To avoid spamming everyone, I have only re-sent patches with changes in v3.

CET Indirect Branch Tracking is a hardware feature designed to protect against
forward-edge control flow hijacking (Call/Jump oriented programming), and is a
companion feature to CET Shadow Stacks added in Xen 4.14.

Patches 1 thru 5 are prerequisites.  Patches 6 thru 59 are fairly mechanical
annotations of function pointer targets.  Patches 60 thru 70 are the final
enablement of CET-IBT.

This series functions correctly with GCC 9 and later, although an experimental
GCC patch is required to get more helpful typechecking at build time.  A
container with this fix has been added to CI.

Tested on a TigerLake NUC by me, and by Marek also.

CI pipelines:
  https://gitlab.com/xen-project/people/andyhhp/xen/-/pipelines/476819536
  https://cirrus-ci.com/build/4634902334275584

Andrew Cooper (67):
  xen/sort: Switch to an extern inline implementation
  xen/xsm: Move {do,compat}_flask_op() declarations into a header
  x86/kexec: Annotate embedded data with ELF metadata
  x86: Introduce support for CET-IBT
  xen: CFI hardening for x86 hypercalls
  xen: CFI hardening for custom_param()
  xen: CFI hardening for __initcall()
  xen: CFI hardening for notifier callbacks
  xen: CFI hardening for acpi_table_parse()
  xen: CFI hardening for continue_hypercall_on_cpu()
  xen: CFI hardening for init_timer()
  xen: CFI hardening for call_rcu()
  xen: CFI hardening for IPIs
  xen: CFI hardening for open_softirq()
  xsm/flask/ss: CFI hardening
  xsm: CFI hardening
  xen/sched: CFI hardening
  xen/evtchn: CFI hardening
  xen/hypfs: CFI hardening
  xen/tasklet: CFI hardening
  xen/keyhandler: CFI hardening
  xen/vpci: CFI hardening
  xen/decompress: CFI hardening
  xen/iommu: CFI hardening
  xen/video: CFI hardening
  xen/console: CFI hardening
  xen/misc: CFI hardening
  x86: CFI hardening for request_irq()
  x86/hvm: CFI hardening for hvm_funcs
  x86/hvm: CFI hardening for device emulation
  x86/emul: CFI hardening
  x86/ucode: CFI hardening
  x86/power: CFI hardening
  x86/apic: CFI hardening
  x86/nmi: CFI hardening
  x86/mtrr: CFI hardening
  x86/idle: CFI hardening
  x86/quirks: CFI hardening
  x86/hvmsave: CFI hardening
  x86/mce: CFI hardening
  x86/pmu: CFI hardening
  x86/cpu: CFI hardening
  x86/guest: CFI hardening
  x86/logdirty: CFI hardening
  x86/shadow: CFI hardening
  x86/hap: CFI hardening
  x86/p2m: CFI hardening
  x86/irq: CFI hardening
  x86/apei: CFI hardening
  x86/psr: CFI hardening
  x86/dpci: CFI hardening
  x86/pt: CFI hardening
  x86/time: CFI hardening
  x86/misc: CFI hardening
  x86/stack: CFI hardening
  x86/bugframe: CFI hardening
  x86: Use control flow typechecking where possible
  x86/setup: Read CR4 earlier in __start_xen()
  x86/alternatives: Clear CR4.CET when clearing CR0.WP
  x86/traps: Rework write_stub_trampoline() to not hardcode the jmp
  x86: Introduce helpers/checks for endbr64 instructions
  x86/emul: Update emulation stubs to be CET-IBT compatible
  x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible
  x86/entry: Make IDT entrypoints CET-IBT compatible
  x86/setup: Rework MSR_S_CET handling for CET-IBT
  x86/efi: Disable CET-IBT around Runtime Services calls
  x86: Enable CET Indirect Branch Tracking

Juergen Gross (2):
  x86/pv-shim: Don't modify the hypercall table
  x86: Don't use the hypercall table for calling compat hypercalls

Marek Marczykowski-Górecki (1):
  x86: Build check for embedded endbr64 instructions

