| From: |
| Peter Zijlstra <peterz-AT-infradead.org> |
| To: |
| x86-AT-kernel.org |
| Subject: |
| [PATCH v4 00/10] x86/ibt: FineIBT-BHI |
| Date: |
| Mon, 24 Feb 2025 13:37:03 +0100 |
| Message-ID: |
| <20250224123703.843199044@infradead.org> |
| Cc: |
| linux-kernel-AT-vger.kernel.org, peterz-AT-infradead.org, alyssa.milburn-AT-intel.com, scott.d.constable-AT-intel.com, joao-AT-overdrivepizza.com, andrew.cooper3-AT-citrix.com, jpoimboe-AT-kernel.org, jose.marchesi-AT-oracle.com, hjl.tools-AT-gmail.com, ndesaulniers-AT-google.com, samitolvanen-AT-google.com, nathan-AT-kernel.org, ojeda-AT-kernel.org, kees-AT-kernel.org, alexei.starovoitov-AT-gmail.com, mhiramat-AT-kernel.org, jmill-AT-asu.edu |
| Archive-link: |
| Article |
Hi all!
Hopefully final version of these here patches.
As reported, these patches include the cfi=paranoid flag for dealing with the
FineIBT SYSCALL pivot and cfi=bhi for further hardering FineIBT.
Biggest difference since last time is the reworking (vastly simplifying) of
cfi=warn, and getting rid of the ud_type propagation in favour of using
is_cfi_trap().
As reported earlier, available at:
git://git.kernel.org/pub/scm/linux/kernel/git/peterz/queue.git x86/fineibt-bhi2
Previous version at:
https://lkml.kernel.org/r/20250219162107.880673196@infrad...
---
Makefile | 3 +
arch/x86/Kconfig | 8 +
arch/x86/include/asm/bug.h | 3 +
arch/x86/include/asm/cfi.h | 10 ++
arch/x86/include/asm/ibt.h | 4 +
arch/x86/kernel/alternative.c | 370 +++++++++++++++++++++++++++++++++++++-----
arch/x86/kernel/cfi.c | 8 +-
arch/x86/kernel/traps.c | 54 +++++-
arch/x86/lib/Makefile | 3 +-
arch/x86/lib/bhi.S | 146 +++++++++++++++++
arch/x86/net/bpf_jit_comp.c | 30 ++--
include/linux/cfi.h | 2 +
kernel/cfi.c | 4 +-
13 files changed, 585 insertions(+), 60 deletions(-)
