Received: by 2002:a05:6a10:5bc5:0:0:0:0 with SMTP id os5csp922989pxb; Wed, 27 Oct 2021 15:17:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwx9He5Y7ccbRw370seFSEzUzPGt+2u84a1CfU+nvBpJBzgaztu+wTiR9zWMoyo86+QMrGB X-Received: by 2002:a17:902:bd01:b0:141:6232:6f89 with SMTP id p1-20020a170902bd0100b0014162326f89mr467701pls.12.1635373058034; Wed, 27 Oct 2021 15:17:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1635373058; cv=none; d=google.com; s=arc-20160816; b=buMpDBCOmlqm0kHHtpuid+Y1YEXqFU+qwt/+Sdfv2MywRgmqC6+RlgYK16eC2O1S4s h2M5qENrOjA9ZNqaSH7klcyfwczp9VGkSEyASN3jn1I+qk2EUYnZi4nT4f9WMqLm7GQF 5KxNR/JnNpiRtwScOpUJhvMmYbC8OiOcrUiTr+ytQpdmzyuqN3AJ+8KkH8L5O+AXIska O0QmKtvAZAqF63TZFA24ygHL8uBI5sEYEQldvg46mLpfUQKdjvmANFQaMlUIb20MSiJB FIaXcoeVcS5QPlpUFQf3nokY8J5gVIbjitulfxhb2vtknoQLVrP/sOg/5gwSOiGsC4nu 3lgw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:accept-language:in-reply-to:references:message-id:date :thread-index:thread-topic:subject:cc:to:from; bh=TtbAeQq288NA28rs/Qf2Cz6zmUw46/8T17yqupTij+M=; b=Qz/zQpRmrynF0fCdlCwE/79hRzCERikNvyHncTRxdGE7PuKiFV9VA74CucyYObcxUp iDYkMh6bK6uuFvz5hNrV9njWlt3bLrxJc+Iof26Bq5wxmsuRTteL+5JDpqIWzznP1oQI wHxGuK1CY1zen28xW7mk8lIWbinGB9ByiQsGKyOOr81ZRKgx2uibdLD+RhzvBM8iNoHk bOZzrr0zhq8C01OQ/7SPN7ifMOh5xmVz4fRBfzazcxrq3aul55HDfVyOe0esS+Ok8fBt b+eN6mKdha6RBGAhusyD+oBZlT8bCQ3o72ZPfrwPWqAfs74IeNoD/591wR8oCKNb9Xvo K31g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id lk11si1739117pjb.187.2021.10.27.15.17.25; Wed, 27 Oct 2021 15:17:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231701AbhJ0VeX convert rfc822-to-8bit (ORCPT + 99 others); Wed, 27 Oct 2021 17:34:23 -0400 Received: from eu-smtp-delivery-151.mimecast.com ([185.58.85.151]:46506 "EHLO eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235480AbhJ0Vdw (ORCPT ); Wed, 27 Oct 2021 17:33:52 -0400 Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-42-fJv27yKXNbKPUHGUB7ziEQ-1; Wed, 27 Oct 2021 22:31:22 +0100 X-MC-Unique: fJv27yKXNbKPUHGUB7ziEQ-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP Server (TLS) id 15.0.1497.24; Wed, 27 Oct 2021 22:31:21 +0100 Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id 15.00.1497.024; Wed, 27 Oct 2021 22:31:21 +0100 From: David Laight To: 'Mark Rutland' CC: Peter Zijlstra , Sami Tolvanen , "x86@kernel.org" , Kees Cook , Josh Poimboeuf , "Nathan Chancellor" , Nick Desaulniers , Sedat Dilek , Steven Rostedt , "linux-hardening@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "llvm@lists.linux.dev" , "ardb@kernel.org" Subject: RE: [PATCH v5 00/15] x86: Add support for Clang CFI Thread-Topic: [PATCH v5 00/15] x86: Add support for Clang CFI Thread-Index: AQHXyyrmFu1L74SRSES6mpaoExEoXavmyV5Q///5hQCAAJkGUA== Date: Wed, 27 Oct 2021 21:31:21 +0000 Message-ID: References: <20211013181658.1020262-1-samitolvanen@google.com> <20211026201622.GG174703@worktop.programming.kicks-ass.net> <20211027120515.GC54628@C02TD0UTHF1T.local> <456321a9fc5245408fc0d2798e497fe0@AcuMS.aculab.com> <20211027131730.GF54628@C02TD0UTHF1T.local> In-Reply-To: <20211027131730.GF54628@C02TD0UTHF1T.local> Accept-Language: en-GB, en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Mark Rutland > Sent: 27 October 2021 14:18 > > On Wed, Oct 27, 2021 at 12:55:17PM +0000, David Laight wrote: > > From: Mark Rutland > > > Sent: 27 October 2021 13:05 > > ... > > > Taking a step back, it'd be nicer if we didn't have the jump-table shim > > > at all, and had some SW landing pad (e.g. a NOP with some magic bytes) > > > in the callees that the caller could check for. Then function pointers > > > would remain callable in call cases, and we could explcitly add landing > > > pads to asm to protect those. I *think* that's what the grsecurity folk > > > do, but I could be mistaken. > > > > It doesn't need to be a 'landing pad'. > > The 'magic value' could be at 'label - 8'. > > Sure; I'd intended to mean the general case of something at some fixed > offset from the entrypoint, either before or after, potentially but not > necessarily inline in the executed instruction stream. What you really want is to be able to read the value using the I-cache so as not to pollute the D-cache with code bytes and to avoid having both an I-cache and D-cache miss at the same time for the same memory. Even if the I-cache read took an extra clock (or two) I suspect it would be an overall gain. This is also true for code that uses pc-relative instructions to read constants - common in arm-64. Not sure any hardware lets you do that though :-( David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)