Received: by 2002:a05:622a:251a:b0:39a:b4a2:e86 with SMTP id cm26csp551881qtb; Wed, 19 Oct 2022 08:43:08 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4RpfAETPQzXhECijjzQoUocUeDTyUad9hEgpz/pEGtu33U8UnSo5Nejex8tIAkl3u8jPi9 X-Received: by 2002:a05:6402:450c:b0:443:6279:774f with SMTP id ez12-20020a056402450c00b004436279774fmr8235615edb.11.1666194188647; Wed, 19 Oct 2022 08:43:08 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666194188; cv=none; d=google.com; s=arc-20160816; b=uz/QrNPS//c9tNqTOoad27eVIG6U2Rx7NzzsngsmnjhRKoNgeOjUswjNAqjCoMrecX edzg3DCPdMPvNMGh2Wb0/wXC7Gdzldxm42G7a/C9nCqq6aQNOgzWHj3JAlBy489bOsoz /feB/AaQiCXh3suQwCUD1fT5TBzdWYMOzS5WxcfKhVk4XCI9aTb8h8JH5qIjlmMthyjA FHTiwjQ3C8JxO2ps5WFdomxqDpz4dS0qZ7EY8PWsqk5ZlE+sm5v0+9Wq3J9VmyDeS8p4 5XSNMYzwNjKewOsl5CGS1OB1ELInootexCsPfCPgDecGWWapu04PtPwimR8PBXjb/xzR vaxA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=VNHbXxSW7m+bZUVbzSdjwBQQzi1pwoEug4lryfW9UVw=; b=rNPDXFz9lIcFT1by0pPjlhqb0D7PkfZACbNY9cs1pFkl8SL8oOf2L/KEKm5M6ky4J3 dn1yjj5n680ZYQRnM3IKfqlJ17t6igMACpDT26DUVhL0bi4BYuwDdOvBlcPKcHA5fNfy 37KXMLctVFra1lx+m7XL8ob4VkJfqUTD53wYEi8lu9nItHTUtlaMg779jaRVa8Sef+C+ 9rFbQbk40o3niaUQ3Lh7I6Ikc/v/27B50vn34LaWvPhL8tWXkrHpXQOrAwBXpVjFW9yJ +bnAL0BDAW7C/XupAeIYcbkJ0jnHZZStEr6PAhpEmByp3dwRq5tcNuf6UlhtQTxzua3C I5ag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=VvKHZHVr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id dt2-20020a170906b78200b00782b2a97827si13363686ejb.242.2022.10.19.08.42.42; Wed, 19 Oct 2022 08:43:08 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=VvKHZHVr; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231964AbiJSPbB (ORCPT + 99 others); Wed, 19 Oct 2022 11:31:01 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46494 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232348AbiJSPah (ORCPT ); Wed, 19 Oct 2022 11:30:37 -0400 Received: from mail-ed1-x529.google.com (mail-ed1-x529.google.com [IPv6:2a00:1450:4864:20::529]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id ACE6216EA15 for ; Wed, 19 Oct 2022 08:23:01 -0700 (PDT) Received: by mail-ed1-x529.google.com with SMTP id u21so25774713edi.9 for ; Wed, 19 Oct 2022 08:23:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=VNHbXxSW7m+bZUVbzSdjwBQQzi1pwoEug4lryfW9UVw=; b=VvKHZHVrCjwMBIBMOSm8jl1Vp7/WFMtlMQ01/1g/KHw6JwxVmWqFjjIZXklHCaciJR dprsOwZGQYK/S9vox+G0VXON4SDyqeLBdLfQjy/6mFNAbyG65E2Ko4Cg9aggQhRbOAYJ eavheiAk6MVutzf+Ga4UGQligCa+W+N6faK0LoK28Tj0pcggPel0yUUq2IOS3EE64t7p x3Z0iEYOFonD0wgSnznmDIOBOpzlPC6ajGofl2YnEVfWkDWDYUNHDnQqbEjuFpqGAY5d 3QpMr7/PA4h7kFYU/H37wwuk0buNel7SuGnek9j2L2zobENwKN6zLZO2eTL1fvJrQpGW uK4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=VNHbXxSW7m+bZUVbzSdjwBQQzi1pwoEug4lryfW9UVw=; b=49fes1TJEurP6pYy3Mvgfzo0BNo7+JKyFVZxX7JQtAAJgzenx6PTMW0DZb800D1GVJ lX8NPdtkTf8lnWj5/YKTDT4aFC9GaArIlahrXTSd5Q4EuHqNnlZd4FAYfrnm4DK/ewBB /wEeui7DeVRmh8q801y17Eh0CbnKyW7ttXovbY4+iQG9Ydj2vfGqkrxZDi5lqnft+jPo C0QSFUFLnB5IqMhKgd8OVnO5iY6UXDyuDOqF40MdDuTefbEnbCqp2/D0Q5O6nIexQFeN xlodhzv8ojoDmCvzhP+mjIM7tRucaBLBxQB71tV5RV9tn8kHZXd3ElEeX19P+QyV/FT5 xOHg== X-Gm-Message-State: ACrzQf1c4u+M3kixFgLRWkPcH+CXhqt5u1OcFVga5v9uOQUesL572NOY uXGGrBbRQyaXLs3H4TQrkOH9cxNO7bBywx5E119Q/Q== X-Received: by 2002:a05:6402:27cd:b0:45c:db6f:7e77 with SMTP id c13-20020a05640227cd00b0045cdb6f7e77mr8197159ede.149.1666192973743; Wed, 19 Oct 2022 08:22:53 -0700 (PDT) MIME-Version: 1.0 References: <202210181020.79AF7F7@keescook> <202210182200.50680AE@keescook> In-Reply-To: From: Sami Tolvanen Date: Wed, 19 Oct 2022 08:22:17 -0700 Message-ID: Subject: Re: [PATCH] x86/ibt: Implement FineIBT To: Peter Zijlstra Cc: Kees Cook , x86@kernel.org, Joao Moreira , linux-kernel@vger.kernel.org, Mark Rutland , Josh Poimboeuf Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Oct 19, 2022 at 5:03 AM Peter Zijlstra wrote: > > On Tue, Oct 18, 2022 at 10:05:26PM -0700, Kees Cook wrote: > > > > The one glitch here is that the resulting hash needs to not contain > > an endbr... > > Oh right,.. duh. How about something like: > > static u32 cfi_rehash(u32 hash) > { > hash ^= cfi_hash; > while (unlikely(is_endbr(hash))) { > bool lsb = hash & 1; > hash >>= 1; > if (lsb) > hash ^= 0x80200003; > } > return hash; > } > > Which seems properly over-engineered :-) Also, -hash can't be endbr with KCFI since we use that in the check itself. Sami