Re: [PATCH v4 07/10] x86/ibt: Add paranoid FineIBT mode

From: Kees Cook
Date: Mon Feb 24 2025 - 14:00:52 EST

Next message: Kees Cook: "Re: [PATCH v4 08/10] x86: BHI stubs"
Previous message: Naveen Kumar P: "Re: PCI: hotplug_event: PCIe PLDA Device BAR Reset"
In reply to: Peter Zijlstra: "[PATCH v4 07/10] x86/ibt: Add paranoid FineIBT mode"
Next in thread: tip-bot2 for Peter Zijlstra: "[tip: x86/core] x86/ibt: Add paranoid FineIBT mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 24, 2025 at 01:37:10PM +0100, Peter Zijlstra wrote:
> Due to concerns about circumvention attacks against FineIBT on 'naked'
> ENDBR, add an additional caller side hash check to FineIBT. This
> should make it impossible to pivot over such a 'naked' ENDBR
> instruction at the cost of an additional load.
>
> The specific pivot reported was against the SYSCALL entry site and
> FRED will have all those holes fixed up.
>
> https://lore.kernel.org/linux-hardening/Z60NwR4w%2F28Z7XUa@ubun/
>
> This specific fineibt_paranoid_start[] sequence was concocted by
> Scott.
>
> Reported-by: Jennifer Miller <jmill@xxxxxxx>
> Signed-off-by: Peter Zijlstra (Intel) <peterz@xxxxxxxxxxxxx>

Great! I'm happy to see the pre-call checking. :)

Reviewed-by: Kees Cook <kees@xxxxxxxxxx>

--
Kees Cook

Next message: Kees Cook: "Re: [PATCH v4 08/10] x86: BHI stubs"
Previous message: Naveen Kumar P: "Re: PCI: hotplug_event: PCIe PLDA Device BAR Reset"
In reply to: Peter Zijlstra: "[PATCH v4 07/10] x86/ibt: Add paranoid FineIBT mode"
Next in thread: tip-bot2 for Peter Zijlstra: "[tip: x86/core] x86/ibt: Add paranoid FineIBT mode"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]