 Config.mk                                         |   1 -
 README                                            |   1 +
 automation/build/debian/buster-gcc-ibt.dockerfile |  66 ++++
 automation/gitlab-ci/build.yaml                   |   6 +
 automation/scripts/containerize                   |   1 +
 docs/misc/xen-command-line.pandoc                 |  16 +-
 tools/firmware/Makefile                           |   2 +
 tools/libs/guest/xg_dom_decompress_unsafe.h       |   2 +
 tools/tests/x86_emulator/x86-emulate.h            |   2 +
 xen/arch/arm/bootfdt.c                            |   9 +-
 xen/arch/arm/io.c                                 |   9 +-
 xen/arch/x86/Kconfig                              |  17 +
 xen/arch/x86/Makefile                             |   6 +
 xen/arch/x86/acpi/boot.c                          |  24 +-
 xen/arch/x86/acpi/cpu_idle.c                      |  43 ++-
 xen/arch/x86/acpi/cpufreq/cpufreq.c               |  24 +-
 xen/arch/x86/acpi/cpufreq/powernow.c              |  21 +-
 xen/arch/x86/acpi/cpuidle_menu.c                  |   6 +-
 xen/arch/x86/acpi/lib.c                           |   2 +-
 xen/arch/x86/acpi/power.c                         |   4 +-
 xen/arch/x86/acpi/wakeup_prot.S                   |  38 +-
 xen/arch/x86/alternative.c                        |  13 +-
 xen/arch/x86/apic.c                               |  12 +-
 xen/arch/x86/arch.mk                              |   7 +
 xen/arch/x86/boot/x86_64.S                        |  30 +-
 xen/arch/x86/compat.c                             |  21 +-
 xen/arch/x86/configs/pvshim_defconfig             |   1 +
 xen/arch/x86/cpu/amd.c                            |   8 +-
 xen/arch/x86/cpu/centaur.c                        |   2 +-
 xen/arch/x86/cpu/common.c                         |   3 +-
 xen/arch/x86/cpu/cpu.h                            |   2 +-
 xen/arch/x86/cpu/hygon.c                          |   2 +-
 xen/arch/x86/cpu/intel.c                          |   6 +-
 xen/arch/x86/cpu/mcheck/amd_nonfatal.c            |   4 +-
 xen/arch/x86/cpu/mcheck/mce.c                     |  22 +-
 xen/arch/x86/cpu/mcheck/mce.h                     |   2 +-
 xen/arch/x86/cpu/mcheck/mce_amd.c                 |   9 +-
 xen/arch/x86/cpu/mcheck/mce_amd.h                 |   4 +-
 xen/arch/x86/cpu/mcheck/mce_intel.c               |  49 ++-
 xen/arch/x86/cpu/mcheck/non-fatal.c               |   6 +-
 xen/arch/x86/cpu/mcheck/vmce.c                    |   4 +-
 xen/arch/x86/cpu/microcode/amd.c                  |   9 +-
 xen/arch/x86/cpu/microcode/core.c                 |  15 +-
 xen/arch/x86/cpu/microcode/intel.c                |  10 +-
 xen/arch/x86/cpu/mtrr/generic.c                   |  20 +-
 xen/arch/x86/cpu/mtrr/main.c                      |   4 +-
 xen/arch/x86/cpu/mtrr/mtrr.h                      |   8 +-
 xen/arch/x86/cpu/mwait-idle.c                     |  12 +-
 xen/arch/x86/cpu/shanghai.c                       |   2 +-
 xen/arch/x86/cpu/vpmu.c                           |  13 +-
 xen/arch/x86/cpu/vpmu_amd.c                       |  16 +-
 xen/arch/x86/cpu/vpmu_intel.c                     |  16 +-
 xen/arch/x86/cpuid.c                              |   8 +-
 xen/arch/x86/crash.c                              |   7 +-
 xen/arch/x86/dmi_scan.c                           |  10 +-
 xen/arch/x86/dom0_build.c                         |   8 +-
 xen/arch/x86/domain.c                             |  16 +-
 xen/arch/x86/emul-i8254.c                         |  14 +-
 xen/arch/x86/extable.c                            |  18 +-
 xen/arch/x86/genapic/bigsmp.c                     |   4 +-
 xen/arch/x86/genapic/delivery.c                   |  12 +-
 xen/arch/x86/genapic/probe.c                      |   2 +-
 xen/arch/x86/genapic/x2apic.c                     |  18 +-
 xen/arch/x86/guest/hyperv/hyperv.c                |  10 +-
 xen/arch/x86/guest/xen/xen.c                      |  15 +-
 xen/arch/x86/hpet.c                               |  29 +-
 xen/arch/x86/hvm/dm.c                             |   5 +-
 xen/arch/x86/hvm/dom0_build.c                     |  16 +-
 xen/arch/x86/hvm/emulate.c                        |  93 +++--
 xen/arch/x86/hvm/hpet.c                           |  12 +-
 xen/arch/x86/hvm/hvm.c                            |  47 +--
 xen/arch/x86/hvm/hypercall.c                      |   5 +-
 xen/arch/x86/hvm/intercept.c                      |  28 +-
 xen/arch/x86/hvm/io.c                             |  38 +-
 xen/arch/x86/hvm/ioreq.c                          |   2 +-
 xen/arch/x86/hvm/irq.c                            |  16 +-
 xen/arch/x86/hvm/mtrr.c                           |   8 +-
 xen/arch/x86/hvm/nestedhvm.c                      |   6 +-
 xen/arch/x86/hvm/pmtimer.c                        |  10 +-
 xen/arch/x86/hvm/quirks.c                         |   4 +-
 xen/arch/x86/hvm/rtc.c                            |  18 +-
 xen/arch/x86/hvm/stdvga.c                         |  19 +-
 xen/arch/x86/hvm/svm/nestedsvm.c                  |  22 +-
 xen/arch/x86/hvm/svm/svm.c                        | 404 +++++++++++-----------
 xen/arch/x86/hvm/svm/vmcb.c                       |   2 +-
 xen/arch/x86/hvm/vioapic.c                        |  12 +-
 xen/arch/x86/hvm/viridian/time.c                  |   2 +-
 xen/arch/x86/hvm/viridian/viridian.c              |  17 +-
 xen/arch/x86/hvm/vlapic.c                         |  25 +-
 xen/arch/x86/hvm/vmsi.c                           |  16 +-
 xen/arch/x86/hvm/vmx/intr.c                       |   2 +-
 xen/arch/x86/hvm/vmx/vmcs.c                       |  22 +-
 xen/arch/x86/hvm/vmx/vmx.c                        | 155 +++++----
 xen/arch/x86/hvm/vmx/vvmx.c                       |  16 +-
 xen/arch/x86/hvm/vpic.c                           |   8 +-
 xen/arch/x86/hvm/vpt.c                            |   2 +-
 xen/arch/x86/i8259.c                              |  10 +-
 xen/arch/x86/include/asm/asm-defns.h              |   6 +
 xen/arch/x86/include/asm/bug.h                    |  10 +-
 xen/arch/x86/include/asm/cpufeature.h             |   1 +
 xen/arch/x86/include/asm/cpufeatures.h            |   1 +
 xen/arch/x86/include/asm/cpuidle.h                |   4 +-
 xen/arch/x86/include/asm/current.h                |   6 +-
 xen/arch/x86/include/asm/endbr.h                  |  55 +++
 xen/arch/x86/include/asm/flushtlb.h               |   2 +-
 xen/arch/x86/include/asm/genapic.h                |  18 +-
 xen/arch/x86/include/asm/hpet.h                   |   8 +-
 xen/arch/x86/include/asm/hvm/emulate.h            |   8 +-
 xen/arch/x86/include/asm/hvm/save.h               |   2 +-
 xen/arch/x86/include/asm/hvm/svm/nestedsvm.h      |  18 +-
 xen/arch/x86/include/asm/hvm/svm/svm.h            |   1 -
 xen/arch/x86/include/asm/hvm/vioapic.h            |   2 +-
 xen/arch/x86/include/asm/hvm/vmx/vmcs.h           |   8 +-
 xen/arch/x86/include/asm/hvm/vmx/vmx.h            |   4 +-
 xen/arch/x86/include/asm/hvm/vmx/vvmx.h           |  18 +-
 xen/arch/x86/include/asm/hypercall.h              |  81 +++--
 xen/arch/x86/include/asm/irq.h                    |  24 +-
 xen/arch/x86/include/asm/machine_kexec.h          |   2 +-
 xen/arch/x86/include/asm/mm.h                     |  16 +-
 xen/arch/x86/include/asm/msi.h                    |   8 +-
 xen/arch/x86/include/asm/msr-index.h              |   1 +
 xen/arch/x86/include/asm/mtrr.h                   |   2 +-
 xen/arch/x86/include/asm/p2m.h                    |   4 +-
 xen/arch/x86/include/asm/paging.h                 |   2 +-
 xen/arch/x86/include/asm/processor.h              |   4 +-
 xen/arch/x86/include/asm/pv/domain.h              |   4 +-
 xen/arch/x86/include/asm/pv/shim.h                |  11 +-
 xen/arch/x86/include/asm/shadow.h                 |   2 +-
 xen/arch/x86/include/asm/smp.h                    |   6 +-
 xen/arch/x86/include/asm/tboot.h                  |   2 +-
 xen/arch/x86/include/asm/time.h                   |   6 +-
 xen/arch/x86/io_apic.c                            |  28 +-
 xen/arch/x86/ioport_emulate.c                     |   4 +-
 xen/arch/x86/irq.c                                |  28 +-
 xen/arch/x86/livepatch.c                          |   2 +-
 xen/arch/x86/machine_kexec.c                      |   2 +-
 xen/arch/x86/mm.c                                 |  35 +-
 xen/arch/x86/mm/hap/guest_walk.c                  |   4 +-
 xen/arch/x86/mm/hap/hap.c                         |  29 +-
 xen/arch/x86/mm/hap/nested_hap.c                  |   2 +-
 xen/arch/x86/mm/hap/private.h                     |  30 +-
 xen/arch/x86/mm/mem_sharing.c                     |   2 +-
 xen/arch/x86/mm/p2m-ept.c                         |  34 +-
 xen/arch/x86/mm/p2m-pt.c                          |  19 +-
 xen/arch/x86/mm/paging.c                          |   3 +-
 xen/arch/x86/mm/shadow/common.c                   |  33 +-
 xen/arch/x86/mm/shadow/hvm.c                      |  16 +-
 xen/arch/x86/mm/shadow/multi.c                    |  80 +++--
 xen/arch/x86/mm/shadow/multi.h                    |  20 +-
 xen/arch/x86/mm/shadow/none.c                     |  20 +-
 xen/arch/x86/mm/shadow/private.h                  |  12 +-
 xen/arch/x86/mm/shadow/pv.c                       |   4 +-
 xen/arch/x86/msi.c                                |  18 +-
 xen/arch/x86/nmi.c                                |  16 +-
 xen/arch/x86/numa.c                               |  10 +-
 xen/arch/x86/oprofile/nmi_int.c                   |  16 +-
 xen/arch/x86/oprofile/op_model_athlon.c           |  18 +-
 xen/arch/x86/oprofile/op_model_p4.c               |  14 +-
 xen/arch/x86/oprofile/op_model_ppro.c             |  26 +-
 xen/arch/x86/percpu.c                             |   6 +-
 xen/arch/x86/physdev.c                            |   2 +-
 xen/arch/x86/platform_hypercall.c                 |  11 +-
 xen/arch/x86/psr.c                                |  41 +--
 xen/arch/x86/pv/callback.c                        |  25 +-
 xen/arch/x86/pv/descriptor-tables.c               |  14 +-
 xen/arch/x86/pv/domain.c                          |  12 +-
 xen/arch/x86/pv/emul-gate-op.c                    |   9 +-
 xen/arch/x86/pv/emul-priv-op.c                    |  71 ++--
 xen/arch/x86/pv/emulate.h                         |   7 -
 xen/arch/x86/pv/hypercall.c                       |  11 +-
 xen/arch/x86/pv/iret.c                            |   4 +-
 xen/arch/x86/pv/misc-hypercalls.c                 |  10 +-
 xen/arch/x86/pv/ro-page-fault.c                   |  31 +-
 xen/arch/x86/pv/shim.c                            |  60 ++--
 xen/arch/x86/pv/traps.c                           |   2 +-
 xen/arch/x86/setup.c                              |  80 ++++-
 xen/arch/x86/shutdown.c                           |  10 +-
 xen/arch/x86/smp.c                                |  20 +-
 xen/arch/x86/smpboot.c                            |   2 +-
 xen/arch/x86/spec_ctrl.c                          |   6 +-
 xen/arch/x86/srat.c                               |   4 +-
 xen/arch/x86/sysctl.c                             |   4 +-
 xen/arch/x86/tboot.c                              |   2 +-
 xen/arch/x86/time.c                               |  68 ++--
 xen/arch/x86/traps.c                              |   8 +-
 xen/arch/x86/tsx.c                                |   2 +-
 xen/arch/x86/x86_64/acpi_mmcfg.c                  |   2 +-
 xen/arch/x86/x86_64/compat.c                      |   1 -
 xen/arch/x86/x86_64/compat/entry.S                |   1 +
 xen/arch/x86/x86_64/compat/mm.c                   |   7 +-
 xen/arch/x86/x86_64/entry.S                       |  49 ++-
 xen/arch/x86/x86_64/kexec_reloc.S                 |  23 +-
 xen/arch/x86/x86_64/mmconfig-shared.c             |  10 +-
 xen/arch/x86/x86_64/mmconfig.h                    |   2 +-
 xen/arch/x86/x86_64/platform_hypercall.c          |   2 +-
 xen/arch/x86/x86_64/traps.c                       |  42 ++-
 xen/arch/x86/x86_emulate.c                        |  34 +-
 xen/arch/x86/x86_emulate/x86_emulate.c            |  10 +-
 xen/arch/x86/x86_emulate/x86_emulate.h            |  33 +-
 xen/arch/x86/xen.lds.S                            |   3 +-
 xen/common/argo.c                                 |   6 +-
 xen/common/bunzip2.c                              |   2 +-
 xen/common/compat/domain.c                        |   3 +-
 xen/common/compat/grant_table.c                   |   5 +-
 xen/common/compat/kernel.c                        |   2 +-
 xen/common/compat/memory.c                        |   7 +-
 xen/common/compat/multicall.c                     |   3 +-
 xen/common/core_parking.c                         |  10 +-
 xen/common/coverage/gcov.c                        |   8 +-
 xen/common/cpu.c                                  |   4 +-
 xen/common/debugtrace.c                           |  10 +-
 xen/common/decompress.c                           |   2 +-
 xen/common/dm.c                                   |   6 +-
 xen/common/domain.c                               |  15 +-
 xen/common/domctl.c                               |   2 +-
 xen/common/efi/boot.c                             |   6 +-
 xen/common/efi/runtime.c                          |  18 +
 xen/common/event_2l.c                             |  21 +-
