xen/check-endbr.sh: Explain the purpose of the script

author Andrew Cooper <andrew.cooper3@citrix.com>

Tue, 5 Jul 2022 14:51:58 +0000 (15:51 +0100)

committer Andrew Cooper <andrew.cooper3@citrix.com>

Fri, 24 Mar 2023 12:16:31 +0000 (12:16 +0000)
author Andrew Cooper <andrew.cooper3@citrix.com>
Tue, 5 Jul 2022 14:51:58 +0000 (15:51 +0100)
committer Andrew Cooper <andrew.cooper3@citrix.com>
Fri, 24 Mar 2023 12:16:31 +0000 (12:16 +0000)
diff --git a/xen/tools/check-endbr.sh b/xen/tools/check-endbr.sh

index b97684ac25e9f23c95cfd4b0f0d89f0eb2bbd406..bf153a570db494e1210bfd927c0bc209008ac666 100755 (executable)
--- a/xen/tools/check-endbr.sh
+++ b/xen/tools/check-endbr.sh
@@ -2,6 +2,15 @@
  #
  # Usage ./$0 xen-syms
  #
+# When CET-IBT (Control-flow Enforcement Technology, Indirect Branch Tracking)
+# is active, ENDBR instructions mark legal indirect branch targets in the
+# .text section.
+#
+# However x86 is a variable length instruction set so the same byte pattern
+# can exist embedded in other instructions, or crossing multiple instructions.
+# This script searches .text for any problematic byte patterns which aren't
+# legitimate ENDBR instructions.
+#
  set -e
  
  # Pretty-print parameters a little for message
author	Andrew Cooper <andrew.cooper3@citrix.com>
	Tue, 5 Jul 2022 14:51:58 +0000 (15:51 +0100)
committer	Andrew Cooper <andrew.cooper3@citrix.com>
	Fri, 24 Mar 2023 12:16:31 +0000 (12:16 +0000)