github/acrn-hypervisor
1
0
Fork 0
mirror of https://github.com/projectacrn/acrn-hypervisor.git synced 2025-12-07 12:42:36 +00:00
Code Issues Projects Releases Wiki Activity
Files
ac598b0856eab65a61325fdb1eaeb8d72a71de85
acrn-hypervisor/hypervisor/include/arch/x86
History
Shuo A Liu ac598b0856 hv: Hide CET feature from guest VM 
Return-oriented programming (ROP), and similarly CALL/JMP-oriented
programming (COP/JOP), have been the prevalent attack methodologies for
stealth exploit writers targeting vulnerabilities in programs.

CET (Control-flow Enforcement Technology) provides the following
capabilities to defend against ROP/COP/JOP style control-flow subversion
attacks:
 * Shadow stack: Return address protection to defend against ROP.
 * Indirect branch tracking: Free branch protection to defend against
   COP/JOP

The full support of CET for Linux kernel has not been merged yet. As the
first stage, hide CET from guest VM.

Tracked-On: #5074
Signed-off-by: Shuo A Liu <shuo.a.liu@intel.com>
Reviewed-by: Jason Chen CJ <jason.cj.chen@intel.com>
2020-07-23 20:15:57 +08:00
..
boot
hv: fixup relocation delta for symbols belong to entry section
2020-03-06 08:27:46 +08:00
guest
hv: vmcall: check vm id in dispatch_sos_hypercall
2020-07-23 20:13:20 +08:00
lib
hv: Add a helper to account bitmap weight
2019-09-24 11:58:45 +08:00
apicreg.h
hv: vioapic: minor refine about vioapic_init
2020-04-24 15:35:38 +08:00
board.h
hv: config: add msix emulation support
2020-06-10 14:32:15 +08:00
cpu_caps.h
HV: enumerate capability of #AC for Splitlock Access
2020-04-17 09:53:59 +08:00
cpu.h
hv: Hide CET feature from guest VM
2020-07-23 20:15:57 +08:00
cpufeatures.h
HV: enumerate capability of #AC for Splitlock Access
2020-04-17 09:53:59 +08:00
cpuid.h
hv: Hide CET feature from guest VM
2020-07-23 20:15:57 +08:00
default_acpi_info.h
hv: emulate ACPI reset register for Service OS guest
2019-05-15 11:20:12 +08:00
e820.h
hv: Reserve space for VMs' EPT 4k pages after boot
2020-04-01 21:13:37 +08:00
gdt.h
host_pm.h
pm: S5: update the system shutdown logical in ACRN
2019-12-23 15:15:09 +08:00
idt.h
hv: irq: minor refine about structure idt_64_descriptor
2020-04-26 10:48:49 +08:00
init.h
HV: Add prefix 'p' before 'cpu' to physical cpu related functions
2019-04-24 10:50:28 +08:00
io.h
remove dead code in io.h
2020-06-19 16:13:20 +08:00
ioapic.h
hv: vioapic init for SOS VM on platforms with multiple IO-APICs
2020-03-25 09:36:18 +08:00
irq.h
hv: replace vcpu_affinity array with cpu_affinity_bitmap
2020-04-23 09:38:54 +08:00
lapic.h
HV: Fix MP Init sequence hang by adding a delay
2020-05-27 13:34:59 +08:00
mmu.h
hv: mmu: release 1GB cpu side support constrain
2020-06-15 15:16:34 +08:00
msr.h
hv: Hide CET feature from guest VM
2020-07-23 20:15:57 +08:00
page.h
hv: mmu: release 1GB cpu side support constrain
2020-06-15 15:16:34 +08:00
pci_dev.h
hv: pci: check whether a PCI device is host bridge or not by class
2020-06-03 22:00:43 +08:00
per_cpu.h
hv: maintain a per-pCPU array of vCPUs and handle posted interrupt IRQs
2020-04-15 13:47:22 +08:00
pgtable.h
hv: iommu: remove snoop related code
2020-04-16 08:40:17 +08:00
platform_caps.h
hv: add function to check if using posted interrupt is possible for vm
2020-04-15 13:47:22 +08:00
rdt.h
HV: RDT: add CDP support in ACRN
2020-05-08 08:50:13 +08:00
security.h
hv: ept: apply MCE on page size change mitigation conditionally
2019-12-03 09:17:04 +08:00
seed.h
HV: rename append_seed_arg to fill_seed_arg
2020-06-08 13:30:04 +08:00
sgx.h
hv: sgx: add basic support to init sgx resource for vm
2019-05-29 11:24:13 +08:00
timer.h
hv: vpci: revert do FLR and BAR restore
2019-12-30 13:43:07 +08:00
trampoline.h
vm_config.h
hv: vapci: add tpm2 support for pre-launched vm
2020-07-23 20:13:20 +08:00
vmx.h
hv: extend struct pi_desc to support VT-d posted interrupts
2020-03-31 10:30:30 +08:00
vtd.h
hv: vtd: add an API to reserve continuous irtes
2020-06-16 08:52:56 +08:00
zeropage.h
HV: init efi info with multiboot2
2020-02-26 09:24:16 +08:00