projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 07d6c4f) | patch
x86/stack: CFI hardening
authorAndrew Cooper <andrew.cooper3@citrix.com>
Fri, 29 Oct 2021 17:04:02 +0000 (18:04 +0100)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
commit954bb07fdb5fadf7e341f84c90e950ae9dbbabbf
tree67097f43056a7536eca1e93fb2f57695f01c278ftree | snapshot
parent07d6c4fa3e329a91767d0230f21da53a4ec84a95commit | diff
x86/stack: CFI hardening

Control Flow Integrity schemes use toolchain and optionally hardware support
to help protect against call/jump/return oriented programming attacks.

Use cf_check to annotate function pointer targets for the toolchain.

The function typecheck in switch_stack_and_jump() is incompatible with control
flow typechecking.  It's ok for reset_stack_and_jump_ind(), but for
reset_stack_and_jump(), it would force us to endbr64 the targets which are
branched to directly.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>
xen/arch/x86/domain.c diff | blob | history
xen/arch/x86/hvm/svm/svm.c diff | blob | history
xen/arch/x86/hvm/vmx/vmcs.c diff | blob | history
xen/arch/x86/hvm/vmx/vmx.c diff | blob | history
xen/arch/x86/include/asm/current.h diff | blob | history
xen/arch/x86/include/asm/hvm/vmx/vmx.h diff | blob | history
xen/arch/x86/include/asm/pv/domain.h diff | blob | history
xen/arch/x86/pv/domain.c diff | blob | history
xen/arch/x86/x86_64/entry.S diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.