mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-07-19 17:25:54 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 8

[3.13] gh-128605: Add branch protections for x86_64 in asm_trampoline.S (GH-128606) (GH-135077) (#135083)

Browse source 
[3.14] gh-128605: Add branch protections for x86_64 in asm_trampoline.S (GH-128606) (GH-135077)

Apply Intel Control-flow Technology for x86-64 on asm_trampoline.S.

Required for mitigation against return-oriented programming (ROP)
and Call or Jump Oriented Programming (COP/JOP) attacks.

Manual application is required for the assembly files.

See also: https://sourceware.org/annobin/annobin.html/Test-cf-protection.html
(cherry picked from commit 899cca6dbf)

Co-authored-by: stratakis <cstratak@redhat.com>
This commit is contained in:
Miss Islington (bot) 2025-06-03 15:54:53 +02:00 committed by GitHub
parent b0c9c192f1
commit 9f3d99967c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 27 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
Python/perf_jit_trampoline.c
View file

@ -472,6 +472,11 @@ elf_init_ehframe(ELFObjectContext* ctx)
DWRF_U8(0); /* Augmentation data. */
/* Registers saved in CFRAME. */
#ifdef __x86_64__
# if defined(__CET__) && (__CET__ & 1)
DWRF_U8(DWRF_CFA_advance_loc | 8);
# else
DWRF_U8(DWRF_CFA_advance_loc | 4);
# endif
DWRF_U8(DWRF_CFA_advance_loc | 4);
DWRF_U8(DWRF_CFA_def_cfa_offset); DWRF_UV(16);
DWRF_U8(DWRF_CFA_advance_loc | 6);