dgit.raspbian.org Git - xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 2 Nov 2021 20:58:59 +0000 (20:58 +0000)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
commit	640ce8af9cd09a13c68fa3472f498de022606df3
tree	606901ad6274e94ea5ef13cb54a6c7f7e0b7e38c	tree \| snapshot
parent	954bb07fdb5fadf7e341f84c90e950ae9dbbabbf	commit \| diff

x86/bugframe: CFI hardening

Control Flow Integrity schemes use toolchain and optionally hardware support
to help protect against call/jump/return oriented programming attacks.

Use cf_check to annotate function pointer targets for the toolchain.

run_in_exception_handler() managed to escape typechecking, as the compiler
can't see where function pointer gets called. After adding some ad-hoc
typechecking, it turns out that dump_execution_state() alone differs in
const-ness from the other users of run_in_exception_handler().

Introduce a new show_execution_state_nonconst() to make the typechecking
happy.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>

xen/arch/x86/include/asm/bug.h		diff \| blob \| history
xen/arch/x86/include/asm/processor.h		diff \| blob \| history
xen/arch/x86/traps.c		diff \| blob \| history
xen/common/keyhandler.c		diff \| blob \| history
xen/drivers/char/ehci-dbgp.c		diff \| blob \| history
xen/drivers/char/ns16550.c		diff \| blob \| history
xen/include/xen/lib.h		diff \| blob \| history