| Message ID | 20230622144218.860926475@infradead.org |
|---|---|
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:994d:0:b0:3d9:f83d:47d9 with SMTP id k13csp5129815vqr;
Thu, 22 Jun 2023 07:59:47 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ5Kl9GMo9LQOu+cvbxlmHAt7lV1fmyiy00iyvqN9iCgackcZcXTk9AjXDhGm5kmRq9HG90/
X-Received: by 2002:a17:90a:1903:b0:259:45bc:e6b5 with SMTP id
3-20020a17090a190300b0025945bce6b5mr11503176pjg.44.1687445987273;
Thu, 22 Jun 2023 07:59:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1687445987; cv=none;
d=google.com; s=arc-20160816;
b=l89ZB8CeolB/RaAim1jbtrCZZwX8bReF1VxxQCoEx6TJhyofBBmqi66GyF8J6g9Dfw
erqIhUPSifcx9s3PnYefue+8Nk0W+v0Z7l3/wC2JEUe82N9lk8qrxzzuohW4skeP/qcQ
VEftnXAhvPL3gwxtZVhtzT2mBErYdFoBcrO4yiuG3B4DQz9hZJscDYp/ADjdUva6v/Na
bdYNHHyGcykJJmA1Ar3foxefdKfdbrJWgvLj95ZPNF9lyanFMxZOX4Ock8OqS+sRHUfW
kI/7VOiF4tE6Iz3ML3CLv8iYkoo+7TCL3fLjibCFvU43V00ZjBETVJIcbYf1xylRH/iJ
eoAQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:subject:cc:to:from:date:user-agent:message-id
:dkim-signature;
bh=3zCtZL++1WgaB4Gv5cJATiTI7lJGqHZ+IYowywDRpSk=;
b=V6Y2LiNVGwbIf3e4ExNAHHTL5J6f0iPrfE4DJ0FP21EeWixXE48ZFUy44sK6ON9pm/
gFaKoTUVMOfMmbbH/F2z1vJAmZAA8B/apffHgIVxfFNS4D71QezdKfvBzhHX2MLPoTtB
aPAeiK06q1ELJFJRfDkXnEzQf6QxPVfRN8Pym4kUDaoetmuBi+7QROXt4ip1leWeErju
KjusknNGDqi8DXuYm/obVP1UyqIlEOBanp0M2geF3iHQPukBYDv4TVgY1MpLj58c8yT1
wv1BnnhCKlDrJgPSAGxvX92lU8+JYRFEfKTkPW+FEROzjkdVoxfBIeeEhauYi3A4C5dP
kVFw==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@infradead.org header.s=casper.20170209
header.b=O4SvgdVG;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
u132-20020a63798a000000b0053ef0ac79c8si1960462pgc.263.2023.06.22.07.59.34;
Thu, 22 Jun 2023 07:59:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@infradead.org header.s=casper.20170209
header.b=O4SvgdVG;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231935AbjFVOuo (ORCPT <rfc822;duw91626@gmail.com> + 99 others);
Thu, 22 Jun 2023 10:50:44 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56146 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S231834AbjFVOug (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 22 Jun 2023 10:50:36 -0400
Received: from casper.infradead.org (casper.infradead.org
[IPv6:2001:8b0:10b:1236::1])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C01FA10F4
for <linux-kernel@vger.kernel.org>;
Thu, 22 Jun 2023 07:50:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=infradead.org; s=casper.20170209;
h=Subject:Cc:To:From:Date:Message-ID:
Sender:Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding:
Content-ID:Content-Description:In-Reply-To:References;
bh=3zCtZL++1WgaB4Gv5cJATiTI7lJGqHZ+IYowywDRpSk=;
b=O4SvgdVGwj7hPJaGkYWRVMgtlw
0ifE1Cd9WhEuurwxhb/wAJlcJNvPj9G0YAayahj6B7TG5I47WLWdKDyekkzzI1uz9jRM4pkk6innx
CP/FU8qzHPJasyY/u55C0cmwD54I+z83lN8Dax9M1+3pppIsFQgjQXq2eEFgRX6WijxJ3hHdFgDPi
HqEbFU0PgyK7m4DaT3IwnuFpXnci9B1p6k/aontkyBkGIpSp2xkRTU2+E3IF+drXScOfX/MxmEoLr
7BkfKQrNcezqjKvfrsmoqRqtFUDYqeUSFLfjaABL10G3A0yxhFbdHyPeKeRnaMybCXUk1WSOOy8wk
Z8dlVIwQ==;
Received: from j130084.upc-j.chello.nl ([24.132.130.84]
helo=noisy.programming.kicks-ass.net)
by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux))
id 1qCLdh-00FgfD-Ru; Thu, 22 Jun 2023 14:50:26 +0000
