| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250219162107.880673196@infradead.org> Date: Wed, 19 Feb 2025 17:21:07 +0100 From: Peter Zijlstra <peterz@...radead.org> To: x86@...nel.org Cc: linux-kernel@...r.kernel.org, peterz@...radead.org, alyssa.milburn@...el.com, scott.d.constable@...el.com, joao@...rdrivepizza.com, andrew.cooper3@...rix.com, jpoimboe@...nel.org, jose.marchesi@...cle.com, hjl.tools@...il.com, ndesaulniers@...gle.com, samitolvanen@...gle.com, nathan@...nel.org, ojeda@...nel.org, kees@...nel.org, alexei.starovoitov@...il.com, mhiramat@...nel.org, jmill@....edu Subject: [PATCH v3 00/10] x86/ibt: FineIBT-BHI Hi all! Having landed much of the previous series in tip/x86/core, I was hoping for an easy time landing the final two patches.. alas. This whole FineIBT SYSCALL pivot thing showed up, which got me to develop the paranoid FineIBT variant. And because testing I added a cfi=warn knob, and then I migrated bhi to an option etc.. Then just as I was to post this stuff, Scott out-nerds me with a whole new instruction sequence. Which got me to rework the entire pile once again, and it is now another 10 patches again :/ Anyway, be warned, Scott loves overlapping instructions. This is tested with: cfi=fineibt,warn cfi=fineibt,warn,paranoid cfi=fineibt,warn,bhi cfi=fineibt,warn,paranoid,bhi cfi=fineibt,paranoid,bhi Also note that LKDTM's CFI_FORWARD_PROTO test will do a double splat for paranoid in warn/permissive mode, since both the caller and callee hash check will fail. Also available at: git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/fineibt-bhi2 Previous version at: https://lkml.kernel.org/r/20250207121529.222723073@infradead.org Paranoid discussion at: https://lkml.kernel.org/r/20250215210729.GA25168@noisy.programming.kicks-ass.net --- Makefile | 3 + arch/x86/Kconfig | 8 + arch/x86/include/asm/bug.h | 3 + arch/x86/include/asm/cfi.h | 19 ++- arch/x86/include/asm/ibt.h | 4 + arch/x86/kernel/alternative.c | 363 +++++++++++++++++++++++++++++++++++++----- arch/x86/kernel/cfi.c | 18 ++- arch/x86/kernel/traps.c | 46 +++++- arch/x86/lib/Makefile | 3 +- arch/x86/lib/bhi.S | 146 +++++++++++++++++ arch/x86/net/bpf_jit_comp.c | 30 ++-- 11 files changed, 579 insertions(+), 64 deletions(-)
Powered by blists - more mailing lists