[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <24d4e2f277ecaa435075745817f2bd61@overdrivepizza.com>
Date: Tue, 18 Oct 2022 13:09:25 -0700
From: Joao Moreira <joao@...rdrivepizza.com>
To: Kees Cook <keescook@...omium.org>
Cc: David Laight <David.Laight@...lab.com>,
'Peter Zijlstra' <peterz@...radead.org>, x86@...nel.org,
Sami Tolvanen <samitolvanen@...gle.com>,
linux-kernel@...r.kernel.org, Mark Rutland <mark.rutland@....com>,
Josh Poimboeuf <jpoimboe@...hat.com>
Subject: Re: [PATCH] x86/ibt: Implement FineIBT
On 2022-10-18 10:20, Kees Cook wrote:
> On Tue, Oct 18, 2022 at 08:58:24AM -0700, Joao Moreira wrote:
>> > Does the hash value for kCFI only depend on the function type?
>> > Or is there something like a attribute that can also be included?
>>
>> Hi David -- does this sound like what you are asking about?
>>
>> https://github.com/ClangBuiltLinux/linux/issues/1736
>>
>> If yes, then it is something in our todo list :) I think Sami is
>> handling
>> it.
>
> I was hoping someone with prior experience with Call Graph Detaching to
> solve Transitive Clustering Relaxation[1] could assist? ;)
Hi Kees, thanks for bringing these slides up.
Yeah, I would be glad to help out with automating this sort of analysis.
CGD, as explained in these slides would not help much here, because it
was more of an optimization to reduce the number of allowed targets on
returns (we did not have an almighty shadow stack at the time). Yet
there are lots of other things we might be able to do, both statically
and dynamically. Recent relevant research about this is multi-layer type
analysis [1], which I may find the time to look into more deeply soon.
1 - https://www-users.cse.umn.edu/~kjlu/papers/mlta.pdf
Tks,
Joao
Powered by blists - more mailing lists