projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e88a591) | patch
x86/hvm: CFI hardening for hvm_funcs
authorAndrew Cooper <andrew.cooper3@citrix.com>
Fri, 29 Oct 2021 19:15:24 +0000 (20:15 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
commitb158e72abe30821bcef8867387f350d290804edc
tree9840825d78d88351ab532511db0301abe0af2f8atree | snapshot
parente88a591461a8a590a391378a6b24221d6ce09f95commit | diff
x86/hvm: CFI hardening for hvm_funcs

Control Flow Integrity schemes use toolchain and optionally hardware support
to help protect against call/jump/return oriented programming attacks.

Use cf_check to annotate function pointer targets for the toolchain.

In svm.c, make a few rearrangements.  svm_update_guest_cr() has no external
callers so can become static, but needs moving along with svm_fpu_enter() to
avoid a forward declaration.  Move svm_fpu_leave() too, to match.  Also move
svm_update_guest_efer() to drop its forward declaration.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
xen/arch/x86/hvm/svm/nestedsvm.c diff | blob | history
xen/arch/x86/hvm/svm/svm.c diff | blob | history
xen/arch/x86/hvm/vmx/intr.c diff | blob | history
xen/arch/x86/hvm/vmx/vmcs.c diff | blob | history
xen/arch/x86/hvm/vmx/vmx.c diff | blob | history
xen/arch/x86/hvm/vmx/vvmx.c diff | blob | history
xen/arch/x86/include/asm/hvm/svm/nestedsvm.h diff | blob | history
xen/arch/x86/include/asm/hvm/svm/svm.h diff | blob | history
xen/arch/x86/include/asm/hvm/vmx/vmcs.h diff | blob | history
xen/arch/x86/include/asm/hvm/vmx/vmx.h diff | blob | history
xen/arch/x86/include/asm/hvm/vmx/vvmx.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.