Received: from hirez.programming.kicks-ass.net
(hirez.programming.kicks-ass.net [192.168.1.225])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits)
server-digest SHA256)
(Client did not present a certificate)
by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id
29F5B3002F0;
Thu, 22 Jun 2023 16:50:24 +0200 (CEST)
Received: by hirez.programming.kicks-ass.net (Postfix, from userid 0)
id 11127209D8B3A; Thu, 22 Jun 2023 16:50:24 +0200 (CEST)
Message-ID: <20230622144218.860926475@infradead.org>
User-Agent: quilt/0.66
Date: Thu, 22 Jun 2023 16:42:18 +0200
From: Peter Zijlstra <peterz@infradead.org>
To: x86@kernel.org, alyssa.milburn@linux.intel.com
Cc: linux-kernel@vger.kernel.org, peterz@infradead.org,
samitolvanen@google.com, keescook@chromium.org,
jpoimboe@kernel.org, joao@overdrivepizza.com, brgerst@gmail.com
Subject: [PATCH v2 0/6] x86/cfi: Fix FineIBT
X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE,
SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no
version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1769415363349744452?=
X-GMAIL-MSGID: =?utf-8?q?1769415363349744452?=
|
| Series |
x86/cfi: Fix FineIBT
|
|
Message
Peter Zijlstra
June 22, 2023, 2:42 p.m. UTC
Hi! Alyssa reported a FineIBT issue (patch 6) which led to the discovery of a kCFI issue (patch 5) and a bunch of cleanups and enhancements (the rest). Backports can probably suffice with just the last two. Much thanks to Brian for the better ret_from_fork() cleanup. Tested using llvm-16 on an Alderlake with both FineIBT and kCFI. Also available at: git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/urgent (I'm aiming for the merge window, not this cycle) v1: https://lkml.kernel.org/r/20230615193546.949657149@infradead.org --- arch/um/kernel/um_arch.c | 2 +- arch/x86/entry/entry_32.S | 54 +++++++--------------------- arch/x86/entry/entry_64.S | 35 ++++++------------ arch/x86/include/asm/alternative.h | 2 +- arch/x86/include/asm/ibt.h | 2 +- arch/x86/include/asm/nospec-branch.h | 4 +++ arch/x86/include/asm/switch_to.h | 4 ++- arch/x86/kernel/alternative.c | 69 +++++++++++++++++++++++++++++++++--- arch/x86/kernel/module.c | 2 +- arch/x86/kernel/process.c | 22 +++++++++++- 10 files changed, 120 insertions(+), 76 deletions(-)
Comments
On Thu, Jun 22, 2023 at 04:42:18PM +0200, Peter Zijlstra wrote: > Alyssa reported a FineIBT issue (patch 6) which led to the discovery of > a kCFI issue (patch 5) and a bunch of cleanups and enhancements (the > rest). > > Backports can probably suffice with just the last two. > > Much thanks to Brian for the better ret_from_fork() cleanup. > > Tested using llvm-16 on an Alderlake with both FineIBT and kCFI. Thanks! This looks really nice. For the series: Reviewed-by: Kees Cook <keescook@chromium.org>
On Thu, Jun 22, 2023 at 7:50 AM Peter Zijlstra <peterz@infradead.org> wrote: > > Hi! > > Alyssa reported a FineIBT issue (patch 6) which led to the discovery of > a kCFI issue (patch 5) and a bunch of cleanups and enhancements (the > rest). > > Backports can probably suffice with just the last two. > > Much thanks to Brian for the better ret_from_fork() cleanup. This version looks even better, thanks! Reviewed-by: Sami Tolvanen <samitolvanen@google.com> Sami