Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

arch/x86_64: Add ARCH_INTEL64_DISABLE_CET #13417

Merged
merged 1 commit into from
Sep 13, 2024
Merged

arch/x86_64: Add ARCH_INTEL64_DISABLE_CET #13417

merged 1 commit into from
Sep 13, 2024

Conversation

Fix-Point
Copy link
Contributor

Summary

Intel CET (Control-flow Enforcement Technology) is a hardware enhancement aimed at mitigating the Retpoline vulnerability, but it may impact CPU branch prediction performance. This commit added ARCH_INTEL64_DISABLE_CET, which can disable CET completely with compilation option -fcf-protection=none.

Impact

ARCH_INTEL64_DISABLE_CET = y will remove endbr64 instructions from function entries.

Testing

Tested on x86 QEMU, with assembly code examined using objdump -S

@Fix-Point
arch/x86_64: Add ARCH_INTEL64_DISABLE_CET
41dab2e 
Intel CET (Control-flow Enforcement Technology) is a hardware enhancement aimed at mitigating the Retpoline vulnerability, but it may impact CPU branch prediction performance. This commit added ARCH_INTEL64_DISABLE_CET, which can disable CET completely with compilation option `-fcf-protection=none`.

Signed-off-by: ouyangxiangzhen <ouyangxiangzhen@xiaomi.com>
@raiden00pl raiden00pl merged commit cb7894d into apache:master Sep 13, 2024
28 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@raiden00pl raiden00pl raiden00pl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Fix-Point @raiden00pl