From: Peter Zijlstra <peterz@infradead.org>
To: x86@kernel.org
Cc: linux-kernel@vger.kernel.org, alyssa.milburn@intel.com,
scott.d.constable@intel.com, joao@overdrivepizza.com,
andrew.cooper3@citrix.com, jpoimboe@kernel.org,
jose.marchesi@oracle.com, hjl.tools@gmail.com,
ndesaulniers@google.com, samitolvanen@google.com,
nathan@kernel.org, ojeda@kernel.org, kees@kernel.org,
alexei.starovoitov@gmail.com, mhiramat@kernel.org, jmill@asu.edu
Subject: Re: [PATCH v3 00/10] x86/ibt: FineIBT-BHI
Date: Thu, 20 Feb 2025 12:27:10 +0100 [thread overview]
Message-ID: <20250220112710.GK34567@noisy.programming.kicks-ass.net> (raw)
In-Reply-To: <20250219162107.880673196@infradead.org>
On Wed, Feb 19, 2025 at 05:21:07PM +0100, Peter Zijlstra wrote:
> Hi all!
>
> Having landed much of the previous series in tip/x86/core, I was hoping for an
> easy time landing the final two patches.. alas.
>
> This whole FineIBT SYSCALL pivot thing showed up, which got me to develop the
> paranoid FineIBT variant. And because testing I added a cfi=warn knob, and then
> I migrated bhi to an option etc..
>
> Then just as I was to post this stuff, Scott out-nerds me with a whole new
> instruction sequence. Which got me to rework the entire pile once again, and
> it is now another 10 patches again :/
>
> Anyway, be warned, Scott loves overlapping instructions.
>
> This is tested with:
>
> cfi=fineibt,warn
> cfi=fineibt,warn,paranoid
> cfi=fineibt,warn,bhi
> cfi=fineibt,warn,paranoid,bhi
> cfi=fineibt,paranoid,bhi
>
> Also note that LKDTM's CFI_FORWARD_PROTO test will do a double splat for
> paranoid in warn/permissive mode, since both the caller and callee hash check
> will fail.
>
> Also available at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/fineibt-bhi2
I've updated this tree with the latest version of the patches.
Notably, Kees, I've not taken your Reviewed-by tag for patches that saw
significant rework -- even when in response to your own feedback :)
(ud_type propagation is now gone)
I'll repost in a few days, to give people a chance to catch up.
prev parent reply other threads:[~2025-02-20 11:27 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-19 16:21 [PATCH v3 00/10] x86/ibt: FineIBT-BHI Peter Zijlstra
2025-02-19 16:21 ` [PATCH v3 01/10] x86/cfi: Add warn option Peter Zijlstra
2025-02-19 17:50 ` Kees Cook
2025-02-19 17:56 ` Peter Zijlstra
2025-02-19 16:21 ` [PATCH v3 02/10] x86/ibt: Add exact_endbr() helper Peter Zijlstra
2025-02-19 17:51 ` Kees Cook
2025-02-19 16:21 ` [PATCH v3 03/10] x86/traps: Decode 0xEA #UD Peter Zijlstra
2025-02-19 16:47 ` Andrew Cooper
2025-02-19 16:49 ` Peter Zijlstra
2025-02-19 17:52 ` Kees Cook
2025-02-19 16:21 ` [PATCH v3 04/10] x86/traps: Allow custom fixups in handle_bug() Peter Zijlstra
2025-02-19 17:55 ` Kees Cook
2025-02-19 18:17 ` Peter Zijlstra
2025-02-19 16:21 ` [PATCH v3 05/10] x86/ibt: Optimize FineIBT sequence Peter Zijlstra
2025-02-19 17:15 ` Andrew Cooper
2025-02-20 18:28 ` Constable, Scott D
2025-02-19 18:01 ` Kees Cook
2025-02-19 18:18 ` Peter Zijlstra
2025-02-19 18:23 ` Kees Cook
2025-02-19 16:21 ` [PATCH v3 06/10] x86/traps: Decode LOCK Jcc.d8 #UD Peter Zijlstra
2025-02-19 16:45 ` Peter Zijlstra
2025-02-19 18:20 ` Kees Cook
2025-02-19 18:33 ` Peter Zijlstra
2025-02-19 19:44 ` Peter Zijlstra
2025-02-19 16:21 ` [PATCH v3 07/10] x86/ibt: Add paranoid FineIBT mode Peter Zijlstra
2025-02-19 17:31 ` Andrew Cooper
2025-02-19 20:07 ` Peter Zijlstra
2025-02-21 13:40 ` David Laight
2025-02-19 18:05 ` Kees Cook
2025-02-19 16:21 ` [PATCH v3 08/10] x86: BHI stubs Peter Zijlstra
2025-02-19 18:07 ` Kees Cook
2025-02-19 18:07 ` Peter Zijlstra
2025-02-19 16:21 ` [PATCH v3 09/10] x86/ibt: Implement FineIBT-BHI mitigation Peter Zijlstra
2025-02-19 18:11 ` Kees Cook
2025-02-19 16:21 ` [PATCH v3 10/10] x86/ibt: Optimize fineibt-bhi arity 1 case Peter Zijlstra
2025-02-19 18:21 ` Kees Cook
2025-02-19 17:36 ` [PATCH v3 00/10] x86/ibt: FineIBT-BHI Kees Cook
2025-02-20 11:27 ` Peter Zijlstra [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250220112710.GK34567@noisy.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=alexei.starovoitov@gmail.com \
--cc=alyssa.milburn@intel.com \
--cc=andrew.cooper3@citrix.com \
--cc=hjl.tools@gmail.com \
--cc=jmill@asu.edu \
--cc=joao@overdrivepizza.com \
--cc=jose.marchesi@oracle.com \
--cc=jpoimboe@kernel.org \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mhiramat@kernel.org \
--cc=nathan@kernel.org \
--cc=ndesaulniers@google.com \
--cc=ojeda@kernel.org \
--cc=samitolvanen@google.com \
--cc=scott.d.constable@intel.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox