mirror of
https://github.com/python/cpython.git
synced 2025-08-03 16:39:00 +00:00
[3.12] gh-128605: Add branch protections for x86_64 in asm_trampolineS (#128606) (#135094)
Some checks failed
Tests / Change detection (push) Has been cancelled
Lint / lint (push) Has been cancelled
Tests / Check if the ABI has changed (push) Has been cancelled
Tests / Docs (push) Has been cancelled
Tests / (push) Has been cancelled
Tests / All required checks pass (push) Has been cancelled
Tests / Check if Autoconf files are up to date (push) Has been cancelled
Tests / Check if generated files are up to date (push) Has been cancelled
Tests / Windows MSI (push) Has been cancelled
Tests / Ubuntu SSL tests with OpenSSL (push) Has been cancelled
Tests / Hypothesis tests on Ubuntu (push) Has been cancelled
Tests / Address sanitizer (push) Has been cancelled
Some checks failed
Tests / Change detection (push) Has been cancelled
Lint / lint (push) Has been cancelled
Tests / Check if the ABI has changed (push) Has been cancelled
Tests / Docs (push) Has been cancelled
Tests / (push) Has been cancelled
Tests / All required checks pass (push) Has been cancelled
Tests / Check if Autoconf files are up to date (push) Has been cancelled
Tests / Check if generated files are up to date (push) Has been cancelled
Tests / Windows MSI (push) Has been cancelled
Tests / Ubuntu SSL tests with OpenSSL (push) Has been cancelled
Tests / Hypothesis tests on Ubuntu (push) Has been cancelled
Tests / Address sanitizer (push) Has been cancelled
[3.12] gh-128605: Add branch protections for x86_64 in asm_trampoline.S (#128606) Apply Intel Control-flow Technology for x86-64 on asm_trampoline.S. Required for mitigation against return-oriented programming (ROP) and Call or Jump Oriented Programming (COP/JOP) attacks. Manual application is required for the assembly files. See also: https://sourceware.org/annobin/annobin.html/Test-cf-protection.html
This commit is contained in:
stratakis
GitHub
parent
b69f3118a9
commit
aaca85949a
1 changed files with 22 additions and 0 deletions
|
|
@ -9,6 +9,9 @@
|
|||
# }
|
||||
_Py_trampoline_func_start:
|
||||
#ifdef __x86_64__
|
||||
#if defined(__CET__) && (__CET__ & 1)
|
||||
endbr64
|
||||
#endif
|
||||
sub $8, %rsp
|
||||
call *%rcx
|
||||
add $8, %rsp
|
||||
|
|
@ -26,3 +29,22 @@ _Py_trampoline_func_start:
|
|||
.globl _Py_trampoline_func_end
|
||||
_Py_trampoline_func_end:
|
||||
.section .note.GNU-stack,"",@progbits
|
||||
# Note for indicating the assembly code supports CET
|
||||
#if defined(__x86_64__) && defined(__CET__) && (__CET__ & 1)
|
||||
.section .note.gnu.property,"a"
|
||||
.align 8
|
||||
.long 1f - 0f
|
||||
.long 4f - 1f
|
||||
.long 5
|
||||
0:
|
||||
.string "GNU"
|
||||
1:
|
||||
.align 8
|
||||
.long 0xc0000002
|
||||
.long 3f - 2f
|
||||
2:
|
||||
.long 0x3
|
||||
3:
|
||||
.align 8
|
||||
4:
|
||||
#endif // __x86_64__
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue