| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 31 Oct 2021 21:09:46 +0100
From: Peter Zijlstra <peterz@...radead.org>
To: Ard Biesheuvel <ardb@...nel.org>
Cc: Sami Tolvanen <samitolvanen@...gle.com>,
Mark Rutland <mark.rutland@....com>, X86 ML <x86@...nel.org>,
Kees Cook <keescook@...omium.org>,
Josh Poimboeuf <jpoimboe@...hat.com>,
Nathan Chancellor <nathan@...nel.org>,
Nick Desaulniers <ndesaulniers@...gle.com>,
Sedat Dilek <sedat.dilek@...il.com>,
Steven Rostedt <rostedt@...dmis.org>,
linux-hardening@...r.kernel.org,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
llvm@...ts.linux.dev
Subject: Re: [PATCH] static_call,x86: Robustify trampoline patching
On Sun, Oct 31, 2021 at 05:44:04PM +0100, Ard Biesheuvel wrote:
> > Is is also a terriblly gross hack. I really want the clang-cfi stuff to
> > improve, not add layers of hacks on top of it.
>
> I'm just as annoyed as you are about the apparent need for this.
> However, emitting an alias at build time is far better IMHO than
> adding a magic byte sequence and having to check it at runtime.
Oh, I'm keeping that magic sequence :-) That's hardening in general, and
I don't want to ever want to debug a wrong poke like that again.
Adding an extra label fixes this thing, but there's still the other
cases where we need/want/desire a *real* function pointer.
I'm very close to saying that anything that mucks up function pointers
like this is a complete non-starter. Let's start re-start this whole CFI
endeavour from the start.
Powered by blists - more mailing lists