From: Peter Zijlstra <peterz@infradead.org>
To: linux-kernel@vger.kernel.org, ojeda@kernel.org
Cc: linux-tip-commits@vger.kernel.org,
Scott Constable <scott.d.constable@intel.com>,
Ingo Molnar <mingo@kernel.org>, Kees Cook <kees@kernel.org>,
x86@kernel.org
Subject: Re: [tip: x86/core] x86/ibt: Implement FineIBT-BHI mitigation
Date: Mon, 10 Mar 2025 09:55:35 +0100 [thread overview]
Message-ID: <20250310085535.GQ31462@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20250226195308.GA29387@noisy.programming.kicks-ass.net>
Ping -- anything I can do the help?
On Wed, Feb 26, 2025 at 08:53:08PM +0100, Peter Zijlstra wrote:
> On Wed, Feb 26, 2025 at 12:54:35PM -0000, tip-bot2 for Peter Zijlstra wrote:
>
> > diff --git a/Makefile b/Makefile
> > index 96407c1..f19431f 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -1014,6 +1014,9 @@ CC_FLAGS_CFI := -fsanitize=kcfi
> > ifdef CONFIG_CFI_ICALL_NORMALIZE_INTEGERS
> > CC_FLAGS_CFI += -fsanitize-cfi-icall-experimental-normalize-integers
> > endif
> > +ifdef CONFIG_FINEIBT_BHI
> > + CC_FLAGS_CFI += -fsanitize-kcfi-arity
> > +endif
> > ifdef CONFIG_RUST
> > # Always pass -Zsanitizer-cfi-normalize-integers as CONFIG_RUST selects
> > # CONFIG_CFI_ICALL_NORMALIZE_INTEGERS.
> > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
> > index c4175f4..5c27726 100644
> > --- a/arch/x86/Kconfig
> > +++ b/arch/x86/Kconfig
> > @@ -2473,6 +2473,10 @@ config CC_HAS_RETURN_THUNK
> > config CC_HAS_ENTRY_PADDING
> > def_bool $(cc-option,-fpatchable-function-entry=16,16)
> >
> > +config CC_HAS_KCFI_ARITY
> > + def_bool $(cc-option,-fsanitize=kcfi -fsanitize-kcfi-arity)
> > + depends on CC_IS_CLANG && !RUST
> > +
>
> Miguel, can we work on fixing that !RUST dep?
>
> > config FUNCTION_PADDING_CFI
> > int
> > default 59 if FUNCTION_ALIGNMENT_64B
> > @@ -2498,6 +2502,10 @@ config FINEIBT
> > depends on X86_KERNEL_IBT && CFI_CLANG && MITIGATION_RETPOLINE
> > select CALL_PADDING
> >
> > +config FINEIBT_BHI
> > + def_bool y
> > + depends on FINEIBT && CC_HAS_KCFI_ARITY
> > +
> > config HAVE_CALL_THUNKS
> > def_bool y
> > depends on CC_HAS_ENTRY_PADDING && MITIGATION_RETHUNK && OBJTOOL
next prev parent reply other threads:[~2025-03-10 8:55 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-24 12:37 [PATCH v4 00/10] x86/ibt: FineIBT-BHI Peter Zijlstra
2025-02-24 12:37 ` [PATCH v4 01/10] x86/cfi: Add warn option Peter Zijlstra
2025-02-24 18:57 ` Kees Cook
2025-02-26 10:54 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2025-02-26 12:04 ` [tip: x86/core] x86/cfi: Add 'cfi=warn' boot option tip-bot2 for Peter Zijlstra
2025-02-24 12:37 ` [PATCH v4 02/10] x86/ibt: Add exact_endbr() helper Peter Zijlstra
2025-02-26 10:54 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2025-02-26 12:04 ` tip-bot2 for Peter Zijlstra
2025-02-24 12:37 ` [PATCH v4 03/10] x86/traps: Decode 0xEA #UD Peter Zijlstra
2025-02-24 18:58 ` Kees Cook
2025-02-26 10:54 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2025-02-26 12:04 ` [tip: x86/core] x86/traps: Decode 0xEA instructions as #UD tip-bot2 for Peter Zijlstra
2025-02-24 12:37 ` [PATCH v4 04/10] x86/traps: Allow custom fixups in handle_bug() Peter Zijlstra
2025-02-24 18:59 ` Kees Cook
2025-02-25 8:54 ` Peter Zijlstra
2025-02-26 10:54 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2025-02-26 12:04 ` tip-bot2 for Peter Zijlstra
2025-02-24 12:37 ` [PATCH v4 05/10] x86/ibt: Optimize FineIBT sequence Peter Zijlstra
2025-02-26 10:54 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2025-02-26 12:04 ` [tip: x86/core] x86/ibt: Optimize the FineIBT instruction sequence tip-bot2 for Peter Zijlstra
2025-02-24 12:37 ` [PATCH v4 06/10] x86/traps: Decode LOCK Jcc.d8 #UD Peter Zijlstra
2025-02-24 21:46 ` David Laight
2025-02-25 18:33 ` Kees Cook
2025-02-26 10:54 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2025-02-26 12:04 ` [tip: x86/core] x86/traps: Decode LOCK Jcc.d8 as #UD tip-bot2 for Peter Zijlstra
2025-02-24 12:37 ` [PATCH v4 07/10] x86/ibt: Add paranoid FineIBT mode Peter Zijlstra
2025-02-24 19:00 ` Kees Cook
2025-02-26 10:54 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2025-02-26 12:04 ` tip-bot2 for Peter Zijlstra
2025-02-24 12:37 ` [PATCH v4 08/10] x86: BHI stubs Peter Zijlstra
2025-02-24 19:01 ` Kees Cook
2025-02-25 8:52 ` Peter Zijlstra
2025-02-25 18:31 ` Kees Cook
2025-02-26 10:54 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2025-02-26 12:04 ` [tip: x86/core] x86/bhi: Add " tip-bot2 for Peter Zijlstra
2025-02-26 12:54 ` tip-bot2 for Peter Zijlstra
2025-02-24 12:37 ` [PATCH v4 09/10] x86/ibt: Implement FineIBT-BHI mitigation Peter Zijlstra
2025-02-25 9:12 ` Peter Zijlstra
2025-02-26 0:04 ` Constable, Scott D
2025-02-26 10:54 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2025-02-26 12:04 ` tip-bot2 for Peter Zijlstra
2025-02-26 12:54 ` tip-bot2 for Peter Zijlstra
2025-02-26 19:53 ` Peter Zijlstra
2025-03-10 8:55 ` Peter Zijlstra [this message]
2025-03-10 16:00 ` Miguel Ojeda
2025-03-10 16:02 ` Peter Zijlstra
2025-03-11 19:09 ` Ramon de C Valle
2025-03-11 19:41 ` Miguel Ojeda
2025-03-11 20:23 ` Ramon de C Valle
2025-03-12 9:16 ` Peter Zijlstra
2025-03-12 11:36 ` Miguel Ojeda
2025-03-19 0:04 ` Nathan Chancellor
2025-02-24 12:37 ` [PATCH v4 10/10] x86/ibt: Optimize fineibt-bhi arity 1 case Peter Zijlstra
2025-02-26 10:54 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2025-02-26 12:04 ` [tip: x86/core] x86/ibt: Optimize the " tip-bot2 for Peter Zijlstra
2025-02-26 12:54 ` tip-bot2 for Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250310085535.GQ31462@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-tip-commits@vger.kernel.org \
--cc=mingo@kernel.org \
--cc=ojeda@kernel.org \
--cc=scott.d.constable@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.