v2.x64: add endbr64 (0xF3 0x0F 0x1E 0xFA) at the start of every function prologue

medvednikov · medvednikov · commit c0d5714f22d7 · 2026-01-27T05:40:04.000+03:00
Necessary if the binary was linked with glibc compiled with CET (Control-flow Enforcement Technology) support, which adds a
.note.gnu.property indicating IBT (Indirect Branch Tracking) is required. When __libc_start_main calls main via an indirect
call, the CPU checks that the target starts with endbr64. Since main started with push rbp instead, the CPU raised a Control
Protection fault = SIGSEGV (exit code 11).
diff --git a/vlib/v2/gen/x64/x64.v b/vlib/v2/gen/x64/x64.v
@@ -126,6 +126,11 @@ fn (mut g Gen) gen_func(func ssa.Function) {
 	g.elf.add_symbol(func.name, u64(g.curr_offset), true, 1)
 
 	// Prologue
+	// endbr64 - required for CET/IBT (Indirect Branch Tracking)
+	g.emit(0xF3)
+	g.emit(0x0F)
+	g.emit(0x1E)
+	g.emit(0xFA)
 	g.emit(0x55) // push rbp
 	g.emit(0x48)
 	g.emit(0x89)
