On 3/12/21 8:55 AM, Jarkko Sakkinen wrote:
>> ENDBR is a special new instruction for the Indirect Branch Tracking
>> (IBT) component of CET. IBT prevents attacks by ensuring that (most)
>> indirect branches and function calls may only land at ENDBR
>> instructions. Branches that don't follow the
On Fri, Mar 12, 2021 at 06:55:57PM +0200, Jarkko Sakkinen wrote:
> On Wed, Mar 10, 2021 at 03:20:20PM -0800, Dave Hansen wrote:
> > On 3/10/21 2:55 PM, Yu, Yu-cheng wrote:
> > > On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote:
> > >> On Wed, Mar 10, 2021 at 02:05:19PM -0800, Yu-cheng Yu wrote:
> > >>>
On Thu, Mar 11, 2021 at 09:42:05AM +0100, Peter Zijlstra wrote:
> On Thu, Mar 11, 2021 at 05:36:06AM +0200, Jarkko Sakkinen wrote:
> > Does it do any harm to put it there unconditionally?
>
> Blows up your text footprint and I$ pressure. These instructions are 4
> bytes each.
>
> Aside from that,
On Wed, Mar 10, 2021 at 03:20:20PM -0800, Dave Hansen wrote:
> On 3/10/21 2:55 PM, Yu, Yu-cheng wrote:
> > On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote:
> >> On Wed, Mar 10, 2021 at 02:05:19PM -0800, Yu-cheng Yu wrote:
> >>> When CET is enabled, __vdso_sgx_enter_enclave() needs an endbr64
> >>> in t
On 3/11/2021 12:42 AM, Peter Zijlstra wrote:
On Thu, Mar 11, 2021 at 05:36:06AM +0200, Jarkko Sakkinen wrote:
Does it do any harm to put it there unconditionally?
Blows up your text footprint and I$ pressure. These instructions are 4
bytes each.
Aside from that, they're a NOP, so only consume
On Thu, Mar 11, 2021 at 05:36:06AM +0200, Jarkko Sakkinen wrote:
> Does it do any harm to put it there unconditionally?
Blows up your text footprint and I$ pressure. These instructions are 4
bytes each.
Aside from that, they're a NOP, so only consume front-end resources
(hopefully) on older CPUs
On Wed, Mar 10, 2021 at 02:55:55PM -0800, Yu, Yu-cheng wrote:
> On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote:
> > On Wed, Mar 10, 2021 at 02:05:19PM -0800, Yu-cheng Yu wrote:
> > > When CET is enabled, __vdso_sgx_enter_enclave() needs an endbr64
> > > in the beginning of the function.
> >
> > OK.
>
On 3/10/2021 3:20 PM, Dave Hansen wrote:
On 3/10/21 2:55 PM, Yu, Yu-cheng wrote:
On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote:
On Wed, Mar 10, 2021 at 02:05:19PM -0800, Yu-cheng Yu wrote:
When CET is enabled, __vdso_sgx_enter_enclave() needs an endbr64
in the beginning of the function.
OK.
W
On 3/10/21 2:55 PM, Yu, Yu-cheng wrote:
> On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote:
>> On Wed, Mar 10, 2021 at 02:05:19PM -0800, Yu-cheng Yu wrote:
>>> When CET is enabled, __vdso_sgx_enter_enclave() needs an endbr64
>>> in the beginning of the function.
>>
>> OK.
>>
>> What you should do is to
On Wed, Mar 10, 2021 at 02:55:55PM -0800, Yu, Yu-cheng wrote:
> > > @@ -27,6 +27,9 @@
> > > SYM_FUNC_START(__vdso_sgx_enter_enclave)
> > > /* Prolog */
> > > .cfi_startproc
> > > +#ifdef CONFIG_X86_CET
> > > + endbr64
> > > +#endif
You can hide this ifdeffery in a macro and h
On 3/10/2021 2:39 PM, Jarkko Sakkinen wrote:
On Wed, Mar 10, 2021 at 02:05:19PM -0800, Yu-cheng Yu wrote:
When CET is enabled, __vdso_sgx_enter_enclave() needs an endbr64
in the beginning of the function.
OK.
What you should do is to explain what it does and why it's needed.
The endbr mark
On Wed, Mar 10, 2021 at 02:05:19PM -0800, Yu-cheng Yu wrote:
> When CET is enabled, __vdso_sgx_enter_enclave() needs an endbr64
> in the beginning of the function.
OK.
What you should do is to explain what it does and why it's needed.
>
> Signed-off-by: Yu-cheng Yu
> Cc: Andy Lutomirski
> Cc:
When CET is enabled, __vdso_sgx_enter_enclave() needs an endbr64
in the beginning of the function.
Signed-off-by: Yu-cheng Yu
Cc: Andy Lutomirski
Cc: Dave Hansen
Cc: Jarkko Sakkinen
---
arch/x86/entry/vdso/vsgx.S | 3 +++
1 file changed, 3 insertions(+)
diff --git a/arch/x86/entry/vdso/vsgx.
13 matches
Mail list logo
