system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-19 09:49:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/include
History
Peter Zijlstra 931ab63664 x86/ibt: Implement FineIBT 
Implement an alternative CFI scheme that merges both the fine-grained
nature of kCFI but also takes full advantage of the coarse grained
hardware CFI as provided by IBT.

To contrast:

  kCFI is a pure software CFI scheme and relies on being able to read
text -- specifically the instruction *before* the target symbol, and
does the hash validation *before* doing the call (otherwise control
flow is compromised already).

  FineIBT is a software and hardware hybrid scheme; by ensuring every
branch target starts with a hash validation it is possible to place
the hash validation after the branch. This has several advantages:

   o the (hash) load is avoided; no memop; no RX requirement.

   o IBT WAIT-FOR-ENDBR state is a speculation stop; by placing
     the hash validation in the immediate instruction after
     the branch target there is a minimal speculation window
     and the whole is a viable defence against SpectreBHB.

   o Kees feels obliged to mention it is slightly more vulnerable
     when the attacker can write code.

Obviously this patch relies on kCFI, but additionally it also relies
on the padding from the call-depth-tracking patches. It uses this
padding to place the hash-validation while the call-sites are
re-written to modify the indirect target to be 16 bytes in front of
the original target, thus hitting this new preamble.

Notably, there is no hardware that needs call-depth-tracking (Skylake)
and supports IBT (Tigerlake and onwards).

Suggested-by: Joao Moreira (Intel) <joao@overdrivepizza.com>
Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221027092842.634714496@infradead.org
2022-11-01 13:44:10 +01:00
..
acpi
asm-generic Merge branch 'x86/urgent' into x86/core, to resolve conflict 2022-10-22 10:06:18 +02:00
clocksource
crypto
drm Driver core changes for 6.1-rc1 2022-10-07 17:04:10 -07:00
dt-bindings These are the pin control changes for the v6.1 kernel cycle: 2022-10-11 10:59:59 -07:00
keys
kunit
kvm
linux x86/ibt: Implement FineIBT 2022-11-01 13:44:10 +01:00
math-emu
media USB/Thunderbolt changes for 6.1-rc1 2022-10-07 16:48:26 -07:00
memory
misc
net Random number generator fixes for Linux 6.1-rc1. 2022-10-16 15:27:07 -07:00
pcmcia
ras
rdma
rv
scsi SCSI misc on 20221007 2022-10-07 12:33:18 -07:00
soc RISC-V Patches for the 6.1 Merge Window, Part 2 2022-10-14 11:21:11 -07:00
sound ALSA: hda: Update register polling macros 2022-10-09 12:34:32 +02:00
target
trace f2fs-for-6.1-rc1 2022-10-10 20:28:41 -07:00
uapi This pull request contains updates for UBI and UBIFS 2022-10-14 18:23:23 -07:00
ufs SCSI misc on 20221007 2022-10-07 12:33:18 -07:00
vdso
video
xen xen/virtio: enable grant based virtio on x86 2022-10-10 14:31:26 +02:00