xenbits.xensource.com Git - xen.git/commit

author	Andrew Cooper <andrew.cooper3@citrix.com>
	Fri, 29 Oct 2021 17:04:02 +0000 (18:04 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
commit	954bb07fdb5fadf7e341f84c90e950ae9dbbabbf
tree	67097f43056a7536eca1e93fb2f57695f01c278f	tree
parent	07d6c4fa3e329a91767d0230f21da53a4ec84a95	commit \| diff

x86/stack: CFI hardening

Control Flow Integrity schemes use toolchain and optionally hardware support
to help protect against call/jump/return oriented programming attacks.

Use cf_check to annotate function pointer targets for the toolchain.

The function typecheck in switch_stack_and_jump() is incompatible with control
flow typechecking. It's ok for reset_stack_and_jump_ind(), but for
reset_stack_and_jump(), it would force us to endbr64 the targets which are
branched to directly.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Acked-by: Jan Beulich <jbeulich@suse.com>

xen/arch/x86/domain.c		diff \| blob \| blame \| history
xen/arch/x86/hvm/svm/svm.c		diff \| blob \| blame \| history
xen/arch/x86/hvm/vmx/vmcs.c		diff \| blob \| blame \| history
xen/arch/x86/hvm/vmx/vmx.c		diff \| blob \| blame \| history
xen/arch/x86/include/asm/current.h		diff \| blob \| blame \| history
xen/arch/x86/include/asm/hvm/vmx/vmx.h		diff \| blob \| blame \| history
xen/arch/x86/include/asm/pv/domain.h		diff \| blob \| blame \| history
xen/arch/x86/pv/domain.c		diff \| blob \| blame \| history
xen/arch/x86/x86_64/entry.S		diff \| blob \| blame \| history