Additional runtime hardning of indirect branches. Depends on the CET-IBT series.
Andrew Cooper (7): xen/altcall: Use __ro_after_init now that it exists x86/altcall: Check and optimise altcall targets x86/altcall: Optimise away endbr64 instruction where possible xsm: Use __initconst_cf_clobber for xsm_ops x86/hvm: Use __initdata_cf_clobber for hvm_funcs x86/ucode: Use altcall, and __initconst_cf_clobber x86/vpmu: Harden indirect branches xen/arch/x86/alternative.c | 61 ++++++++++++++++++++++++++++++++++++++ xen/arch/x86/cpu/microcode/amd.c | 2 +- xen/arch/x86/cpu/microcode/core.c | 38 +++++++++++++----------- xen/arch/x86/cpu/microcode/intel.c | 2 +- xen/arch/x86/cpu/vpmu_amd.c | 2 +- xen/arch/x86/cpu/vpmu_intel.c | 2 +- xen/arch/x86/hvm/hvm.c | 2 +- xen/arch/x86/hvm/svm/svm.c | 2 +- xen/arch/x86/hvm/vmx/vmx.c | 2 +- xen/arch/x86/xen.lds.S | 6 ++++ xen/include/xen/alternative-call.h | 2 +- xen/include/xen/init.h | 3 ++ xen/xsm/dummy.c | 2 +- xen/xsm/flask/hooks.c | 2 +- xen/xsm/silo.c | 2 +- 15 files changed, 101 insertions(+), 29 deletions(-) -- 2.11.0
