lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 14 Feb 2022 13:30:53 +0100
From:   Alexander Lobakin <>
To:     Peter Zijlstra <>
Cc:     Alexander Lobakin <>,,,
        Borislav Petkov <>,
        Jesse Brandeburg <>,
        Kristen Carlson Accardi <>,
        Kees Cook <>,
        Miklos Szeredi <>,
        Ard Biesheuvel <>,
        Tony Luck <>,
        Bruce Schlobohm <>,
        Jessica Yu <>,
        kernel test robot <>,
        Miroslav Benes <>,
        Evgenii Shatokhin <>,
        Jonathan Corbet <>,
        Masahiro Yamada <>,
        Michal Marek <>,
        Nick Desaulniers <>,
        Herbert Xu <>,
        "David S. Miller" <>,
        Thomas Gleixner <>,
        Will Deacon <>, Ingo Molnar <>,
        Christoph Hellwig <>,
        Dave Hansen <>,
        "H. Peter Anvin" <>,
        Andy Lutomirski <>,
        Arnd Bergmann <>,
        Josh Poimboeuf <>,
        Nathan Chancellor <>,
        Masami Hiramatsu <>,
        Marios Pomonis <>,
        Sami Tolvanen <>,
        "H.J. Lu" <>, Nicolas Pitre <>,,,,,
Subject: Re: [PATCH v10 10/15] FG-KASLR: use a scripted approach to handle .text.* sections

From: Peter Zijlstra <>
Date: Mon, 14 Feb 2022 12:59:35 +0100

> On Mon, Feb 14, 2022 at 12:34:34PM +0100, Alexander Lobakin wrote:
> > Re "won't do" -- sorry for trying to hijack this thread a bit, but
> > did I miss something? The last comments I've read were that LLVM
> > tools need to change their approach for CFI on x86, and Sami went
> > redo it, but I can't recall any "life-time" nacks.
> Won't as in the lclang-cfi as it exists today. And I've understood that
> this CFI model is a keeper. It is true that Sami has been working on an
> alternative KCFI, but the little I can make of this proposal, it
> still needs serious work. Also see here:
> Specifically, I object to the existence of any __*cfi_check_fail symbol
> on the grounds that it will bloat the code (and makes thinking about the
> whole speculation angle more painful than it needs to be).

Ah, I see, thanks! I've been tracking your IBT works, but missed
LKML thread for some reason.
I have no problems in dropping the related lines from my patch.


Powered by blists - more mailing lists