Re: [PATCH v3 00/10] x86/ibt: FineIBT-BHI
From: Peter Zijlstra
Date: Thu Feb 20 2025 - 06:29:32 EST
On Wed, Feb 19, 2025 at 05:21:07PM +0100, Peter Zijlstra wrote:
> Hi all!
>
> Having landed much of the previous series in tip/x86/core, I was hoping for an
> easy time landing the final two patches.. alas.
>
> This whole FineIBT SYSCALL pivot thing showed up, which got me to develop the
> paranoid FineIBT variant. And because testing I added a cfi=warn knob, and then
> I migrated bhi to an option etc..
>
> Then just as I was to post this stuff, Scott out-nerds me with a whole new
> instruction sequence. Which got me to rework the entire pile once again, and
> it is now another 10 patches again :/
>
> Anyway, be warned, Scott loves overlapping instructions.
>
> This is tested with:
>
> cfi=fineibt,warn
> cfi=fineibt,warn,paranoid
> cfi=fineibt,warn,bhi
> cfi=fineibt,warn,paranoid,bhi
> cfi=fineibt,paranoid,bhi
>
> Also note that LKDTM's CFI_FORWARD_PROTO test will do a double splat for
> paranoid in warn/permissive mode, since both the caller and callee hash check
> will fail.
>
> Also available at:
>
> git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/fineibt-bhi2
I've updated this tree with the latest version of the patches.
Notably, Kees, I've not taken your Reviewed-by tag for patches that saw
significant rework -- even when in response to your own feedback :)
(ud_type propagation is now gone)
I'll repost in a few days, to give people a chance to catch up.