 xen/common/event_channel.c                        |  18 +-
 xen/common/event_fifo.c                           |  30 +-
 xen/common/gdbstub.c                              |   9 +-
 xen/common/grant_table.c                          |  29 +-
 xen/common/hypfs.c                                |  63 ++--
 xen/common/irq.c                                  |   6 +-
 xen/common/kernel.c                               |   6 +-
 xen/common/kexec.c                                |  18 +-
 xen/common/keyhandler.c                           |  47 +--
 xen/common/livepatch.c                            |  15 +-
 xen/common/memory.c                               |   8 +-
 xen/common/multicall.c                            |   2 +-
 xen/common/page_alloc.c                           |  14 +-
 xen/common/perfc.c                                |   4 +-
 xen/common/radix-tree.c                           |   8 +-
 xen/common/random.c                               |   2 +-
 xen/common/rangeset.c                             |   2 +-
 xen/common/rcupdate.c                             |   8 +-
 xen/common/sched/arinc653.c                       |  20 +-
 xen/common/sched/compat.c                         |   2 +-
 xen/common/sched/core.c                           |  40 +--
 xen/common/sched/cpupool.c                        |  35 +-
 xen/common/sched/credit.c                         |  59 ++--
 xen/common/sched/credit2.c                        |  55 ++-
 xen/common/sched/null.c                           |  60 ++--
 xen/common/sched/rt.c                             |  47 +--
 xen/common/spinlock.c                             |  12 +-
 xen/common/stop_machine.c                         |   6 +-
 xen/common/sysctl.c                               |   2 +-
 xen/common/tasklet.c                              |   4 +-
 xen/common/timer.c                                |   6 +-
 xen/common/trace.c                                |   4 +-
 xen/common/unlzma.c                               |   2 +-
 xen/common/vm_event.c                             |   6 +-
 xen/common/xenoprof.c                             |   2 +-
 xen/common/xmalloc_tlsf.c                         |   4 +-
 xen/common/zstd/zstd_common.c                     |   4 +-
 xen/common/zstd/zstd_internal.h                   |   4 +-
 xen/drivers/acpi/apei/apei-base.c                 |  32 +-
 xen/drivers/acpi/apei/apei-internal.h             |  20 +-
 xen/drivers/acpi/apei/erst.c                      |  57 ++-
 xen/drivers/acpi/apei/hest.c                      |   4 +-
 xen/drivers/acpi/numa.c                           |  10 +-
 xen/drivers/acpi/tables.c                         |   2 +-
 xen/drivers/char/console.c                        |  36 +-
 xen/drivers/char/ehci-dbgp.c                      |  28 +-
 xen/drivers/char/ns16550.c                        |  34 +-
 xen/drivers/cpufreq/cpufreq.c                     |   6 +-
 xen/drivers/cpufreq/cpufreq_misc_governors.c      |  22 +-
 xen/drivers/cpufreq/cpufreq_ondemand.c            |  10 +-
 xen/drivers/passthrough/amd/iommu.h               |  45 +--
 xen/drivers/passthrough/amd/iommu_acpi.c          |  15 +-
 xen/drivers/passthrough/amd/iommu_guest.c         |  12 +-
 xen/drivers/passthrough/amd/iommu_init.c          |  49 +--
 xen/drivers/passthrough/amd/iommu_intr.c          |  20 +-
 xen/drivers/passthrough/amd/iommu_map.c           |  22 +-
 xen/drivers/passthrough/amd/pci_amd_iommu.c       |  32 +-
 xen/drivers/passthrough/iommu.c                   |  56 ++-
 xen/drivers/passthrough/pci.c                     |  18 +-
 xen/drivers/passthrough/vtd/dmar.c                |   7 +-
 xen/drivers/passthrough/vtd/extern.h              |  38 +-
 xen/drivers/passthrough/vtd/intremap.c            |  14 +-
 xen/drivers/passthrough/vtd/iommu.c               |  94 ++---
 xen/drivers/passthrough/vtd/qinval.c              |  28 +-
 xen/drivers/passthrough/vtd/quirks.c              |   2 +-
 xen/drivers/passthrough/vtd/utils.c               |   2 +-
 xen/drivers/passthrough/vtd/x86/hvm.c             |   4 +-
 xen/drivers/passthrough/x86/hvm.c                 |  14 +-
 xen/drivers/video/lfb.c                           |   4 +-
 xen/drivers/video/lfb.h                           |   4 +-
 xen/drivers/video/vesa.c                          |   6 +-
 xen/drivers/video/vga.c                           |   6 +-
 xen/drivers/vpci/header.c                         |  18 +-
 xen/drivers/vpci/msi.c                            |  42 +--
 xen/drivers/vpci/msix.c                           |  20 +-
 xen/drivers/vpci/vpci.c                           |  16 +-
 xen/include/acpi/cpufreq/cpufreq.h                |   1 -
 xen/include/xen/acpi.h                            |   2 +-
 xen/include/xen/compiler.h                        |   6 +
 xen/include/xen/domain.h                          |   2 +-
 xen/include/xen/hypercall.h                       |  69 ++--
 xen/include/xen/hypfs.h                           |  49 ++-
 xen/include/xen/irq.h                             |   6 +-
 xen/include/xen/lib.h                             |   2 +-
 xen/include/xen/perfc.h                           |   4 +-
 xen/include/xen/sched.h                           |   2 +-
 xen/include/xen/sort.h                            |  55 ++-
 xen/include/xen/spinlock.h                        |   4 +-
 xen/include/xen/vpci.h                            |   8 +-
 xen/include/xsm/dummy.h                           | 211 +++++------
 xen/lib/sort.c                                    |  80 +----
 xen/tools/check-endbr.sh                          |  85 +++++
 xen/xsm/flask/avc.c                               |   2 +-
 xen/xsm/flask/flask_op.c                          |   8 +-
 xen/xsm/flask/hooks.c                             | 236 +++++++------
 xen/xsm/flask/private.h                           |   9 +
 xen/xsm/flask/ss/avtab.c                          |   4 +-
 xen/xsm/flask/ss/conditional.c                    |  10 +-
 xen/xsm/flask/ss/conditional.h                    |   6 +-
 xen/xsm/flask/ss/policydb.c                       |  53 +--
 xen/xsm/flask/ss/services.c                       |   6 +-
 xen/xsm/flask/ss/symtab.c                         |   5 +-
 xen/xsm/silo.c                                    |  24 +-
 xen/xsm/xsm_core.c                                |   6 +-
 322 files changed, 3316 insertions(+), 2739 deletions(-)
 create mode 100644 automation/build/debian/buster-gcc-ibt.dockerfile
 create mode 100644 xen/arch/x86/include/asm/endbr.h
 create mode 100755 xen/tools/check-endbr.sh
 create mode 100644 xen/xsm/flask/private.h

