Re: [PATCH v26 7/9] x86/vdso: Introduce ENDBR macro

From: Kees Cook
Date: Wed Apr 28 2021 - 16:33:42 EST

Next message: Kees Cook: "Re: [PATCH v26 8/9] x86/vdso/32: Add ENDBR to __kernel_vsyscall entry point"
Previous message: Kees Cook: "Re: [PATCH v26 6/9] x86/vdso: Insert endbr32/endbr64 to vDSO"
In reply to: Yu-cheng Yu: "[PATCH v26 7/9] x86/vdso: Introduce ENDBR macro"
Next in thread: Yu-cheng Yu: "[PATCH v26 8/9] x86/vdso/32: Add ENDBR to __kernel_vsyscall entry point"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Apr 27, 2021 at 01:47:18PM -0700, Yu-cheng Yu wrote:
> ENDBR is a special new instruction for the Indirect Branch Tracking (IBT)
> component of CET. IBT prevents attacks by ensuring that (most) indirect
> branches and function calls may only land at ENDBR instructions. Branches
> that don't follow the rules will result in control flow (#CF) exceptions.
>
> ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR
> instructions are inserted automatically by the compiler, but branch
> targets written in assembly must have ENDBR added manually.
>
> Introduce ENDBR64/ENDBR32 macros.
>
> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

--
Kees Cook

Next message: Kees Cook: "Re: [PATCH v26 8/9] x86/vdso/32: Add ENDBR to __kernel_vsyscall entry point"
Previous message: Kees Cook: "Re: [PATCH v26 6/9] x86/vdso: Insert endbr32/endbr64 to vDSO"
In reply to: Yu-cheng Yu: "[PATCH v26 7/9] x86/vdso: Introduce ENDBR macro"
Next in thread: Yu-cheng Yu: "[PATCH v26 8/9] x86/vdso/32: Add ENDBR to __kernel_vsyscall entry point"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]