Re: [RFC] Circumventing FineIBT Via Entrypoints

From: Kees Cook
Date: Tue Feb 25 2025 - 21:56:07 EST

Next message: Mi, Dapeng: "Re: [Patch v2 10/24] perf/x86/intel: Process arch-PEBS records or record fragments"
Previous message: Feng Tang: "Re: [PATCH v3 3/4] PCI/portdrv: Loose the condition check for disabling hotplug interrupts"
In reply to: Andrew Cooper: "Re: [RFC] Circumventing FineIBT Via Entrypoints"
Next in thread: Rudolf Marek: "Re: [RFC] Circumventing FineIBT Via Entrypoints"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On February 25, 2025 1:14:01 PM PST, Andrew Cooper <andrew.cooper3@xxxxxxxxxx> wrote:
>Peter Zijlstra has added a FineIBT=paranoid mode which performs the hash
>check ahead of calling the function pointer, which ought to mitigate
>this but at even higher overhead.

Was kCFI vs FineIBT perf ever measured? Is the assumption of higher overhead based on kCFI filling dcache in addition to icache, whereas FineIBT only fills icache?

-Kees

--
Kees Cook

Next message: Mi, Dapeng: "Re: [Patch v2 10/24] perf/x86/intel: Process arch-PEBS records or record fragments"
Previous message: Feng Tang: "Re: [PATCH v3 3/4] PCI/portdrv: Loose the condition check for disabling hotplug interrupts"
In reply to: Andrew Cooper: "Re: [RFC] Circumventing FineIBT Via Entrypoints"
Next in thread: Rudolf Marek: "Re: [RFC] Circumventing FineIBT Via Entrypoints"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]