-- 
2.11.0

On 22.02.2022 16:26, Andrew Cooper wrote:
> To avoid spamming everyone, I have only re-sent patches with changes in v3.

Could you enumerate which ones these are? Otherwise it's hard to tell
whether everything you did send did arrive in the recipients' mailboxes.

Thanks, Jan

> CET Indirect Branch Tracking is a hardware feature designed to protect against
> forward-edge control flow hijacking (Call/Jump oriented programming), and is a
> companion feature to CET Shadow Stacks added in Xen 4.14.
> 
> Patches 1 thru 5 are prerequisites.  Patches 6 thru 59 are fairly mechanical
> annotations of function pointer targets.  Patches 60 thru 70 are the final
> enablement of CET-IBT.
> 
> This series functions correctly with GCC 9 and later, although an experimental
> GCC patch is required to get more helpful typechecking at build time.  A
> container with this fix has been added to CI.
> 
> Tested on a TigerLake NUC by me, and by Marek also.
> 
> CI pipelines:
>   https://gitlab.com/xen-project/people/andyhhp/xen/-/pipelines/476819536
>   https://cirrus-ci.com/build/4634902334275584
> 
> Andrew Cooper (67):
>   xen/sort: Switch to an extern inline implementation
>   xen/xsm: Move {do,compat}_flask_op() declarations into a header
>   x86/kexec: Annotate embedded data with ELF metadata
>   x86: Introduce support for CET-IBT
>   xen: CFI hardening for x86 hypercalls
>   xen: CFI hardening for custom_param()
>   xen: CFI hardening for __initcall()
>   xen: CFI hardening for notifier callbacks
>   xen: CFI hardening for acpi_table_parse()
>   xen: CFI hardening for continue_hypercall_on_cpu()
>   xen: CFI hardening for init_timer()
>   xen: CFI hardening for call_rcu()
>   xen: CFI hardening for IPIs
>   xen: CFI hardening for open_softirq()
>   xsm/flask/ss: CFI hardening
>   xsm: CFI hardening
>   xen/sched: CFI hardening
>   xen/evtchn: CFI hardening
>   xen/hypfs: CFI hardening
>   xen/tasklet: CFI hardening
>   xen/keyhandler: CFI hardening
>   xen/vpci: CFI hardening
>   xen/decompress: CFI hardening
>   xen/iommu: CFI hardening
>   xen/video: CFI hardening
>   xen/console: CFI hardening
>   xen/misc: CFI hardening
>   x86: CFI hardening for request_irq()
>   x86/hvm: CFI hardening for hvm_funcs
>   x86/hvm: CFI hardening for device emulation
>   x86/emul: CFI hardening
>   x86/ucode: CFI hardening
>   x86/power: CFI hardening
>   x86/apic: CFI hardening
>   x86/nmi: CFI hardening
>   x86/mtrr: CFI hardening
>   x86/idle: CFI hardening
>   x86/quirks: CFI hardening
>   x86/hvmsave: CFI hardening
>   x86/mce: CFI hardening
>   x86/pmu: CFI hardening
>   x86/cpu: CFI hardening
>   x86/guest: CFI hardening
>   x86/logdirty: CFI hardening
>   x86/shadow: CFI hardening
>   x86/hap: CFI hardening
>   x86/p2m: CFI hardening
>   x86/irq: CFI hardening
>   x86/apei: CFI hardening
>   x86/psr: CFI hardening
>   x86/dpci: CFI hardening
>   x86/pt: CFI hardening
>   x86/time: CFI hardening
>   x86/misc: CFI hardening
>   x86/stack: CFI hardening
>   x86/bugframe: CFI hardening
>   x86: Use control flow typechecking where possible
>   x86/setup: Read CR4 earlier in __start_xen()
>   x86/alternatives: Clear CR4.CET when clearing CR0.WP
>   x86/traps: Rework write_stub_trampoline() to not hardcode the jmp
>   x86: Introduce helpers/checks for endbr64 instructions
>   x86/emul: Update emulation stubs to be CET-IBT compatible
>   x86/entry: Make syscall/sysenter entrypoints CET-IBT compatible
>   x86/entry: Make IDT entrypoints CET-IBT compatible
>   x86/setup: Rework MSR_S_CET handling for CET-IBT
>   x86/efi: Disable CET-IBT around Runtime Services calls
>   x86: Enable CET Indirect Branch Tracking
> 
> Juergen Gross (2):
>   x86/pv-shim: Don't modify the hypercall table
>   x86: Don't use the hypercall table for calling compat hypercalls
> 
> Marek Marczykowski-Górecki (1):
>   x86: Build check for embedded endbr64 instructions
> 
>  Config.mk                                         |   1 -
>  README                                            |   1 +
>  automation/build/debian/buster-gcc-ibt.dockerfile |  66 ++++
>  automation/gitlab-ci/build.yaml                   |   6 +
>  automation/scripts/containerize                   |   1 +
>  docs/misc/xen-command-line.pandoc                 |  16 +-
>  tools/firmware/Makefile                           |   2 +
>  tools/libs/guest/xg_dom_decompress_unsafe.h       |   2 +
>  tools/tests/x86_emulator/x86-emulate.h            |   2 +
>  xen/arch/arm/bootfdt.c                            |   9 +-
>  xen/arch/arm/io.c                                 |   9 +-
>  xen/arch/x86/Kconfig                              |  17 +
>  xen/arch/x86/Makefile                             |   6 +
>  xen/arch/x86/acpi/boot.c                          |  24 +-
>  xen/arch/x86/acpi/cpu_idle.c                      |  43 ++-
>  xen/arch/x86/acpi/cpufreq/cpufreq.c               |  24 +-
>  xen/arch/x86/acpi/cpufreq/powernow.c              |  21 +-
>  xen/arch/x86/acpi/cpuidle_menu.c                  |   6 +-
>  xen/arch/x86/acpi/lib.c                           |   2 +-
>  xen/arch/x86/acpi/power.c                         |   4 +-
>  xen/arch/x86/acpi/wakeup_prot.S                   |  38 +-
>  xen/arch/x86/alternative.c                        |  13 +-
>  xen/arch/x86/apic.c                               |  12 +-
>  xen/arch/x86/arch.mk                              |   7 +
>  xen/arch/x86/boot/x86_64.S                        |  30 +-
>  xen/arch/x86/compat.c                             |  21 +-
>  xen/arch/x86/configs/pvshim_defconfig             |   1 +
>  xen/arch/x86/cpu/amd.c                            |   8 +-
>  xen/arch/x86/cpu/centaur.c                        |   2 +-
>  xen/arch/x86/cpu/common.c                         |   3 +-
>  xen/arch/x86/cpu/cpu.h                            |   2 +-
>  xen/arch/x86/cpu/hygon.c                          |   2 +-
>  xen/arch/x86/cpu/intel.c                          |   6 +-
>  xen/arch/x86/cpu/mcheck/amd_nonfatal.c            |   4 +-
>  xen/arch/x86/cpu/mcheck/mce.c                     |  22 +-
>  xen/arch/x86/cpu/mcheck/mce.h                     |   2 +-
>  xen/arch/x86/cpu/mcheck/mce_amd.c                 |   9 +-
>  xen/arch/x86/cpu/mcheck/mce_amd.h                 |   4 +-
>  xen/arch/x86/cpu/mcheck/mce_intel.c               |  49 ++-
>  xen/arch/x86/cpu/mcheck/non-fatal.c               |   6 +-
>  xen/arch/x86/cpu/mcheck/vmce.c                    |   4 +-
>  xen/arch/x86/cpu/microcode/amd.c                  |   9 +-
>  xen/arch/x86/cpu/microcode/core.c                 |  15 +-
>  xen/arch/x86/cpu/microcode/intel.c                |  10 +-
>  xen/arch/x86/cpu/mtrr/generic.c                   |  20 +-
>  xen/arch/x86/cpu/mtrr/main.c                      |   4 +-
>  xen/arch/x86/cpu/mtrr/mtrr.h                      |   8 +-
>  xen/arch/x86/cpu/mwait-idle.c                     |  12 +-
>  xen/arch/x86/cpu/shanghai.c                       |   2 +-
>  xen/arch/x86/cpu/vpmu.c                           |  13 +-
>  xen/arch/x86/cpu/vpmu_amd.c                       |  16 +-
>  xen/arch/x86/cpu/vpmu_intel.c                     |  16 +-
>  xen/arch/x86/cpuid.c                              |   8 +-
>  xen/arch/x86/crash.c                              |   7 +-
>  xen/arch/x86/dmi_scan.c                           |  10 +-
>  xen/arch/x86/dom0_build.c                         |   8 +-
>  xen/arch/x86/domain.c                             |  16 +-
>  xen/arch/x86/emul-i8254.c                         |  14 +-
>  xen/arch/x86/extable.c                            |  18 +-
>  xen/arch/x86/genapic/bigsmp.c                     |   4 +-
>  xen/arch/x86/genapic/delivery.c                   |  12 +-
>  xen/arch/x86/genapic/probe.c                      |   2 +-
>  xen/arch/x86/genapic/x2apic.c                     |  18 +-
>  xen/arch/x86/guest/hyperv/hyperv.c                |  10 +-
>  xen/arch/x86/guest/xen/xen.c                      |  15 +-
>  xen/arch/x86/hpet.c                               |  29 +-
>  xen/arch/x86/hvm/dm.c                             |   5 +-
>  xen/arch/x86/hvm/dom0_build.c                     |  16 +-
>  xen/arch/x86/hvm/emulate.c                        |  93 +++--
>  xen/arch/x86/hvm/hpet.c                           |  12 +-
>  xen/arch/x86/hvm/hvm.c                            |  47 +--
>  xen/arch/x86/hvm/hypercall.c                      |   5 +-
>  xen/arch/x86/hvm/intercept.c                      |  28 +-
>  xen/arch/x86/hvm/io.c                             |  38 +-
>  xen/arch/x86/hvm/ioreq.c                          |   2 +-
>  xen/arch/x86/hvm/irq.c                            |  16 +-
>  xen/arch/x86/hvm/mtrr.c                           |   8 +-
>  xen/arch/x86/hvm/nestedhvm.c                      |   6 +-
>  xen/arch/x86/hvm/pmtimer.c                        |  10 +-
>  xen/arch/x86/hvm/quirks.c                         |   4 +-
>  xen/arch/x86/hvm/rtc.c                            |  18 +-
>  xen/arch/x86/hvm/stdvga.c                         |  19 +-
>  xen/arch/x86/hvm/svm/nestedsvm.c                  |  22 +-
>  xen/arch/x86/hvm/svm/svm.c                        | 404 +++++++++++-----------
>  xen/arch/x86/hvm/svm/vmcb.c                       |   2 +-
>  xen/arch/x86/hvm/vioapic.c                        |  12 +-
>  xen/arch/x86/hvm/viridian/time.c                  |   2 +-
>  xen/arch/x86/hvm/viridian/viridian.c              |  17 +-
>  xen/arch/x86/hvm/vlapic.c                         |  25 +-
>  xen/arch/x86/hvm/vmsi.c                           |  16 +-
>  xen/arch/x86/hvm/vmx/intr.c                       |   2 +-
>  xen/arch/x86/hvm/vmx/vmcs.c                       |  22 +-
>  xen/arch/x86/hvm/vmx/vmx.c                        | 155 +++++----
>  xen/arch/x86/hvm/vmx/vvmx.c                       |  16 +-
>  xen/arch/x86/hvm/vpic.c                           |   8 +-
>  xen/arch/x86/hvm/vpt.c                            |   2 +-
>  xen/arch/x86/i8259.c                              |  10 +-
>  xen/arch/x86/include/asm/asm-defns.h              |   6 +
>  xen/arch/x86/include/asm/bug.h                    |  10 +-
>  xen/arch/x86/include/asm/cpufeature.h             |   1 +
>  xen/arch/x86/include/asm/cpufeatures.h            |   1 +
>  xen/arch/x86/include/asm/cpuidle.h                |   4 +-
>  xen/arch/x86/include/asm/current.h                |   6 +-
>  xen/arch/x86/include/asm/endbr.h                  |  55 +++
>  xen/arch/x86/include/asm/flushtlb.h               |   2 +-
>  xen/arch/x86/include/asm/genapic.h                |  18 +-
>  xen/arch/x86/include/asm/hpet.h                   |   8 +-
>  xen/arch/x86/include/asm/hvm/emulate.h            |   8 +-
>  xen/arch/x86/include/asm/hvm/save.h               |   2 +-
>  xen/arch/x86/include/asm/hvm/svm/nestedsvm.h      |  18 +-
>  xen/arch/x86/include/asm/hvm/svm/svm.h            |   1 -
>  xen/arch/x86/include/asm/hvm/vioapic.h            |   2 +-
>  xen/arch/x86/include/asm/hvm/vmx/vmcs.h           |   8 +-
>  xen/arch/x86/include/asm/hvm/vmx/vmx.h            |   4 +-
>  xen/arch/x86/include/asm/hvm/vmx/vvmx.h           |  18 +-
>  xen/arch/x86/include/asm/hypercall.h              |  81 +++--
>  xen/arch/x86/include/asm/irq.h                    |  24 +-
>  xen/arch/x86/include/asm/machine_kexec.h          |   2 +-
>  xen/arch/x86/include/asm/mm.h                     |  16 +-
>  xen/arch/x86/include/asm/msi.h                    |   8 +-
>  xen/arch/x86/include/asm/msr-index.h              |   1 +
>  xen/arch/x86/include/asm/mtrr.h                   |   2 +-
>  xen/arch/x86/include/asm/p2m.h                    |   4 +-
>  xen/arch/x86/include/asm/paging.h                 |   2 +-
>  xen/arch/x86/include/asm/processor.h              |   4 +-
>  xen/arch/x86/include/asm/pv/domain.h              |   4 +-
>  xen/arch/x86/include/asm/pv/shim.h                |  11 +-
>  xen/arch/x86/include/asm/shadow.h                 |   2 +-
>  xen/arch/x86/include/asm/smp.h                    |   6 +-
>  xen/arch/x86/include/asm/tboot.h                  |   2 +-
>  xen/arch/x86/include/asm/time.h                   |   6 +-
>  xen/arch/x86/io_apic.c                            |  28 +-
>  xen/arch/x86/ioport_emulate.c                     |   4 +-
>  xen/arch/x86/irq.c                                |  28 +-
>  xen/arch/x86/livepatch.c                          |   2 +-
>  xen/arch/x86/machine_kexec.c                      |   2 +-
