[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-api
Subject: Re: [PATCH v26 9/9] x86/vdso: Add ENDBR to __vdso_sgx_enter_enclave
From: Kees Cook <keescook () chromium ! org>
Date: 2021-04-28 20:39:26
Message-ID: 202104281339.E21514F9D () keescook
[Download RAW message or body]
On Tue, Apr 27, 2021 at 01:47:20PM -0700, Yu-cheng Yu wrote:
> ENDBR is a special new instruction for the Indirect Branch Tracking (IBT)
> component of CET. IBT prevents attacks by ensuring that (most) indirect
> branches and function calls may only land at ENDBR instructions. Branches
> that don't follow the rules will result in control flow (#CF) exceptions.
>
> ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR
> instructions are inserted automatically by the compiler, but branch
> targets written in assembly must have ENDBR added manually.
>
> Add ENDBR to __vdso_sgx_enter_enclave() branch targets.
>
> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
--
Kees Cook
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic