 
some time soon to test it and LDC out.

(Also, I'd like to apologize to Rikki for my initial response on 
this thread. Came off harsher than I intended it to.)

~Brian
Jul 15 2023
parent "Richard (Rikki) Andrew Cattermole" <richard cattermole.co.nz> writes:
On 16/07/2023 12:22 AM, Brian Callahan wrote:

 (Also, I'd like to apologize to Rikki for my initial response on this 
 thread. Came off harsher than I intended it to.)


Lol its all good. You were in the throws of trying to get a pretty 
important improvement allocated time for, and I was worrying about 
WinCrypt so certain details were forgotten at the time :)
Jul 15 2023
prev sibling next sibling parent reply Iain Buclaw <ibuclaw gdcproject.org> writes:
On Monday, 10 July 2023 at 11:24:37 UTC, Brian Callahan wrote:

 Hi all (but probably mostly Walter) --

 OpenBSD has moved to an all-BTI world. Binaries produced by DMD 
 and LDC no longer work because of this. If other OSes make this 
 move, this problem will be further compounded. Is there any 
 thought about enabling IBT/BTI instructions in DMD and LDC?

 Thanks.


This is Intel CET, right?

It's on by default at configure-time.

https://github.com/gcc-mirror/gcc/commit/08c1d39d3a822dfe7d91524ec290e0f230504242

Speaking of which, the asm support code for Fibers does not 
support shadow stacks, so you'll need to fall back to 
ucontext_t's swapcontext unless someone figures out what the 
correct way to handle it is.
Jul 10 2023
parent Ernesto Castellotti <erny.castell gmail.com> writes:
On Monday, 10 July 2023 at 14:17:36 UTC, Iain Buclaw wrote:

 On Monday, 10 July 2023 at 11:24:37 UTC, Brian Callahan wrote:

 Hi all (but probably mostly Walter) --

 OpenBSD has moved to an all-BTI world. Binaries produced by 
 DMD and LDC no longer work because of this. If other OSes make 
 this move, this problem will be further compounded. Is there 
 any thought about enabling IBT/BTI instructions in DMD and LDC?

 Thanks.


 This is Intel CET, right?

 It's on by default at configure-time.

 https://github.com/gcc-mirror/gcc/commit/08c1d39d3a822dfe7d91524ec290e0f230504242

 Speaking of which, the asm support code for Fibers does not 
 support shadow stacks, so you'll need to fall back to 
 ucontext_t's swapcontext unless someone figures out what the 
 correct way to handle it is.



There is also for AArch64, see -mbranch-protection.
GCC/GDC works fine with -mbranch-protection on AArch64 but I 
don't know if it's the default.
Jul 11 2023
prev sibling next sibling parent Johan <j j.nl> writes:
On Monday, 10 July 2023 at 11:24:37 UTC, Brian Callahan wrote:

 Hi all (but probably mostly Walter) --

 OpenBSD has moved to an all-BTI world. Binaries produced by DMD 
 and LDC no longer work because of this. If other OSes make this 
 move, this problem will be further compounded. Is there any 
 thought about enabling IBT/BTI instructions in DMD and LDC?


When this is enabled, I want to add `__traits(getTargetInfo, 
"CET")` that has the same value as the macro `__CET__` in C. What 
string name `"CET"` shall I use for getTargetInfo? (i.e. that can 
be upstreamed to DMD, such that all 3 compilers use the same name)

Thanks,
   Johan
Jul 12 2023
prev sibling parent Walter Bright <newshound2 digitalmars.com> writes:
On 7/10/2023 4:24 AM, Brian Callahan wrote:

 OpenBSD has moved to an all-BTI world. Binaries produced by DMD and LDC no 
 longer work because of this. If other OSes make this move, this problem will
be 
 further compounded. Is there any thought about enabling IBT/BTI instructions
in 
 DMD and LDC?



Illuminating Hacker News discussion of this feature:

https://news.ycombinator.com/item?id=36722823
Jul 14 2023