>  xen/arch/x86/mm.c                                 |  35 +-
>  xen/arch/x86/mm/hap/guest_walk.c                  |   4 +-
>  xen/arch/x86/mm/hap/hap.c                         |  29 +-
>  xen/arch/x86/mm/hap/nested_hap.c                  |   2 +-
>  xen/arch/x86/mm/hap/private.h                     |  30 +-
>  xen/arch/x86/mm/mem_sharing.c                     |   2 +-
>  xen/arch/x86/mm/p2m-ept.c                         |  34 +-
>  xen/arch/x86/mm/p2m-pt.c                          |  19 +-
>  xen/arch/x86/mm/paging.c                          |   3 +-
>  xen/arch/x86/mm/shadow/common.c                   |  33 +-
>  xen/arch/x86/mm/shadow/hvm.c                      |  16 +-
>  xen/arch/x86/mm/shadow/multi.c                    |  80 +++--
>  xen/arch/x86/mm/shadow/multi.h                    |  20 +-
>  xen/arch/x86/mm/shadow/none.c                     |  20 +-
>  xen/arch/x86/mm/shadow/private.h                  |  12 +-
>  xen/arch/x86/mm/shadow/pv.c                       |   4 +-
>  xen/arch/x86/msi.c                                |  18 +-
>  xen/arch/x86/nmi.c                                |  16 +-
>  xen/arch/x86/numa.c                               |  10 +-
>  xen/arch/x86/oprofile/nmi_int.c                   |  16 +-
>  xen/arch/x86/oprofile/op_model_athlon.c           |  18 +-
>  xen/arch/x86/oprofile/op_model_p4.c               |  14 +-
>  xen/arch/x86/oprofile/op_model_ppro.c             |  26 +-
>  xen/arch/x86/percpu.c                             |   6 +-
>  xen/arch/x86/physdev.c                            |   2 +-
>  xen/arch/x86/platform_hypercall.c                 |  11 +-
>  xen/arch/x86/psr.c                                |  41 +--
>  xen/arch/x86/pv/callback.c                        |  25 +-
>  xen/arch/x86/pv/descriptor-tables.c               |  14 +-
>  xen/arch/x86/pv/domain.c                          |  12 +-
>  xen/arch/x86/pv/emul-gate-op.c                    |   9 +-
>  xen/arch/x86/pv/emul-priv-op.c                    |  71 ++--
>  xen/arch/x86/pv/emulate.h                         |   7 -
>  xen/arch/x86/pv/hypercall.c                       |  11 +-
>  xen/arch/x86/pv/iret.c                            |   4 +-
>  xen/arch/x86/pv/misc-hypercalls.c                 |  10 +-
>  xen/arch/x86/pv/ro-page-fault.c                   |  31 +-
>  xen/arch/x86/pv/shim.c                            |  60 ++--
>  xen/arch/x86/pv/traps.c                           |   2 +-
>  xen/arch/x86/setup.c                              |  80 ++++-
>  xen/arch/x86/shutdown.c                           |  10 +-
>  xen/arch/x86/smp.c                                |  20 +-
>  xen/arch/x86/smpboot.c                            |   2 +-
>  xen/arch/x86/spec_ctrl.c                          |   6 +-
>  xen/arch/x86/srat.c                               |   4 +-
>  xen/arch/x86/sysctl.c                             |   4 +-
>  xen/arch/x86/tboot.c                              |   2 +-
>  xen/arch/x86/time.c                               |  68 ++--
>  xen/arch/x86/traps.c                              |   8 +-
>  xen/arch/x86/tsx.c                                |   2 +-
>  xen/arch/x86/x86_64/acpi_mmcfg.c                  |   2 +-
>  xen/arch/x86/x86_64/compat.c                      |   1 -
>  xen/arch/x86/x86_64/compat/entry.S                |   1 +
>  xen/arch/x86/x86_64/compat/mm.c                   |   7 +-
>  xen/arch/x86/x86_64/entry.S                       |  49 ++-
>  xen/arch/x86/x86_64/kexec_reloc.S                 |  23 +-
>  xen/arch/x86/x86_64/mmconfig-shared.c             |  10 +-
>  xen/arch/x86/x86_64/mmconfig.h                    |   2 +-
>  xen/arch/x86/x86_64/platform_hypercall.c          |   2 +-
>  xen/arch/x86/x86_64/traps.c                       |  42 ++-
>  xen/arch/x86/x86_emulate.c                        |  34 +-
>  xen/arch/x86/x86_emulate/x86_emulate.c            |  10 +-
>  xen/arch/x86/x86_emulate/x86_emulate.h            |  33 +-
>  xen/arch/x86/xen.lds.S                            |   3 +-
>  xen/common/argo.c                                 |   6 +-
>  xen/common/bunzip2.c                              |   2 +-
>  xen/common/compat/domain.c                        |   3 +-
>  xen/common/compat/grant_table.c                   |   5 +-
>  xen/common/compat/kernel.c                        |   2 +-
>  xen/common/compat/memory.c                        |   7 +-
>  xen/common/compat/multicall.c                     |   3 +-
>  xen/common/core_parking.c                         |  10 +-
>  xen/common/coverage/gcov.c                        |   8 +-
>  xen/common/cpu.c                                  |   4 +-
>  xen/common/debugtrace.c                           |  10 +-
>  xen/common/decompress.c                           |   2 +-
>  xen/common/dm.c                                   |   6 +-
>  xen/common/domain.c                               |  15 +-
>  xen/common/domctl.c                               |   2 +-
>  xen/common/efi/boot.c                             |   6 +-
>  xen/common/efi/runtime.c                          |  18 +
>  xen/common/event_2l.c                             |  21 +-
>  xen/common/event_channel.c                        |  18 +-
>  xen/common/event_fifo.c                           |  30 +-
>  xen/common/gdbstub.c                              |   9 +-
>  xen/common/grant_table.c                          |  29 +-
>  xen/common/hypfs.c                                |  63 ++--
>  xen/common/irq.c                                  |   6 +-
>  xen/common/kernel.c                               |   6 +-
>  xen/common/kexec.c                                |  18 +-
>  xen/common/keyhandler.c                           |  47 +--
>  xen/common/livepatch.c                            |  15 +-
>  xen/common/memory.c                               |   8 +-
>  xen/common/multicall.c                            |   2 +-
>  xen/common/page_alloc.c                           |  14 +-
>  xen/common/perfc.c                                |   4 +-
>  xen/common/radix-tree.c                           |   8 +-
>  xen/common/random.c                               |   2 +-
>  xen/common/rangeset.c                             |   2 +-
