From: David Laight <David.Laight@ACULAB.COM>
To: 'Peter Zijlstra' <peterz@infradead.org>,
"x86@kernel.org" <x86@kernel.org>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Kees Cook <keescook@chromium.org>,
Sami Tolvanen <samitolvanen@google.com>,
"Joao Moreira" <joao@overdrivepizza.com>,
Josh Poimboeuf <jpoimboe@redhat.com>,
"Mark Rutland" <mark.rutland@arm.com>
Subject: RE: [PATCH 0/4] x86/ibt: Implement FineIBT
Date: Fri, 28 Oct 2022 11:01:08 +0000 [thread overview]
Message-ID: <322c0b333f0a4a60be2a89f0cdf7edde@AcuMS.aculab.com> (raw)
In-Reply-To: <20221027092812.185993858@infradead.org>
From: Peter Zijlstra
> Sent: 27 October 2022 10:28
>
> Hi all,
>
> Updated FineIBT series; I've (hopefully) incorporated all feedback from last
> time with the notable exception of the Kconfig CFI default -- I'm not sure we
> want to add to the Kconfig space for this, also what would a distro do with it.
>
> Anyway; please have a look, I'm hoping to merge this soonish so we can make the
> next cycle.
Is there a test to ensure that modules are actually compiled
with the required endbra, function prologue gap (etc).
Having the module load fail is somewhat better than a crash.
It is almost certainly quite easy to generate an out of tree module that
is missing all of those (even if compiled at the same time as the kernel).
(Never mind issues with modules that contain binary blobs.)
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
next prev parent reply other threads:[~2022-10-28 11:01 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-27 9:28 [PATCH 0/4] x86/ibt: Implement FineIBT Peter Zijlstra
2022-10-27 9:28 ` [PATCH 1/4] objtool: Add --cfi to generate the .cfi_sites section Peter Zijlstra
2022-11-02 9:20 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2022-10-27 9:28 ` [PATCH 2/4] x86/ibt: Implement FineIBT Peter Zijlstra
2022-10-27 10:11 ` Peter Zijlstra
2022-10-28 17:41 ` Kees Cook
2022-11-02 9:20 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2022-10-27 9:28 ` [PATCH 3/4] x86/cfi: Boot time selection of CFI scheme Peter Zijlstra
2022-10-28 17:41 ` Kees Cook
2022-11-02 9:19 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2022-10-27 9:28 ` [PATCH 4/4] x86/cfi: Add boot time hash randomization Peter Zijlstra
2022-10-28 17:42 ` Kees Cook
2022-11-02 9:19 ` [tip: x86/core] " tip-bot2 for Peter Zijlstra
2022-10-28 11:01 ` David Laight [this message]
2022-10-28 12:03 ` [PATCH 0/4] x86/ibt: Implement FineIBT Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=322c0b333f0a4a60be2a89f0cdf7edde@AcuMS.aculab.com \
--to=david.laight@aculab.com \
--cc=joao@overdrivepizza.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=peterz@infradead.org \
--cc=samitolvanen@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.