Re: [PATCH 15/29] x86: Disable IBT around firmware

From: Kees Cook
Date: Mon Feb 21 2022 - 10:55:04 EST

Next message: Maciej W. Rozycki: "Re: [PATCH v3 2/2] serial: 8250: Add proper clock handling for OxSemi PCIe devices"
Previous message: Matthew Wilcox: "Re: [PATCH 3/5] mm/slab: Do not call kmalloc_large() for unsupported size"
In reply to: Peter Zijlstra: "Re: [PATCH 15/29] x86: Disable IBT around firmware"
Next in thread: Peter Zijlstra: "Re: [PATCH 15/29] x86: Disable IBT around firmware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On February 21, 2022 2:06:15 AM PST, Peter Zijlstra <peterz@xxxxxxxxxxxxx> wrote:
>
>Could you trim replies so that I can actually find what you write?

Sorry, yes; I was on my phone where the interface is awkward.

>On Mon, Feb 21, 2022 at 12:27:20AM -0800, Kees Cook wrote:
>> Please make these both __always_inline so there no risk of them ever gaining ENDBRs and being used by ROP to disable IBT...
>
>Either that or mark them __noendbr. The below seems to work.
>
>Do we have a preference?

Ah yeah, that works for me.

A small bike shed: should __noendbr have an alias, like __never_indirect or something, so there is an arch-agnostic way to do this that actually says what it does? (yes, it's in x86-only code now, hence the bike shed...)

-Kees

--
Kees Cook

Next message: Maciej W. Rozycki: "Re: [PATCH v3 2/2] serial: 8250: Add proper clock handling for OxSemi PCIe devices"
Previous message: Matthew Wilcox: "Re: [PATCH 3/5] mm/slab: Do not call kmalloc_large() for unsupported size"
In reply to: Peter Zijlstra: "Re: [PATCH 15/29] x86: Disable IBT around firmware"
Next in thread: Peter Zijlstra: "Re: [PATCH 15/29] x86: Disable IBT around firmware"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]