Re: [PATCH] x86/ibt: Implement FineIBT

From: Kees Cook
Date: Wed Oct 19 2022 - 01:16:22 EST

Next message: Slade Watkins: "Re: BISECT result: 6.0.0-RC kernels trigger Firefox snap bug with 6.0.0-rc3 through 6.0.0-rc7"
Previous message: Kees Cook: "Re: [PATCH] x86/ibt: Implement FineIBT"
In reply to: Kees Cook: "Re: [PATCH] x86/ibt: Implement FineIBT"
Next in thread: Peter Zijlstra: "Re: [PATCH] x86/ibt: Implement FineIBT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Oct 18, 2022 at 10:09:23PM +0200, Peter Zijlstra wrote:
> On Tue, Oct 18, 2022 at 11:09:13AM -0700, Kees Cook wrote:
>
> > > +#ifdef CONFIG_FINEIBT
> > > +/*
> > > + * kCFI FineIBT
> > > + *
> > > + * __cfi_\func: __cfi_\func:
> > > + * movl $0x12345678,%eax endbr64 // 4
> >
> > kCFI emits endbr64 here first too ...
> >
> > > + * nop subl $0x12345678,%r10d // 7
> > > + * nop jz 1f // 2
> > > + * nop ud2 // 2
> > > + * nop 1: nop // 1
> > > + * nop
> > > + * nop
> > > + * nop
> > > + * nop
> > > + * nop
> > > + * nop
> > > + * nop
>
> It does not; it does emit ENDBR at the start of the regular symbol
> though:

Oh duh, sorry, yes.

--
Kees Cook

Next message: Slade Watkins: "Re: BISECT result: 6.0.0-RC kernels trigger Firefox snap bug with 6.0.0-rc3 through 6.0.0-rc7"
Previous message: Kees Cook: "Re: [PATCH] x86/ibt: Implement FineIBT"
In reply to: Kees Cook: "Re: [PATCH] x86/ibt: Implement FineIBT"
Next in thread: Peter Zijlstra: "Re: [PATCH] x86/ibt: Implement FineIBT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]