On Mon, 2021-11-29 at 15:44 +0100, Jan Beulich wrote:
> On 26.11.2021 13:33, Andrew Cooper wrote:
> >
> > Andrew Cooper (63):
> > x86: Introduce support for CET-IBT
> > x86/hypercall: Annotate fnptr targets
> > xen: Annotate fnptr targets from custom_param()
> > xen: Annotate fnptr targets
On 29.11.2021 16:09, Andrew Cooper wrote:
> On 29/11/2021 14:44, Jan Beulich wrote:
>> One question though: With the large number of __init functions gaining
>> cf_check, wouldn't it be possible to turn on CET-IBT only when we're
>> done using .init.text?
>
> 233 to be precise.
>
> GCC can't dist
On 29/11/2021 14:44, Jan Beulich wrote:
> On 26.11.2021 13:33, Andrew Cooper wrote:
>> CET Indirect Branch Tracking is a hardware feature designed to protect
>> against
>> forward-edge control flow hijacking (Call/Jump oriented programming), and is
>> a
>> companion feature to CET Shadow Stacks a
On 26.11.2021 13:33, Andrew Cooper wrote:
> CET Indirect Branch Tracking is a hardware feature designed to protect against
> forward-edge control flow hijacking (Call/Jump oriented programming), and is a
> companion feature to CET Shadow Stacks added in Xen 4.14.
>
> This series depends on lots of
On 27.11.2021 00:49, Andrew Cooper wrote:
> Given that Marek has kindly hacked us up a check which should find any
> arbitrary violations, and on a small sample of builds, there are no
> violations, I suggest that we clean it up and put it as a check in the
> real build and enable it by default see
On 26/11/2021 13:22, Jan Beulich wrote:
> On 26.11.2021 14:13, Andrew Cooper wrote:
>> On 26/11/2021 12:48, Jan Beulich wrote:
>>> On 26.11.2021 13:33, Andrew Cooper wrote:
* I have not checked for misaligned endbr64's, and I'm not sure there is
anything useful we could do upon disc
On 26.11.2021 14:13, Andrew Cooper wrote:
> On 26/11/2021 12:48, Jan Beulich wrote:
>> On 26.11.2021 13:33, Andrew Cooper wrote:
>>> * I have not checked for misaligned endbr64's, and I'm not sure there is
>>> anything useful we could do upon discovering that there were any.
>>> Naively,
On 26/11/2021 13:13, Andrew Cooper wrote:
> On 26/11/2021 12:48, Jan Beulich wrote:
>> On 26.11.2021 13:33, Andrew Cooper wrote:
>>> Various note accumulated through the work:
>>> * I have already posted patches fixing some of the most egregious
>>> (ab)uses of
>>> function pointers. There
On 26/11/2021 12:48, Jan Beulich wrote:
> On 26.11.2021 13:33, Andrew Cooper wrote:
>> CET Indirect Branch Tracking is a hardware feature designed to protect
>> against
>> forward-edge control flow hijacking (Call/Jump oriented programming), and is
>> a
>> companion feature to CET Shadow Stacks a
On 26.11.2021 13:33, Andrew Cooper wrote:
> CET Indirect Branch Tracking is a hardware feature designed to protect against
> forward-edge control flow hijacking (Call/Jump oriented programming), and is a
> companion feature to CET Shadow Stacks added in Xen 4.14.
>
> This series depends on lots of
CET Indirect Branch Tracking is a hardware feature designed to protect against
forward-edge control flow hijacking (Call/Jump oriented programming), and is a
companion feature to CET Shadow Stacks added in Xen 4.14.
This series depends on lots of previously posted patches. See
xenbits/xen-cet-ibt
11 matches
Mail list logo