Message ID | 20211126212258.7550-4-andrew.cooper3@citrix.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | x86: Further harden function pointers | expand |
On 26.11.2021 22:22, Andrew Cooper wrote: > All calls through xsm_ops are fully altcall'd. Harden all fnptr targets. > > This yields: > > (XEN) altcall: Optimised away 197 endbr64 instructions > > of 1655 on an everything-enabled build of Xen, which is ~12%. > > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Subject to the resolution of the const aspect Reviewed-by: Jan Beulich <jbeulich@suse.com> Jan
On 11/26/21 4:22 PM, Andrew Cooper wrote: > All calls through xsm_ops are fully altcall'd. Harden all fnptr targets. > > This yields: > > (XEN) altcall: Optimised away 197 endbr64 instructions > > of 1655 on an everything-enabled build of Xen, which is ~12%. > > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
diff --git a/xen/xsm/dummy.c b/xen/xsm/dummy.c index 4d29a9aa5b9f..4f1d352d5507 100644 --- a/xen/xsm/dummy.c +++ b/xen/xsm/dummy.c @@ -13,7 +13,7 @@ #define XSM_NO_WRAPPERS #include <xsm/dummy.h> -static const struct xsm_ops __initconstrel dummy_ops = { +static struct xsm_ops __initdata_cf_clobber dummy_ops = { .security_domaininfo = xsm_security_domaininfo, .domain_create = xsm_domain_create, .getdomaininfo = xsm_getdomaininfo, diff --git a/xen/xsm/flask/hooks.c b/xen/xsm/flask/hooks.c index 63484e323c09..b1c917113ec3 100644 --- a/xen/xsm/flask/hooks.c +++ b/xen/xsm/flask/hooks.c @@ -1765,7 +1765,7 @@ static int cf_check flask_argo_send( #endif -static const struct xsm_ops __initconstrel flask_ops = { +static struct xsm_ops __initdata_cf_clobber flask_ops = { .security_domaininfo = flask_security_domaininfo, .domain_create = flask_domain_create, .getdomaininfo = flask_getdomaininfo, diff --git a/xen/xsm/silo.c b/xen/xsm/silo.c index 4d5fc98e7e54..7a17595888bb 100644 --- a/xen/xsm/silo.c +++ b/xen/xsm/silo.c @@ -102,7 +102,7 @@ static int cf_check silo_argo_send( #endif -static const struct xsm_ops __initconstrel silo_xsm_ops = { +static struct xsm_ops __initdata_cf_clobber silo_xsm_ops = { .evtchn_unbound = silo_evtchn_unbound, .evtchn_interdomain = silo_evtchn_interdomain, .grant_mapref = silo_grant_mapref,
All calls through xsm_ops are fully altcall'd. Harden all fnptr targets. This yields: (XEN) altcall: Optimised away 197 endbr64 instructions of 1655 on an everything-enabled build of Xen, which is ~12%. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> --- CC: Daniel De Graaf <dgdegra@tycho.nsa.gov> CC: Daniel Smith <dpsmith@apertussolutions.com> CC: Jan Beulich <JBeulich@suse.com> CC: Roger Pau Monné <roger.pau@citrix.com> CC: Wei Liu <wl@xen.org> --- xen/xsm/dummy.c | 2 +- xen/xsm/flask/hooks.c | 2 +- xen/xsm/silo.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-)