On 3/16/2021 10:30 AM, Borislav Petkov wrote:
On Tue, Mar 16, 2021 at 10:12:39AM -0700, Yu, Yu-cheng wrote:
Alternatively, there is another compiler-defined macro _CET_ENDBR that can
be used. We can put the following in calling.h:
Not calling.h - this is apparently needed in vdso code only so I guess
some header there, arch/x86/include/asm/vdso.h maybe? In the
#else /* __ASSEMBLER__ */
branch maybe...
#ifdef __CET__
#include <cet.h>
#else
#define _CET_ENDBR
#endif
and then use _CET_ENDBR in other files. How is that?
What does that macro do? Issue an ENDBR only?
Yes, issue endbr32, endbr64, or nothing when cet is not enabled.
