On Tue, Apr 27, 2021 at 01:47:19PM -0700, Yu-cheng Yu wrote: > From: "H.J. Lu" <hjl.tools@xxxxxxxxx> > > ENDBR is a special new instruction for the Indirect Branch Tracking (IBT) > component of CET. IBT prevents attacks by ensuring that (most) indirect > branches and function calls may only land at ENDBR instructions. Branches > that don't follow the rules will result in control flow (#CF) exceptions. > > ENDBR is a noop when IBT is unsupported or disabled. Most ENDBR > instructions are inserted automatically by the compiler, but branch > targets written in assembly must have ENDBR added manually. > > Add that to __kernel_vsyscall entry point. > > Signed-off-by: H.J. Lu <hjl.tools@xxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
