[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH v2 21/70] xen/evtchn: CFI hardening

To: David Vrabel <dvrabel@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>
From: Andrew Cooper <amc96@xxxxxxxx>
Date: Mon, 14 Feb 2022 16:59:13 +0000
Delivery-date: Mon, 14 Feb 2022 16:59:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

On 14/02/2022 16:53, David Vrabel wrote:
> On 14/02/2022 12:50, Andrew Cooper wrote:
>> Control Flow Integrity schemes use toolchain and optionally hardware
>> support
>> to help protect against call/jump/return oriented programming attacks.
>>
>> Use cf_check to annotate function pointer targets for the toolchain.
> [...]
>> -static void evtchn_2l_set_pending(struct vcpu *v, struct evtchn
>> *evtchn)
>> +static void cf_check evtchn_2l_set_pending(
>> +    struct vcpu *v, struct evtchn *evtchn)
>
> Why manually annotate functions instead of getting the compiler to
> automatically work it out?

Because the compilers are not currently capable of working it out
automatically.

~Andrew

References:
- [PATCH v2 00/70] x86: Support for CET Indirect Branch Tracking
  - From: Andrew Cooper
- [PATCH v2 21/70] xen/evtchn: CFI hardening
  - From: Andrew Cooper
- Re: [PATCH v2 21/70] xen/evtchn: CFI hardening
  - From: David Vrabel

Prev by Date: Re: [PATCH v2 21/70] xen/evtchn: CFI hardening
Next by Date: Re: [PATCH v2 1/2] xen+tools: Report Interrupt Controller Virtualization capabilities on x86
Previous by thread: Re: [PATCH v2 21/70] xen/evtchn: CFI hardening
Next by thread: [PATCH v2 70/70] x86: Enable CET Indirect Branch Tracking
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.