>  xen/common/rcupdate.c                             |   8 +-
>  xen/common/sched/arinc653.c                       |  20 +-
>  xen/common/sched/compat.c                         |   2 +-
>  xen/common/sched/core.c                           |  40 +--
>  xen/common/sched/cpupool.c                        |  35 +-
>  xen/common/sched/credit.c                         |  59 ++--
>  xen/common/sched/credit2.c                        |  55 ++-
>  xen/common/sched/null.c                           |  60 ++--
>  xen/common/sched/rt.c                             |  47 +--
>  xen/common/spinlock.c                             |  12 +-
>  xen/common/stop_machine.c                         |   6 +-
>  xen/common/sysctl.c                               |   2 +-
>  xen/common/tasklet.c                              |   4 +-
>  xen/common/timer.c                                |   6 +-
>  xen/common/trace.c                                |   4 +-
>  xen/common/unlzma.c                               |   2 +-
>  xen/common/vm_event.c                             |   6 +-
>  xen/common/xenoprof.c                             |   2 +-
>  xen/common/xmalloc_tlsf.c                         |   4 +-
>  xen/common/zstd/zstd_common.c                     |   4 +-
>  xen/common/zstd/zstd_internal.h                   |   4 +-
>  xen/drivers/acpi/apei/apei-base.c                 |  32 +-
>  xen/drivers/acpi/apei/apei-internal.h             |  20 +-
>  xen/drivers/acpi/apei/erst.c                      |  57 ++-
>  xen/drivers/acpi/apei/hest.c                      |   4 +-
>  xen/drivers/acpi/numa.c                           |  10 +-
>  xen/drivers/acpi/tables.c                         |   2 +-
>  xen/drivers/char/console.c                        |  36 +-
>  xen/drivers/char/ehci-dbgp.c                      |  28 +-
>  xen/drivers/char/ns16550.c                        |  34 +-
>  xen/drivers/cpufreq/cpufreq.c                     |   6 +-
>  xen/drivers/cpufreq/cpufreq_misc_governors.c      |  22 +-
>  xen/drivers/cpufreq/cpufreq_ondemand.c            |  10 +-
>  xen/drivers/passthrough/amd/iommu.h               |  45 +--
>  xen/drivers/passthrough/amd/iommu_acpi.c          |  15 +-
>  xen/drivers/passthrough/amd/iommu_guest.c         |  12 +-
>  xen/drivers/passthrough/amd/iommu_init.c          |  49 +--
>  xen/drivers/passthrough/amd/iommu_intr.c          |  20 +-
>  xen/drivers/passthrough/amd/iommu_map.c           |  22 +-
>  xen/drivers/passthrough/amd/pci_amd_iommu.c       |  32 +-
>  xen/drivers/passthrough/iommu.c                   |  56 ++-
>  xen/drivers/passthrough/pci.c                     |  18 +-
>  xen/drivers/passthrough/vtd/dmar.c                |   7 +-
>  xen/drivers/passthrough/vtd/extern.h              |  38 +-
>  xen/drivers/passthrough/vtd/intremap.c            |  14 +-
>  xen/drivers/passthrough/vtd/iommu.c               |  94 ++---
>  xen/drivers/passthrough/vtd/qinval.c              |  28 +-
>  xen/drivers/passthrough/vtd/quirks.c              |   2 +-
>  xen/drivers/passthrough/vtd/utils.c               |   2 +-
>  xen/drivers/passthrough/vtd/x86/hvm.c             |   4 +-
>  xen/drivers/passthrough/x86/hvm.c                 |  14 +-
>  xen/drivers/video/lfb.c                           |   4 +-
>  xen/drivers/video/lfb.h                           |   4 +-
>  xen/drivers/video/vesa.c                          |   6 +-
>  xen/drivers/video/vga.c                           |   6 +-
>  xen/drivers/vpci/header.c                         |  18 +-
>  xen/drivers/vpci/msi.c                            |  42 +--
>  xen/drivers/vpci/msix.c                           |  20 +-
>  xen/drivers/vpci/vpci.c                           |  16 +-
>  xen/include/acpi/cpufreq/cpufreq.h                |   1 -
>  xen/include/xen/acpi.h                            |   2 +-
>  xen/include/xen/compiler.h                        |   6 +
>  xen/include/xen/domain.h                          |   2 +-
>  xen/include/xen/hypercall.h                       |  69 ++--
>  xen/include/xen/hypfs.h                           |  49 ++-
>  xen/include/xen/irq.h                             |   6 +-
>  xen/include/xen/lib.h                             |   2 +-
>  xen/include/xen/perfc.h                           |   4 +-
>  xen/include/xen/sched.h                           |   2 +-
>  xen/include/xen/sort.h                            |  55 ++-
>  xen/include/xen/spinlock.h                        |   4 +-
>  xen/include/xen/vpci.h                            |   8 +-
>  xen/include/xsm/dummy.h                           | 211 +++++------
>  xen/lib/sort.c                                    |  80 +----
>  xen/tools/check-endbr.sh                          |  85 +++++
>  xen/xsm/flask/avc.c                               |   2 +-
>  xen/xsm/flask/flask_op.c                          |   8 +-
>  xen/xsm/flask/hooks.c                             | 236 +++++++------
>  xen/xsm/flask/private.h                           |   9 +
>  xen/xsm/flask/ss/avtab.c                          |   4 +-
>  xen/xsm/flask/ss/conditional.c                    |  10 +-
>  xen/xsm/flask/ss/conditional.h                    |   6 +-
>  xen/xsm/flask/ss/policydb.c                       |  53 +--
>  xen/xsm/flask/ss/services.c                       |   6 +-
>  xen/xsm/flask/ss/symtab.c                         |   5 +-
>  xen/xsm/silo.c                                    |  24 +-
>  xen/xsm/xsm_core.c                                |   6 +-
>  322 files changed, 3316 insertions(+), 2739 deletions(-)
>  create mode 100644 automation/build/debian/buster-gcc-ibt.dockerfile
>  create mode 100644 xen/arch/x86/include/asm/endbr.h
>  create mode 100755 xen/tools/check-endbr.sh
>  create mode 100644 xen/xsm/flask/private.h
> 

On 22/02/2022 15:29, Jan Beulich wrote:
> On 22.02.2022 16:26, Andrew Cooper wrote:
>> To avoid spamming everyone, I have only re-sent patches with changes in v3.
> Could you enumerate which ones these are? Otherwise it's hard to tell
> whether everything you did send did arrive in the recipients' mailboxes.

Oops sorry.  1, 3, 5, 6, 8, 12, 26, 27, 29, 33, 46, 47, 59, 60, 64.

All that I'm expecting to see have appeared on the list.

~Andrew