Re: [PATCH v3 07/10] x86/ibt: Add paranoid FineIBT mode

From: Kees Cook
Date: Wed Feb 19 2025 - 13:06:14 EST

Next message: Bart Van Assche: "Re: [PATCH] scsi: fix missing lock protection"
Previous message: Mario Limonciello: "Re: [PATCH v3 17/18] cpufreq/amd-pstate: Rework CPPC enabling"
In reply to: David Laight: "Re: [PATCH v3 07/10] x86/ibt: Add paranoid FineIBT mode"
Next in thread: Peter Zijlstra: "[PATCH v3 01/10] x86/cfi: Add warn option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Feb 19, 2025 at 05:21:14PM +0100, Peter Zijlstra wrote:
> Due to concerns about circumvention attacks against FineIBT on 'naked'
> ENDBR, add an additional caller side hash check to FineIBT. This
> should make it impossible to pivot over such a 'naked' ENDBR
> instruction at the cost of an additional load.
>
> The specific pivot reported was against the SYSCALL entry site and
> FRED will have all those holes fixed up.
>
> This specific fineibt_paranoid_start[] sequence was concocted by
> Scott.
>
> Reported-by: Jennifer Miller <jmill@xxxxxxx>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>

With patch 6's misplaced chunk moved, looks good:

Reviewed-by: Kees Cook <kees@xxxxxxxxxx>

--
Kees Cook

Next message: Bart Van Assche: "Re: [PATCH] scsi: fix missing lock protection"
Previous message: Mario Limonciello: "Re: [PATCH v3 17/18] cpufreq/amd-pstate: Rework CPPC enabling"
In reply to: David Laight: "Re: [PATCH v3 07/10] x86/ibt: Add paranoid FineIBT mode"
Next in thread: Peter Zijlstra: "[PATCH v3 01/10] x86/cfi: Add warn option"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]