[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2 00/70] x86: Support for CET Indirect Branch Tracking
- To: Andrew Cooper <Andrew.Cooper3@xxxxxxxxxx>
- From: Jan Beulich <jbeulich@xxxxxxxx>
- Date: Mon, 14 Feb 2022 14:43:03 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=rpjvohe7/2DY3uLEpHfm43hJQI2ASb+gesXx34lCGsQ=; b=D5x1aM7o34ZpCF73SMpXPoX48SuD23XrE6GTJjP9TkqEt/p5yk2HS6qbKa5j3iNFmG6bsiJB4a++SruYZZZY29MebrsVuaFhenwJNqBJkOEZToamtQUFV/1RTVkVInfGe4IVJo8gqWJeDxroTcsQKe11hxNzK4tZY8uHLKbgIlEajJ9B2UzkJv2FeziixLRBGDkB46+YBRaDu6QWmGo7HYQsa2tePTiiF/u+KtqAIrwUaozRvuI2Uc8sv9hwWqvPuorSOSG0FhgolWUjAFILVS0Yhl1KzNoSW7GoIRKlUvTkUrWLLV/Wtc2Vf/ArA0NSH1gOdAp9TTb9tIRFeGgE4w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=gHKefa2c73GIXz3YHpSEJaDMFQMga/B8t1IxV9jFkM4R1ll/nUK3gsrrVAsI8NSKfvy27rog+SEixqjfuuWHiKu6AvLKMn10JKKcGldhpDKUV6y2HxUBctYi8C9Uk7cfQsX2Q4HdjXkGhofgHRiw6D6rM7VZwmfrUCp6ZCd8+doB+fWiAkpqZcOS2I79Mc6P0UJ/vr5DWMtKD44VJ8eNGpShLCwPY1EaTashdyAzMc9YxI+CCXYH4jgoQVngKn3oGXbzwQIy94fvkRVFxIpC2EsbnbZxF57prkXk4mraEM9mFg/fxu5FUqvPOmUgpTrmzSFhzdxcbyNLFjdAKAXGsw==
- Authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=suse.com;
- Cc: Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Julien Grall <julien@xxxxxxx>, Roger Pau Monne <roger.pau@xxxxxxxxxx>, Juergen Gross <jgross@xxxxxxxx>, Daniel Smith <dpsmith@xxxxxxxxxxxxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
- Delivery-date: Mon, 14 Feb 2022 13:43:17 +0000
- List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On 14.02.2022 14:10, Andrew Cooper wrote:
> On 14/02/2022 12:50, Andrew Cooper wrote:
>> CET Indirect Branch Tracking is a hardware feature designed to protect
>> against
>> forward-edge control flow hijacking (Call/Jump oriented programming), and is
>> a
>> companion feature to CET Shadow Stacks added in Xen 4.14.
>>
>> Patches 1 thru 5 are prerequisites. Patches 6 thru 60 are fairly mechanical
>> annotations of function pointer targets. Patches 61 thru 70 are the final
>> enablement of CET-IBT.
>>
>> This series functions correctly with GCC 9 and later, although an
>> experimental
>> GCC patch is required to get more helpful typechecking at build time.
>>
>> Tested on a TigerLake NUC.
>>
>> CI pipelines:
>> https://gitlab.com/xen-project/people/andyhhp/xen/-/pipelines/470453652
>> https://cirrus-ci.com/build/4962308362338304
>>
>> Major changes from v1:
>> * Boilerplate for mechanical commits
>> * UEFI runtime services unconditionally disable IBT
>> * Comprehensive build time check for embedded endbr's
>
> There's one thing I considered, and wanted to discuss.
>
> I'm tempted to rename cf_check to cfi for the function annotation, as
> it's shorter without reducing clarity.
What would the 'i' stand for in this acronym? Irrespective of the answer
I'd like to point out the name collision with the CFI directives at
assembler level. This isn't necessarily an objection (I'm certainly for
shortening), but we want to avoid introducing confusion.
Jan
|
