mirror of
https://github.com/python/cpython.git
synced 2025-08-03 16:39:00 +00:00
[3.14] gh-128605: Add branch protections for x86_64 in asm_trampoline.S (#128606) (#135345)
Some checks are pending
Tests / Windows MSI (push) Blocked by required conditions
Tests / Change detection (push) Waiting to run
Tests / Docs (push) Blocked by required conditions
Tests / Check if the ABI has changed (push) Blocked by required conditions
Tests / Check if Autoconf files are up to date (push) Blocked by required conditions
Tests / Check if generated files are up to date (push) Blocked by required conditions
Tests / (push) Blocked by required conditions
Tests / Ubuntu SSL tests with OpenSSL (push) Blocked by required conditions
Tests / WASI (push) Blocked by required conditions
Tests / Hypothesis tests on Ubuntu (push) Blocked by required conditions
Tests / Address sanitizer (push) Blocked by required conditions
Tests / Cross build Linux (push) Blocked by required conditions
Tests / CIFuzz (push) Blocked by required conditions
Tests / All required checks pass (push) Blocked by required conditions
Lint / lint (push) Waiting to run
Some checks are pending
Tests / Windows MSI (push) Blocked by required conditions
Tests / Change detection (push) Waiting to run
Tests / Docs (push) Blocked by required conditions
Tests / Check if the ABI has changed (push) Blocked by required conditions
Tests / Check if Autoconf files are up to date (push) Blocked by required conditions
Tests / Check if generated files are up to date (push) Blocked by required conditions
Tests / (push) Blocked by required conditions
Tests / Ubuntu SSL tests with OpenSSL (push) Blocked by required conditions
Tests / WASI (push) Blocked by required conditions
Tests / Hypothesis tests on Ubuntu (push) Blocked by required conditions
Tests / Address sanitizer (push) Blocked by required conditions
Tests / Cross build Linux (push) Blocked by required conditions
Tests / CIFuzz (push) Blocked by required conditions
Tests / All required checks pass (push) Blocked by required conditions
Lint / lint (push) Waiting to run
Apply Intel Control-flow Technology for x86-64 on asm_trampoline.S. Required for mitigation against return-oriented programming (ROP) and Call or Jump Oriented Programming (COP/JOP) attacks. Manual application is required for the assembly files. See also: https://sourceware.org/annobin/annobin.html/Test-cf-protection.html
This commit is contained in:
stratakis
GitHub
parent
081421a00e
commit
4b96a34978
2 changed files with 26 additions and 0 deletions
|
|
@ -869,7 +869,11 @@ static void elf_init_ehframe(ELFObjectContext* ctx) {
|
|||
*/
|
||||
#ifdef __x86_64__
|
||||
/* x86_64 calling convention unwinding rules */
|
||||
# if defined(__CET__) && (__CET__ & 1)
|
||||
DWRF_U8(DWRF_CFA_advance_loc | 8); // Advance location by 8 bytes when CET protection is enabled
|
||||
# else
|
||||
DWRF_U8(DWRF_CFA_advance_loc | 4); // Advance location by 4 bytes
|
||||
# endif
|
||||
DWRF_U8(DWRF_CFA_def_cfa_offset); // Redefine CFA offset
|
||||
DWRF_UV(16); // New offset: SP + 16
|
||||
DWRF_U8(DWRF_CFA_advance_loc | 6); // Advance location by 6 bytes
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue