| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20240928131602.GC19439@noisy.programming.kicks-ass.net>
Date: Sat, 28 Sep 2024 15:16:02 +0200
From: Peter Zijlstra <peterz@...radead.org>
To: Josh Poimboeuf <jpoimboe@...nel.org>
Cc: x86@...nel.org, linux-kernel@...r.kernel.org, alyssa.milburn@...el.com,
scott.d.constable@...el.com, joao@...rdrivepizza.com,
andrew.cooper3@...rix.com, jose.marchesi@...cle.com,
hjl.tools@...il.com, ndesaulniers@...gle.com,
samitolvanen@...gle.com, nathan@...nel.org, ojeda@...nel.org,
kees@...nel.org, alexei.starovoitov@...il.com
Subject: Re: [PATCH 14/14] x86/fineibt: Add FineIBT+BHI mitigation
On Fri, Sep 27, 2024 at 06:50:06PM -0700, Josh Poimboeuf wrote:
> On Fri, Sep 27, 2024 at 09:49:10PM +0200, Peter Zijlstra wrote:
> > @@ -1190,6 +1214,8 @@ static __init int cfi_parse_cmdline(char
> > cfi_mode = CFI_KCFI;
> > } else if (!strcmp(str, "fineibt")) {
> > cfi_mode = CFI_FINEIBT;
> > + } else if (IS_ENABLED(CONFIG_X86_KERNEL_IBT_PLUS) && !strcmp(str, "fineibt+bhi")) {
> > + cfi_mode = CFI_FINEIBT_BHI;
> > } else if (!strcmp(str, "norand")) {
> > cfi_rand = false;
> > } else {
>
> Do we need to hook this in with bugs.c somehow so it skips the other BHI
> mitigations?
Yeah.. those didn't exist when I started this code :-) But yeah, once we
get to the point of doing this patch for real -- the compiler(s) have
the required features implemented properly and everyrhing, this should
be hooked up better.
Powered by blists - more mailing lists