|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [xen master] x86/vpmu: Harden indirect branches
commit e826cf735171ad032901abdc4a1c46ecca401562
Author: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
AuthorDate: Tue Nov 30 21:31:55 2021 +0000
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Wed Feb 23 15:33:43 2022 +0000
x86/vpmu: Harden indirect branches
As all function pointer calls are resolved to direct calls on boot, clobber
the endbr64 instructions too to make life harder for an attacker which has
managed to hijack a function pointer.
Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
Reviewed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
xen/arch/x86/cpu/vpmu_amd.c | 2 +-
xen/arch/x86/cpu/vpmu_intel.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/xen/arch/x86/cpu/vpmu_amd.c b/xen/arch/x86/cpu/vpmu_amd.c
index 5963ce9015..9bacc02ec1 100644
--- a/xen/arch/x86/cpu/vpmu_amd.c
+++ b/xen/arch/x86/cpu/vpmu_amd.c
@@ -518,7 +518,7 @@ static int cf_check svm_vpmu_initialise(struct vcpu *v)
return 0;
}
-static const struct arch_vpmu_ops __initconstrel amd_vpmu_ops = {
+static const struct arch_vpmu_ops __initconst_cf_clobber amd_vpmu_ops = {
.initialise = svm_vpmu_initialise,
.do_wrmsr = amd_vpmu_do_wrmsr,
.do_rdmsr = amd_vpmu_do_rdmsr,
diff --git a/xen/arch/x86/cpu/vpmu_intel.c b/xen/arch/x86/cpu/vpmu_intel.c
index 48b81ab6f0..8612f46973 100644
--- a/xen/arch/x86/cpu/vpmu_intel.c
+++ b/xen/arch/x86/cpu/vpmu_intel.c
@@ -880,7 +880,7 @@ static int cf_check vmx_vpmu_initialise(struct vcpu *v)
return 0;
}
-static const struct arch_vpmu_ops __initconstrel core2_vpmu_ops = {
+static const struct arch_vpmu_ops __initconst_cf_clobber core2_vpmu_ops = {
.initialise = vmx_vpmu_initialise,
.do_wrmsr = core2_vpmu_do_wrmsr,
.do_rdmsr = core2_vpmu_do_rdmsr,
--
generated by git-patchbot for /home/xen/git/xen.git#master
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |