RE: [PATCH 0/4] x86/ibt: Implement FineIBT

From: David Laight
Date: Fri Oct 28 2022 - 07:01:20 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH 5.10 00/79] 5.10.151-rc1 review"
Previous message: Jozsef Kadlecsik: "RE: ip_set_hash_netiface"
In reply to: Kees Cook: "Re: [PATCH 2/4] x86/ibt: Implement FineIBT"
Next in thread: Peter Zijlstra: "Re: [PATCH 0/4] x86/ibt: Implement FineIBT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Peter Zijlstra
> Sent: 27 October 2022 10:28
>
> Hi all,
>
> Updated FineIBT series; I've (hopefully) incorporated all feedback from last
> time with the notable exception of the Kconfig CFI default -- I'm not sure we
> want to add to the Kconfig space for this, also what would a distro do with it.
>
> Anyway; please have a look, I'm hoping to merge this soonish so we can make the
> next cycle.

Is there a test to ensure that modules are actually compiled
with the required endbra, function prologue gap (etc).
Having the module load fail is somewhat better than a crash.

It is almost certainly quite easy to generate an out of tree module that
is missing all of those (even if compiled at the same time as the kernel).
(Never mind issues with modules that contain binary blobs.)

David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Next message: Greg Kroah-Hartman: "Re: [PATCH 5.10 00/79] 5.10.151-rc1 review"
Previous message: Jozsef Kadlecsik: "RE: ip_set_hash_netiface"
In reply to: Kees Cook: "Re: [PATCH 2/4] x86/ibt: Implement FineIBT"
Next in thread: Peter Zijlstra: "Re: [PATCH 0/4] x86/ibt: Implement FineIBT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]