Re: [PATCH v2 07/39] x86/entry: Sprinkle ENDBR dust

From: Kees Cook
Date: Thu Feb 24 2022 - 19:42:56 EST

Next message: Kees Cook: "Re: [PATCH v2 08/39] x86/linkage: Add ENDBR to SYM_FUNC_START*()"
Previous message: Dave Hansen: "Re: [PATCHv4 03/30] x86/tdx: Provide common base for SEAMCALL and TDCALL C wrappers"
In reply to: Josh Poimboeuf: "Re: [PATCH v2 07/39] x86/entry: Sprinkle ENDBR dust"
Next in thread: Andrew Cooper: "Re: [PATCH v2 07/39] x86/entry: Sprinkle ENDBR dust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Feb 24, 2022 at 03:51:45PM +0100, Peter Zijlstra wrote:
> The SYSCALL entry points are found through taking their respective
> address in order to program them in the MSRs, while the exception
> entry points are found through UNWIND_HINT_IRET_REGS.

Stupid question: does CET consider exception and syscall entry points to
be indirect calls? (I would expect so, but they're ever so slightly
differently executed...)

> [...]
> 0 :
> + ENDBR
> .byte 0x6a, vector
> jmp asm_common_interrupt
> - nop
> - /* Ensure that the above is 8 bytes max */
> - . = 0b + 8
> + /* Ensure that the above is IDT_ALIGN bytes max */
> + .fill 0b + IDT_ALIGN - ., 1, 0x90

IIUC, these are just padding -- let's use 0xcc instead of 0x90 as we do
in other places (e.g. vmlinux.lds.S).

--
Kees Cook

Next message: Kees Cook: "Re: [PATCH v2 08/39] x86/linkage: Add ENDBR to SYM_FUNC_START*()"
Previous message: Dave Hansen: "Re: [PATCHv4 03/30] x86/tdx: Provide common base for SEAMCALL and TDCALL C wrappers"
In reply to: Josh Poimboeuf: "Re: [PATCH v2 07/39] x86/entry: Sprinkle ENDBR dust"
Next in thread: Andrew Cooper: "Re: [PATCH v2 07/39] x86/entry: Sprinkle ENDBR dust"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]