Re: [PATCH] x86/ibt: Implement FineIBT

From: Kees Cook
Date: Wed Oct 19 2022 - 01:15:09 EST

Next message: Kees Cook: "Re: [PATCH] x86/ibt: Implement FineIBT"
Previous message: Jason Wang: "Re: [PATCH 3/4] vdpa/mlx5: Add debugfs subtree"
In reply to: Peter Zijlstra: "Re: [PATCH] x86/ibt: Implement FineIBT"
Next in thread: Peter Zijlstra: "Re: [PATCH] x86/ibt: Implement FineIBT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 18, 2022 at 09:56:36PM +0200, Peter Zijlstra wrote:
> On Tue, Oct 18, 2022 at 11:09:13AM -0700, Kees Cook wrote:
> > > +config FINEIBT
> > > + def_bool y
> > > + depends on X86_KERNEL_IBT && CFI_CLANG
> > > + select CALL_PADDING
> >
> > To that end, can we please make this a prompted choice?
>
> How about something like so instead?

/me throws a party :)

I can imagine the case where someone will want a CONFIG to choose the
default, but yes, I love it. Thank you!

For example:

enum cfi_mode {
CFI_OFF = 0,
CFI_KCFI = 1,
CFI_FINEIBT = 2,
};

#define CFI_DEFAULT CONFIG_CFI_MODE

choice
prompt "CFI mode" if expert
default CFI_MODE_FINEIBT

config CFI_MODE_FINEIBT
bool "FineIBT"
config CFI_MODE_KCFI
bool "kCFI"
config CFI_MODE_OFF
bool "CFI disabled"
endchoice

config CFI_MODE
int
default "0" if CFI_MODE_OFF
default "1" if CFI_MODE_KCFI
default "2"

--
Kees Cook

Next message: Kees Cook: "Re: [PATCH] x86/ibt: Implement FineIBT"
Previous message: Jason Wang: "Re: [PATCH 3/4] vdpa/mlx5: Add debugfs subtree"
In reply to: Peter Zijlstra: "Re: [PATCH] x86/ibt: Implement FineIBT"
Next in thread: Peter Zijlstra: "Re: [PATCH] x86/ibt: Implement FineIBT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]