From: Peter Zijlstra <peterz@infradead.org>
To: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: X86 ML <x86@kernel.org>, LKML <linux-kernel@vger.kernel.org>,
alyssa.milburn@intel.com, scott.d.constable@intel.com,
Joao Moreira <joao@overdrivepizza.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
Josh Poimboeuf <jpoimboe@kernel.org>,
"Jose E. Marchesi" <jose.marchesi@oracle.com>,
"H.J. Lu" <hjl.tools@gmail.com>,
Nick Desaulniers <ndesaulniers@google.com>,
Sami Tolvanen <samitolvanen@google.com>,
Nathan Chancellor <nathan@kernel.org>,
ojeda@kernel.org, Kees Cook <kees@kernel.org>
Subject: Re: [PATCH 11/14] llvm: kCFI pointer stuff
Date: Mon, 30 Sep 2024 10:27:26 +0200 [thread overview]
Message-ID: <20240930082726.GF5594@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <CAADnVQKQED2pit_DcpDWPuueHH3RLXe4pB++tU888EU=8UrNpA@mail.gmail.com>
On Sun, Sep 29, 2024 at 10:53:05AM -0700, Alexei Starovoitov wrote:
> > + // Extend the kCFI meta-data with a byte that has a bit set for each argument
> > + // register that contains a pointer. Specifically for x86_64, which has 6
> > + // argument registers:
> > + //
> > + // bit0 - rdi
> > + // bit1 - rsi
> > + // bit2 - rdx
> > + // bit3 - rcx
> > + // bit4 - r8
> > + // bit5 - r9
> > + //
> > + // bit6 will denote any pointer on stack (%rsp), and all 7 bits set will
> > + // indicate vararg or any other 'unknown' configuration. Leaving bit7 for
> > + // error states.
> > + //
> > + // XXX: should be conditional on some new x86_64 specific 'bhi' argument.
> > + EmitAndCountInstruction(MCInstBuilder(X86::MOV8ri)
> > + .addReg(X86::AL)
> > + .addImm(getKCFIPointerArgs(F)));
>
> If I'm reading this correctly it will be an 8-bit move which
> doesn't clear upper bits.
> If consumer is in assembly it's ok-ish,
> but it's an argument to __bhi_args_foo functions,
> so should be properly zero extended per call convention.
These kCFI 'instructions' are never executed. Their sole purpose is to
encode the immediates. They are instructions because they live in .text
and having them this way makes disassemly work nicely. As such, we've
taken to using the 1 byte move instruction to carry them with the least
amounts of bytes.
The consumer is the kernel instruction decoder, we take the immediate
and use that.
next prev parent reply other threads:[~2024-09-30 8:27 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-27 19:48 [PATCH 00/14] x86/ibt: FineIBT-BHI Peter Zijlstra
2024-09-27 19:48 ` [PATCH 01/14] x86/cfi: Wreck things Peter Zijlstra
2024-09-27 23:15 ` Josh Poimboeuf
2024-09-28 13:31 ` Peter Zijlstra
2024-09-30 21:42 ` Josh Poimboeuf
2024-09-27 19:48 ` [PATCH 02/14] x86/boot: Mark start_secondary() with __noendbr Peter Zijlstra
2024-09-27 19:48 ` [PATCH 03/14] x86/alternative: Simplify callthunk patching Peter Zijlstra
2024-09-27 23:27 ` Josh Poimboeuf
2024-09-27 19:49 ` [PATCH 04/14] objtool/x86: Add .tail_call_sites Peter Zijlstra
2024-09-27 23:42 ` Josh Poimboeuf
2024-10-09 15:25 ` Peter Zijlstra
2024-10-10 4:55 ` Josh Poimboeuf
2024-09-27 19:49 ` [PATCH 05/14] objtool: Rename the skylake hack to --direct-call Peter Zijlstra
2024-09-27 19:49 ` [PATCH 06/14] x86/traps: Prepare for ENDBR poison UD1 usage Peter Zijlstra
2024-09-27 19:49 ` [PATCH 07/14] x86/ibt: Clean up is_endbr() Peter Zijlstra
2024-09-28 0:04 ` Josh Poimboeuf
2024-09-28 13:08 ` Peter Zijlstra
2024-09-29 17:32 ` Alexei Starovoitov
2024-09-30 8:30 ` Peter Zijlstra
2024-09-30 9:33 ` Peter Zijlstra
2024-09-30 16:43 ` Alexei Starovoitov
2024-09-30 20:58 ` Andrii Nakryiko
2024-09-27 19:49 ` [PATCH 08/14] x86/ibt: Clean up poison_endbr() Peter Zijlstra
2024-09-27 19:49 ` [PATCH 09/14] x86/ibt: Implement IBT+ Peter Zijlstra
2024-09-28 1:07 ` Josh Poimboeuf
2024-09-28 13:12 ` Peter Zijlstra
2024-09-29 17:38 ` Alexei Starovoitov
2024-09-30 8:23 ` Peter Zijlstra
2024-09-30 17:00 ` Alexei Starovoitov
2024-11-05 10:40 ` Peter Zijlstra
2024-09-27 19:49 ` [PATCH 10/14] x86/early_printk: Harden early_serial Peter Zijlstra
2024-09-27 19:49 ` [PATCH 11/14] llvm: kCFI pointer stuff Peter Zijlstra
2024-09-29 17:53 ` Alexei Starovoitov
2024-09-30 8:27 ` Peter Zijlstra [this message]
2024-09-30 16:59 ` Alexei Starovoitov
2024-10-01 10:21 ` Peter Zijlstra
2024-10-02 16:48 ` Alexei Starovoitov
2024-10-30 6:29 ` Constable, Scott D
2024-10-30 20:07 ` Constable, Scott D
2024-09-27 19:49 ` [PATCH 12/14] x86: Hacks for hacked up llvm Peter Zijlstra
2024-09-27 19:49 ` [PATCH 13/14] x86: BHI stubs Peter Zijlstra
2024-09-28 1:37 ` Josh Poimboeuf
2024-09-28 13:23 ` Peter Zijlstra
2024-09-30 21:30 ` Josh Poimboeuf
2024-09-30 21:46 ` Josh Poimboeuf
2024-09-30 22:23 ` Andrew Cooper
2024-09-30 22:38 ` Josh Poimboeuf
2024-09-30 22:52 ` Andrew Cooper
2024-10-01 11:03 ` Peter Zijlstra
2024-10-01 11:20 ` Andrew Cooper
2024-10-03 12:17 ` Peter Zijlstra
2024-10-03 13:59 ` Andrew Cooper
2024-10-14 17:50 ` Constable, Scott D
2024-10-14 21:54 ` Andrew Cooper
2024-10-21 15:06 ` Constable, Scott D
2024-10-29 5:59 ` Joao Moreira
2024-09-27 19:49 ` [PATCH 14/14] x86/fineibt: Add FineIBT+BHI mitigation Peter Zijlstra
2024-09-28 1:50 ` Josh Poimboeuf
2024-09-28 13:16 ` Peter Zijlstra
2024-10-28 5:45 ` Constable, Scott D
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240930082726.GF5594@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=alexei.starovoitov@gmail.com \
--cc=alyssa.milburn@intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=hjl.tools@gmail.com \
--cc=joao@overdrivepizza.com \
--cc=jose.marchesi@oracle.com \
--cc=jpoimboe@kernel.org \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=ojeda@kernel.org \
--cc=samitolvanen@google.com \
--cc=scott.d.constable@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox