From: Peter Zijlstra <peterz@infradead.org>
To: Kees Cook <keescook@chromium.org>
Cc: x86@kernel.org, Sami Tolvanen <samitolvanen@google.com>,
Joao Moreira <joao@overdrivepizza.com>,
linux-kernel@vger.kernel.org, Mark Rutland <mark.rutland@arm.com>,
Josh Poimboeuf <jpoimboe@redhat.com>
Subject: Re: [PATCH] x86/ibt: Implement FineIBT
Date: Tue, 18 Oct 2022 21:56:36 +0200 [thread overview]
Message-ID: <Y08E9DgGD0lPB85O@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <202210181020.79AF7F7@keescook>
On Tue, Oct 18, 2022 at 11:09:13AM -0700, Kees Cook wrote:
> > +config FINEIBT
> > + def_bool y
> > + depends on X86_KERNEL_IBT && CFI_CLANG
> > + select CALL_PADDING
>
> To that end, can we please make this a prompted choice?
How about something like so instead?
---
Subject: x86/cfi: Boot time selection of CFI scheme
From: Peter Zijlstra <peterz@infradead.org>
Date: Tue Oct 18 21:50:54 CEST 2022
Add the "cfi=" boot parameter to allow users to select a scheme at
boot time.
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
---
arch/x86/kernel/alternative.c | 103 +++++++++++++++++++++++++++++++++---------
1 file changed, 83 insertions(+), 20 deletions(-)
--- a/arch/x86/kernel/alternative.c
+++ b/arch/x86/kernel/alternative.c
@@ -702,6 +702,47 @@ void __init_or_module noinline apply_ibt
#endif /* CONFIG_X86_KERNEL_IBT */
#ifdef CONFIG_FINEIBT
+
+enum cfi_mode {
+ CFI_DEFAULT,
+ CFI_OFF,
+ CFI_KCFI,
+ CFI_FINEIBT,
+};
+
+static enum cfi_mode cfi_mode __ro_after_init = CFI_DEFAULT;
+
+static __init int cfi_parse_cmdline(char *str)
+{
+ if (!str)
+ return -EINVAL;
+
+ while (str) {
+ char *next = strchr(str, ',');
+ if (next) {
+ *next = 0;
+ next++;
+ }
+
+ if (!strcmp(str, "auto")) {
+ cfi_mode = CFI_DEFAULT;
+ } else if (!strcmp(str, "off")) {
+ cfi_mode = CFI_OFF;
+ } else if (!strcmp(str, "kcfi")) {
+ cfi_mode = CFI_KCFI;
+ } else if (!strcmp(str, "fineibt")) {
+ cfi_mode = CFI_FINEIBT;
+ } else {
+ pr_err("Ignoring unknown cfi option (%s).", str);
+ }
+
+ str = next;
+ }
+
+ return 0;
+}
+early_param("cfi", cfi_parse_cmdline);
+
/*
* kCFI FineIBT
*
@@ -868,30 +909,52 @@ static void __apply_fineibt(s32 *start_r
"FineIBT preamble wrong size: %ld", fineibt_preamble_size))
return;
- if (!HAS_KERNEL_IBT || !cpu_feature_enabled(X86_FEATURE_IBT))
+ if (cfi_mode == CFI_DEFAULT) {
+ cfi_mode = CFI_KCFI;
+ if (HAS_KERNEL_IBT && cpu_feature_enabled(X86_FEATURE_IBT))
+ cfi_mode = CFI_FINEIBT;
+ }
+
+ switch (cfi_mode) {
+ case CFI_OFF:
+ ret = cfi_disable_callers(start_retpoline, end_retpoline);
+ if (ret)
+ goto err;
+
+ if (builtin)
+ pr_info("Disabling CFI\n");
return;
- /*
- * Rewrite the callers to not use the __cfi_ stubs, such that we might
- * rewrite them. This disables all CFI. If this succeeds but any of the
- * later stages fails, we're without CFI.
