projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8bf7240) | patch
x86/ucode: Use altcall, and __initconst_cf_clobber
authorAndrew Cooper <andrew.cooper3@citrix.com>
Sun, 7 Nov 2021 11:35:50 +0000 (11:35 +0000)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
commit8f473f92e531d1189b03a2e4acdf87ff0f029f30
tree7ca52225f7acdabc6b78fe7c58e2aee2ba35ece9tree | snapshot
parent8bf7240842c765b6fa13095572aa77c38ff27acfcommit | diff
x86/ucode: Use altcall, and __initconst_cf_clobber

Microcode loading is not a fastpath, but there are control flow integrity
hardening benefits from using altcall, because it allows us to clobber the
endbr64 instructions on all function pointer targets.

Convert the existing microcode_ops pointer into an __ro_after_init structure,
and move {amd,intel}_ucode_ops into __initconst_cf_clobber.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
xen/arch/x86/cpu/microcode/amd.c diff | blob | history
xen/arch/x86/cpu/microcode/core.c diff | blob | history
xen/arch/x86/cpu/microcode/intel.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.