Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp21614rwi; Tue, 18 Oct 2022 13:32:41 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7V6W2hN8+8sq54UppbA6KNF12FGjFp6ivIk+q9OLg+WGrPxWlcH9aoteviir0u+QAxxgN8 X-Received: by 2002:a17:906:ef8f:b0:78d:fa64:275b with SMTP id ze15-20020a170906ef8f00b0078dfa64275bmr3825054ejb.663.1666125161459; Tue, 18 Oct 2022 13:32:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666125161; cv=none; d=google.com; s=arc-20160816; b=A/JLfDsa5mKTDdm1+Qm1dYJ2R8IjolXkATQ6L9LGNWctgcO7rtcj8dVJKiPx6KEJRK dnuxzL1efFJM67sf4KzhZMeJ7SIhumb+x9dBM6yjfcnwiEMyWqxqvKqFIj7Rj0QA+2nJ VhCTCrINJ5BZ7r6jw07oVIg338zB7CO0c4osg74ld1t/0PzzUw8IdVD+yjdhy5r6gPA3 6T8cTsmD8rtD6bfoc/eNl0f3g6Mc6N+fn9Xm4QHVzGh3XHI0pjkmGa5OE9ebD64Yy0BQ Q/kCrr4PRZ92T8nESPo2kR21h6mxqEdDVmvMjzMshcsRyvRouxniP1KVXtwrcdlGI8uz tpYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:message-id:references :in-reply-to:subject:cc:to:from:date:mime-version; bh=67Z7nxGwCmZktnHg1ltDDk3sO5/1laE9IogUf0+U2vQ=; b=IsIvemHrHOpZkXtSYYA8MxDllA58w9G3FH2l82jiCHshJWxyhk53WNvpc2vwOzFSjE LvpnkfFnV/wSL6BBkLHyL3YbxHM7LRnHgcPLZzZtkG1cUH0rTBtHP0PaW8nkFvqB0NLm 9sXSgsx7tbsl33/yvSbNrN2wAPwz0o3tWhvJ37hd/HjWSZM/frNAdsjhX+1Zu8VU5llG 8ozZrCcKv6h0l6z8lS7TeSZihyozkBMQ/neCXob7vgdyR1ZF/fL9et5s1MPRyrPcFEuP lbPwf7hOPJpvDSs9RaH+Oywd1E/QOs0Z/k3yCk/v7H+KHc9DlntrxVbgOASTm+uW6dui EzHA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e9-20020a056402190900b0045d9ceae633si6827467edz.55.2022.10.18.13.32.15; Tue, 18 Oct 2022 13:32:41 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230034AbiJRUJi (ORCPT + 99 others); Tue, 18 Oct 2022 16:09:38 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46180 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230056AbiJRUJf (ORCPT ); Tue, 18 Oct 2022 16:09:35 -0400 Received: from relay7-d.mail.gandi.net (relay7-d.mail.gandi.net [IPv6:2001:4b98:dc4:8::227]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 60ACE2191 for ; Tue, 18 Oct 2022 13:09:28 -0700 (PDT) Received: (Authenticated sender: joao@overdrivepizza.com) by mail.gandi.net (Postfix) with ESMTPA id DD8AD20003; Tue, 18 Oct 2022 20:09:25 +0000 (UTC) MIME-Version: 1.0 Date: Tue, 18 Oct 2022 13:09:25 -0700 From: Joao Moreira To: Kees Cook Cc: David Laight , 'Peter Zijlstra' , x86@kernel.org, Sami Tolvanen , linux-kernel@vger.kernel.org, Mark Rutland , Josh Poimboeuf Subject: Re: [PATCH] x86/ibt: Implement FineIBT In-Reply-To: <202210181013.923F8809@keescook> References: <9bb036e48580454b81e6de7224c5f006@AcuMS.aculab.com> <3edb387ea335085dcb6dd49f1d9c9ce6@overdrivepizza.com> <202210181013.923F8809@keescook> Message-ID: <24d4e2f277ecaa435075745817f2bd61@overdrivepizza.com> X-Sender: joao@overdrivepizza.com Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-0.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, SPF_HELO_NONE,SPF_PASS,URI_DOTEDU autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022-10-18 10:20, Kees Cook wrote: > On Tue, Oct 18, 2022 at 08:58:24AM -0700, Joao Moreira wrote: >> > Does the hash value for kCFI only depend on the function type? >> > Or is there something like a attribute that can also be included? >> >> Hi David -- does this sound like what you are asking about? >> >> https://github.com/ClangBuiltLinux/linux/issues/1736 >> >> If yes, then it is something in our todo list :) I think Sami is >> handling >> it. > > I was hoping someone with prior experience with Call Graph Detaching to > solve Transitive Clustering Relaxation[1] could assist? ;) Hi Kees, thanks for bringing these slides up. Yeah, I would be glad to help out with automating this sort of analysis. CGD, as explained in these slides would not help much here, because it was more of an optimization to reduce the number of allowed targets on returns (we did not have an almighty shadow stack at the time). Yet there are lots of other things we might be able to do, both statically and dynamically. Recent relevant research about this is multi-layer type analysis [1], which I may find the time to look into more deeply soon. 1 - https://www-users.cse.umn.edu/~kjlu/papers/mlta.pdf Tks, Joao