1. Patchew
  2. linux
  3. View series

[PATCH v2 0/6] x86/cfi: Fix FineIBT

Peter Zijlstra posted 6 patches 2 years, 7 months ago 
arch/um/kernel/um_arch.c             |  2 +-
arch/x86/entry/entry_32.S            | 54 +++++++---------------------
arch/x86/entry/entry_64.S            | 35 ++++++------------
arch/x86/include/asm/alternative.h   |  2 +-
arch/x86/include/asm/ibt.h           |  2 +-
arch/x86/include/asm/nospec-branch.h |  4 +++
arch/x86/include/asm/switch_to.h     |  4 ++-
arch/x86/kernel/alternative.c        | 69 +++++++++++++++++++++++++++++++++---
arch/x86/kernel/module.c             |  2 +-
arch/x86/kernel/process.c            | 22 +++++++++++-
10 files changed, 120 insertions(+), 76 deletions(-)
[PATCH v2 0/6] x86/cfi: Fix FineIBT
Posted by Peter Zijlstra 2 years, 7 months ago 
Hi!

Alyssa reported a FineIBT issue (patch 6) which led to the discovery of
a kCFI issue (patch 5) and a bunch of cleanups and enhancements (the
rest).

Backports can probably suffice with just the last two.

Much thanks to Brian for the better ret_from_fork() cleanup.

Tested using llvm-16 on an Alderlake with both FineIBT and kCFI.

Also available at:

  git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/urgent

(I'm aiming for the merge window, not this cycle)

v1: https://lkml.kernel.org/r/20230615193546.949657149@infradead.org

---
 arch/um/kernel/um_arch.c             |  2 +-
 arch/x86/entry/entry_32.S            | 54 +++++++---------------------
 arch/x86/entry/entry_64.S            | 35 ++++++------------
 arch/x86/include/asm/alternative.h   |  2 +-
 arch/x86/include/asm/ibt.h           |  2 +-
 arch/x86/include/asm/nospec-branch.h |  4 +++
 arch/x86/include/asm/switch_to.h     |  4 ++-
 arch/x86/kernel/alternative.c        | 69 +++++++++++++++++++++++++++++++++---
 arch/x86/kernel/module.c             |  2 +-
 arch/x86/kernel/process.c            | 22 +++++++++++-
 10 files changed, 120 insertions(+), 76 deletions(-)
Re: [PATCH v2 0/6] x86/cfi: Fix FineIBT
Posted by Kees Cook 2 years, 7 months ago 
On Thu, Jun 22, 2023 at 04:42:18PM +0200, Peter Zijlstra wrote:
> Alyssa reported a FineIBT issue (patch 6) which led to the discovery of
> a kCFI issue (patch 5) and a bunch of cleanups and enhancements (the
> rest).
> 
> Backports can probably suffice with just the last two.
> 
> Much thanks to Brian for the better ret_from_fork() cleanup.
> 
> Tested using llvm-16 on an Alderlake with both FineIBT and kCFI.

Thanks! This looks really nice. For the series:

Reviewed-by: Kees Cook <keescook@chromium.org>

-- 
Kees Cook
Re: [PATCH v2 0/6] x86/cfi: Fix FineIBT
Posted by Sami Tolvanen 2 years, 7 months ago 
On Thu, Jun 22, 2023 at 7:50 AM Peter Zijlstra <peterz@infradead.org> wrote:
>
> Hi!
>
> Alyssa reported a FineIBT issue (patch 6) which led to the discovery of
> a kCFI issue (patch 5) and a bunch of cleanups and enhancements (the
> rest).
>
> Backports can probably suffice with just the last two.
>
> Much thanks to Brian for the better ret_from_fork() cleanup.

This version looks even better, thanks!

Reviewed-by: Sami Tolvanen <samitolvanen@google.com>

Sami

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.