Received: by 2002:a05:6a10:17d3:0:0:0:0 with SMTP id hz19csp721427pxb; Fri, 16 Apr 2021 17:04:21 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzbco47ljBnTcu7DpTDpcpQUehSGJJUf+DaJW2ZQ/r3SPobCK46qX31klQb+dPvsqAMulVU X-Received: by 2002:aa7:d88b:: with SMTP id u11mr12920785edq.254.1618617861380; Fri, 16 Apr 2021 17:04:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1618617861; cv=none; d=google.com; s=arc-20160816; b=wxbgDTP0so61sqF7fSCovpLZd54Xxhw04rvPmNWpsuz5Y/B4ZThOFcBKBGIRvU8Anv FQRNAherRuq++zNYh7f6boaaY7Ifb+VRGB0HCGwUyb3v/0Vg/pU00wutIRKPmbkEsjY4 6eH3JL6a5oS5vzvKAE7Q/Ecssm5M2ywFEXQA1GwXrANj3CrKL19vHof80YL80iFzhgaL rUIpl64/3fjuNyziRYYdoyYY9zZgcyFk5bqDCa4ihskfP30n0sNoV1Sg9HnBt04jBO2e mtz1emKCI6jdebCDDleoIdk6Fam1rqBKzFF6XimhkeBDQOEDVleasAkylBM8QzzgkwQo J99g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:message-id:date:references :in-reply-to:subject:cc:to:dkim-signature:dkim-signature:from; bh=xAJKO8dWaz92ciG9zIlL+Ikr/RFMxTd4id9MFoOL6bc=; b=sG1DePAxwVaR/+BJs90MXO5gbRfgwMtI1LFauZ+I1A/t/pf4lJoTZPr1i7NLc3v03C mgIO9F3y5WylFuou8jraHYUh23es3YfEt2HxdHAl4ed/upLg3YRRRXf48l017RPD0TlW +uR/BpaP2w2+UKjE3ose320rYNyPNT49bS0MpCY1oWb9uIGLtQO+U5Z8d39y0CGPo43Y 93+igzWDpueUNrR/9RSzB7cgIRNU+lsEy1mCDn0/qLkC4rh8rC8xD6TzthgePQ9M8XBZ EO7hu0loNJrok7LYfsK/8wrBPpZ+f8ZaeoRpuZMS3PJk2NDazZ1Z5wAi+MkAshTzTfYU H3ag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=BQXVF4t3; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=IRiiJJW6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id jg32si5860614ejc.26.2021.04.16.17.03.58; Fri, 16 Apr 2021 17:04:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linutronix.de header.s=2020 header.b=BQXVF4t3; dkim=neutral (no key) header.i=@linutronix.de header.s=2020e header.b=IRiiJJW6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=linutronix.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235138AbhDQADF (ORCPT + 99 others); Fri, 16 Apr 2021 20:03:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57670 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235056AbhDQADD (ORCPT ); Fri, 16 Apr 2021 20:03:03 -0400 Received: from galois.linutronix.de (Galois.linutronix.de [IPv6:2a0a:51c0:0:12e:550::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4D003C06175F; Fri, 16 Apr 2021 17:02:34 -0700 (PDT) From: Thomas Gleixner DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020; t=1618617752; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=xAJKO8dWaz92ciG9zIlL+Ikr/RFMxTd4id9MFoOL6bc=; b=BQXVF4t3ExWyQ3Vf3r8aYeZLNQy1SwgLH0Qp0MjoSfMVfT5+SpmyUjHZjdVpQS8uZtF5RJ PofMRXYf+QoSfDvGPhJl1lBkA0hJuJeh4X2lGN1kg3+0nqRzmgKfwDB0t5yJE2lpHEwx8k JK8XKGlUR/FwioDmCGTl1CUEsxt6q0cO91otV03ZSsL8kl24X8+cEfk+trbSRoYhCsKJPo VZp9sDn5I6xhCoRHsYEKDtenfpWF8F1+fFEJ7OwVIH06CF3USV1kd4j65CdKzKMfT7Nnzu J3H8w1vaWLadlqoHETk2/q74+1r9st7F6FuvYG91kX+xy3R5Wikgl3RQXLE91Q== DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=linutronix.de; s=2020e; t=1618617752; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=xAJKO8dWaz92ciG9zIlL+Ikr/RFMxTd4id9MFoOL6bc=; b=IRiiJJW6d+3NSThZL1todwLecniMG+DONP2KvG/Z9I42DlVB97mhnAyx4zeCk7jQHWtZLK +Rzih2iiyKn2vQBw== To: Kees Cook Cc: Sami Tolvanen , x86@kernel.org, Josh Poimboeuf , Peter Zijlstra , Nathan Chancellor , Nick Desaulniers , Sedat Dilek , linux-hardening@vger.kernel.org, linux-kernel@vger.kernel.org, clang-built-linux@googlegroups.com Subject: Re: [PATCH 06/15] x86: Avoid CFI jump tables in IDT and entry points In-Reply-To: <202104161642.B72BD68@keescook> References: <20210416203844.3803177-1-samitolvanen@google.com> <20210416203844.3803177-7-samitolvanen@google.com> <87im4luaq7.ffs@nanos.tec.linutronix.de> <202104161642.B72BD68@keescook> Date: Sat, 17 Apr 2021 02:02:31 +0200 Message-ID: <87czutu6aw.ffs@nanos.tec.linutronix.de> MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Apr 16 2021 at 16:56, Kees Cook wrote: > On Sat, Apr 17, 2021 at 12:26:56AM +0200, Thomas Gleixner wrote: >> Where is the analysis why excluding >> >> > +CFLAGS_REMOVE_idt.o := $(CC_FLAGS_CFI) >> > +CFLAGS_REMOVE_paravirt.o := $(CC_FLAGS_CFI) >> >> all of idt.c and paravirt.c is correct and how that is going to be >> correct in the future? >> >> These files are excluded from CFI, so I can add whatever I want to them >> and circumvent the purpose of CFI, right? >> >> Brilliant plan that. But I know, sekurity ... > > *sigh* we're on the same side. :P I will choose to understand your > comments here as: > > "How will enforcement of CFI policy be correctly maintained here if > the justification for disabling it for whole compilation units is not > clearly understandable by other developers not familiar with the nuances > of its application?" Plus, if there is a justification for disabling it for a whole compilation unit: Where is the tooling which makes sure that this compilation unit is not later on filled with code which should be subject to CFI? Thanks, tglx