Control-flow Enforcement (CET) is a new Intel processor feature that blocks
return/jump-oriented programming attacks. Details are in "Intel 64 and
IA-32 Architectures Software Developer's Manual" [1].
This is the second part of CET and enables Indirect Branch Tracking (IBT).
It is built on top of the shadow stack series.
This version has no changes from v17. It is being re-sent as v18 to
synchronize with the shadow stack series v18.
[1] Intel 64 and IA-32 Architectures Software Developer's Manual:
https://software.intel.com/en-us/download/intel-64-and-ia-32-
architectures-sdm-combined-volumes-1-2a-2b-2c-2d-3a-3b-3c-3d-and-4
[2] Indirect Branch Tracking patches v17:
https://lkml.kernel.org/r/20201229213350.17010-1-yu-cheng.yu@xxxxxxxxx/
H.J. Lu (3):
x86/cet/ibt: Update arch_prctl functions for Indirect Branch Tracking
x86/vdso/32: Add ENDBR32 to __kernel_vsyscall entry point
x86/vdso: Insert endbr32/endbr64 to vDSO
Yu-cheng Yu (4):
x86/cet/ibt: Update Kconfig for user-mode Indirect Branch Tracking
x86/cet/ibt: User-mode Indirect Branch Tracking support
x86/cet/ibt: Handle signals for Indirect Branch Tracking
x86/cet/ibt: Update ELF header parsing for Indirect Branch Tracking
arch/x86/Kconfig | 1 +
arch/x86/entry/vdso/Makefile | 4 ++
arch/x86/entry/vdso/vdso32/system_call.S | 3 ++
arch/x86/include/asm/cet.h | 3 ++
arch/x86/kernel/cet.c | 60 +++++++++++++++++++++++-
arch/x86/kernel/cet_prctl.c | 5 ++
arch/x86/kernel/fpu/signal.c | 8 ++--
arch/x86/kernel/process_64.c | 8 ++++
8 files changed, 87 insertions(+), 5 deletions(-)
--
2.21.0