- */
- ret = cfi_disable_callers(start_retpoline, end_retpoline);
- if (ret)
- goto err;
-
- ret = cfi_rewrite_preamble(start_cfi, end_cfi);
- if (ret)
- goto err;
-
- ret = cfi_rewrite_callers(start_retpoline, end_retpoline);
- if (ret)
- goto err;
+ case CFI_KCFI:
+ if (builtin)
+ pr_info("Using kCFI\n");
+ return;
- if (builtin)
- pr_info("Using FineIBT CFI\n");
+ case CFI_FINEIBT:
+ /*
+ * Rewrite the callers to not use the __cfi_ stubs, such that we might
+ * rewrite them. This disables all CFI. If this succeeds but any of the
+ * later stages fails, we're without CFI.
+ */
+ ret = cfi_disable_callers(start_retpoline, end_retpoline);
+ if (ret)
+ goto err;
+
+ ret = cfi_rewrite_preamble(start_cfi, end_cfi);
+ if (ret)
+ goto err;
+
+ ret = cfi_rewrite_callers(start_retpoline, end_retpoline);
+ if (ret)
+ goto err;
- return;
+ if (builtin)
+ pr_info("Using FineIBT CFI\n");
+ return;
+
+ default:
+ break;
+ }
err:
pr_err("Something went horribly wrong trying to rewrite the CFI implementation.\n");
next prev parent reply other threads:[~2022-10-18 19:57 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-10-18 13:35 [PATCH] x86/ibt: Implement FineIBT Peter Zijlstra
2022-10-18 14:43 ` David Laight
2022-10-18 15:58 ` Joao Moreira
2022-10-18 17:20 ` Kees Cook
2022-10-18 20:09 ` Joao Moreira
2022-10-19 5:33 ` Kees Cook
2022-10-18 21:27 ` David Laight
2022-10-18 14:47 ` Peter Zijlstra
2022-10-18 18:09 ` Kees Cook
2022-10-18 19:56 ` Peter Zijlstra [this message]
2022-10-18 23:31 ` Josh Poimboeuf
2022-10-19 5:22 ` Kees Cook
2022-10-19 11:38 ` Peter Zijlstra
2022-10-19 5:14 ` Kees Cook
2022-10-18 19:59 ` Peter Zijlstra
2022-10-18 21:09 ` Peter Zijlstra
2022-10-19 5:05 ` Kees Cook
2022-10-19 12:03 ` Peter Zijlstra
2022-10-19 15:22 ` Sami Tolvanen
2022-10-20 11:04 ` Peter Zijlstra
2022-10-18 19:59 ` Joao Moreira
2022-10-19 5:32 ` Kees Cook
2022-10-19 19:35 ` Joao Moreira
2022-10-18 20:05 ` Peter Zijlstra
2022-10-19 5:00 ` Kees Cook
2022-10-18 20:09 ` Peter Zijlstra
2022-10-18 20:17 ` Joao Moreira
2022-10-18 20:30 ` Peter Zijlstra
2022-10-19 4:48 ` Joao Moreira
2022-10-19 5:19 ` Kees Cook
2022-10-31 19:13 ` Joao Moreira
2022-11-01 21:39 ` Kees Cook
2022-11-01 21:50 ` Joao Moreira
2022-10-19 5:18 ` Kees Cook
2022-10-19 5:16 ` Kees Cook
2022-10-20 11:05 ` Peter Zijlstra
2022-10-18 23:38 ` Josh Poimboeuf
2022-10-19 7:29 ` Peter Zijlstra
2022-10-21 23:08 ` Josh Poimboeuf
2022-10-22 15:03 ` Peter Zijlstra
2022-10-24 17:15 ` Sami Tolvanen
2022-10-24 18:38 ` Joao Moreira
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y08E9DgGD0lPB85O@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=joao@overdrivepizza.com \
--cc=jpoimboe@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark.rutland@arm.com \
--cc=samitolvanen@google.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).