EMBEDDED_EXTRA_CFLAGS := -nopie -fno-stack-protector -fno-stack-protector-all
EMBEDDED_EXTRA_CFLAGS += -fno-exceptions -fno-asynchronous-unwind-tables
-EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none
XEN_EXTFILES_URL ?= http://xenbits.xen.org/xen-extfiles
# All the files at that location were downloaded from elsewhere on
INST_DIR := $(DESTDIR)$(XENFIRMWAREDIR)
DEBG_DIR := $(DESTDIR)$(DEBUG_DIR)$(XENFIRMWAREDIR)
+EMBEDDED_EXTRA_CFLAGS += -fcf-protection=none
+
SUBDIRS-y :=
SUBDIRS-$(CONFIG_OVMF) += ovmf-dir
SUBDIRS-$(CONFIG_SEABIOS) += seabios-dir
void (*error)(const char *x));
#endif
+#define cf_check /* No Control Flow Integriy checking */
+
int xc_dom_decompress_unsafe(
decompress_fn fn, struct xc_dom_image *dom, void **blob, size_t *size)
__attribute__((visibility("internal")));
#define likely(x) __builtin_expect(!!(x), true)
#define unlikely(x) __builtin_expect(!!(x), false)
+#define cf_check /* No Control Flow Integriy checking */
+
#define container_of(ptr, type, member) ({ \
typeof(((type *)0)->member) *mptr__ = (ptr); \
(type *)((char *)mptr__ - offsetof(type, member)); \
# binutils >= 2.29 or LLVM >= 6
def_bool $(as-instr,wrssq %rax$(comma)0;setssbsy)
+config HAS_CC_CET_IBT
+ # GCC >= 9 and binutils >= 2.29
+ # Retpoline check to work around https://gcc.gnu.org/bugzilla/show_bug.cgi?id=93654
+ def_bool $(cc-option,-fcf-protection=branch -mmanual-endbr -mindirect-branch=thunk-extern) && $(as-instr,endbr64)
+
menu "Architecture Features"
source "arch/Kconfig"
When CET-SS is active, 32bit PV guests cannot be used. Backwards
compatiblity can be provided via the PV Shim mechanism.
+config XEN_IBT
+ bool "Supervisor Indirect Branch Tracking"
+ depends on HAS_CC_CET_IBT
+ default y
+ help
+ Control-flow Enforcement Technology (CET) is a set of features in
+ hardware designed to combat Return-oriented Programming (ROP, also
+ call/jump COP/JOP) attacks. Indirect Branch Tracking is one CET
+ feature designed to provide function pointer protection.
+
+ This option arranges for Xen to use CET-IBT for its own protection.
+
config SHADOW_PAGING
bool "Shadow Paging"
default !PV_SHIM_EXCLUSIVE
CFLAGS-$(CONFIG_CC_IS_CLANG) += -mretpoline-external-thunk
endif
+ifdef CONFIG_XEN_IBT
+CFLAGS += -fcf-protection=branch -mmanual-endbr
+else
+$(call cc-option-add,CFLAGS,CC,-fcf-protection=none)
+endif
+
# If supported by the compiler, reduce stack alignment to 8 bytes. But allow
# this to be overridden elsewhere.
$(call cc-option-add,CFLAGS_stack_boundary,CC,-mpreferred-stack-boundary=3)
CONFIG_EXPERT=y
# Disable features not used by the PV shim
# CONFIG_XEN_SHSTK is not set
+# CONFIG_XEN_IBT is not set
# CONFIG_GRANT_TABLE is not set
# CONFIG_HYPFS is not set
# CONFIG_BIGMEM is not set
INDIRECT_BRANCH jmp \arg
.endm
+#ifdef CONFIG_XEN_IBT
+# define ENDBR64 endbr64
+#else
+# define ENDBR64
+#endif
+
.macro guest_access_mask_ptr ptr:req, scratch1:req, scratch2:req
#if defined(CONFIG_SPECULATIVE_HARDEN_GUEST_ACCESS)
/*
#define cpu_has_nscb boot_cpu_has(X86_FEATURE_NSCB)
#define cpu_has_xen_lbr boot_cpu_has(X86_FEATURE_XEN_LBR)
#define cpu_has_xen_shstk boot_cpu_has(X86_FEATURE_XEN_SHSTK)
+#define cpu_has_xen_ibt boot_cpu_has(X86_FEATURE_XEN_IBT)
#define cpu_has_msr_tsc_aux (cpu_has_rdtscp || cpu_has_rdpid)
XEN_CPUFEATURE(SC_VERW_HVM, X86_SYNTH(24)) /* VERW used by Xen for HVM */
XEN_CPUFEATURE(SC_VERW_IDLE, X86_SYNTH(25)) /* VERW used by Xen for idle */
XEN_CPUFEATURE(XEN_SHSTK, X86_SYNTH(26)) /* Xen uses CET Shadow Stacks */
+XEN_CPUFEATURE(XEN_IBT, X86_SYNTH(27)) /* Xen uses CET Indirect Branch Tracking */
/* Bug words follow the synthetic words. */
#define X86_NR_BUG 1
# define nocall
#endif
+#ifdef CONFIG_XEN_IBT
+# define cf_check __attribute__((__cf_check__))
+#else
+# define cf_check
+#endif
+
#if (!defined(__clang__) && (__GNUC__ == 4) && (__GNUC_MINOR__ < 5))
#define unreachable() do {} while (1)
#else
projects / people / royger / xen.git / commitdiff