]> git.ipfire.org Git - thirdparty/Python/cpython.git/commit
projects / thirdparty / Python / cpython.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b0c9c19) | patch
[3.13] gh-128605: Add branch protections for x86_64 in asm_trampoline.S (GH-128606...
authorMiss Islington (bot) <31488909+miss-islington@users.noreply.github.com>
Tue, 3 Jun 2025 13:54:53 +0000 (15:54 +0200)
committerGitHub <noreply@github.com>
Tue, 3 Jun 2025 13:54:53 +0000 (13:54 +0000)
commit9f3d99967c41527a6cf6cb2d63b62d851a637432
treeccd3bb9332610bbde5566fc6a38f533ac45df630tree | snapshot
parentb0c9c192f1639a7daddbcbf5bdc8bd19494bb637commit | diff
[3.13] gh-128605: Add branch protections for x86_64 in asm_trampoline.S (GH-128606) (GH-135077) (#135083)

[3.14] gh-128605: Add branch protections for x86_64 in asm_trampoline.S (GH-128606) (GH-135077)

Apply Intel Control-flow Technology for x86-64 on asm_trampoline.S.

Required for mitigation against return-oriented programming (ROP)
and Call or Jump Oriented Programming (COP/JOP) attacks.

Manual application is required for the assembly files.

See also: https://sourceware.org/annobin/annobin.html/Test-cf-protection.html
(cherry picked from commit 899cca6dbf76bf3e06a99f60a5f996ad6ba0761f)

Co-authored-by: stratakis <cstratak@redhat.com>
Python/asm_trampoline.S diff | blob | blame | history
Python/perf_jit_trampoline.c diff | blob | blame | history
Mirror of https://github.com/python/cpython.git