Re: [PATCH] x86/ibt: Implement FineIBT

From: Peter Zijlstra
Date: Tue Oct 18 2022 - 17:09:43 EST

Next message: Andy Shevchenko: "Re: [PATCH] wifi: rt2x00: use explicitly signed type for clamping"
Previous message: Andrew Morton: "Re: [PATCH] wifi: rt2x00: use explicitly signed type for clamping"
In reply to: Peter Zijlstra: "Re: [PATCH] x86/ibt: Implement FineIBT"
Next in thread: Kees Cook: "Re: [PATCH] x86/ibt: Implement FineIBT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 18, 2022 at 09:59:02PM +0200, Peter Zijlstra wrote:

> @@ -732,6 +734,8 @@ static __init int cfi_parse_cmdline(char
> cfi_mode = CFI_KCFI;
> } else if (!strcmp(str, "fineibt")) {
> cfi_mode = CFI_FINEIBT;
> + } else if (!strcmp(str, "norand")) {
> + cfi_rand = false;
> } else {
> pr_err("Ignoring unknown cfi option (%s).", str);
> }

Plus so I suppose, otherwise it'll still randomize the hashes even if it
then leaves the whole thing disabled, which seems a bit daft :-)

Index: linux-2.6/arch/x86/kernel/alternative.c
===================================================================
--- linux-2.6.orig/arch/x86/kernel/alternative.c
+++ linux-2.6/arch/x86/kernel/alternative.c
@@ -730,6 +730,7 @@ static __init int cfi_parse_cmdline(char
cfi_mode = CFI_DEFAULT;
} else if (!strcmp(str, "off")) {
cfi_mode = CFI_OFF;
+ cfi_rand = false;
} else if (!strcmp(str, "kcfi")) {
cfi_mode = CFI_KCFI;
} else if (!strcmp(str, "fineibt")) {

Next message: Andy Shevchenko: "Re: [PATCH] wifi: rt2x00: use explicitly signed type for clamping"
Previous message: Andrew Morton: "Re: [PATCH] wifi: rt2x00: use explicitly signed type for clamping"
In reply to: Peter Zijlstra: "Re: [PATCH] x86/ibt: Implement FineIBT"
Next in thread: Kees Cook: "Re: [PATCH] x86/ibt: Implement FineIBT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]