[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 21/70] xen/evtchn: CFI hardening

To: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: David Vrabel <dvrabel@xxxxxxxxxx>
Date: Mon, 14 Feb 2022 16:53:56 +0000
Delivery-date: Mon, 14 Feb 2022 16:54:12 +0000
Feedback-id: 82.70.146.41
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14/02/2022 12:50, Andrew Cooper wrote:

Control Flow Integrity schemes use toolchain and optionally hardware support
to help protect against call/jump/return oriented programming attacks.

Use cf_check to annotate function pointer targets for the toolchain.

[...]

-static void evtchn_2l_set_pending(struct vcpu *v, struct evtchn *evtchn)
+static void cf_check evtchn_2l_set_pending(
+    struct vcpu *v, struct evtchn *evtchn)

Why manually annotate functions instead of getting the compiler toautomatically work it out?


David

Follow-Ups:
- Re: [PATCH v2 21/70] xen/evtchn: CFI hardening
  - From: Andrew Cooper

References:
- [PATCH v2 00/70] x86: Support for CET Indirect Branch Tracking
  - From: Andrew Cooper
- [PATCH v2 21/70] xen/evtchn: CFI hardening
  - From: Andrew Cooper

Prev by Date: Re: [PATCH v2 5/7] x86/hvm: Use __initdata_cf_clobber for hvm_funcs
Next by Date: Re: [PATCH v2 21/70] xen/evtchn: CFI hardening
Previous by thread: [PATCH v2 21/70] xen/evtchn: CFI hardening
Next by thread: Re: [PATCH v2 21/70] xen/evtchn: CFI hardening
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.