Received: by 2002:a05:622a:1442:b0:3a5:28ea:c4b9 with SMTP id v2csp759007qtx; Mon, 31 Oct 2022 13:11:32 -0700 (PDT) X-Google-Smtp-Source: AMsMyM4kIiZqXlaUdnxZupbiiZu2RpevGUQCfXr/wU1CHJn/zjuaSNCr8DrTHSgefr24DOT9M8eh X-Received: by 2002:a17:902:efc7:b0:187:c49:5a0a with SMTP id ja7-20020a170902efc700b001870c495a0amr12547081plb.97.1667247092359; Mon, 31 Oct 2022 13:11:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1667247092; cv=none; d=google.com; s=arc-20160816; b=KK7Ko+sxkvWyvNDTGl6DasS1WX+A5tiArq7K71stA+/XE4zDzFlRm35IVp6M6acP45 i0YYo6cOlEJQkPYJ36qg+Q+zxqrBcgOOO3V6VL/LQEqI9hIfWB2QYtIo3oi1T0acVC/o 41UeVlf1/DhWQGcnSUdB5IS64DG4FQyBv1HK4YT2rDNVuSw5BAi2EGFxxJyVsOGUl/kw sErFaOQg64cbrj3IhXeoQQcwM3qpHnHj7/Gl+1Uysbghls5SR6RYJ15pnZNNMXhu5YAL b8kr8BRZCKqHUbQaRAPCiwY9HP4SDBd1CKHnOZxIoTWGn3y2iaPa7A79uIkem3AwfXpg zIRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:message-id:references :in-reply-to:subject:cc:to:from:date:mime-version; bh=NbGHDQcQ3gP29pfvxnfFyKl05l3I8tULvYxdiE8t8SY=; b=R5yioHMAS2YTq5cnzQb5u7Kynha2jJ5x6nwNAtfLNZwFTXXX3/56CKKSDsqX7opeGb EkBPq+GFV/KDKFzVif2BWwT85hr9u6CrBizDxjRM1dN/PopUbvvJ2VFgaA5oTltObLZS wHRJQdVPytdJO5qXj4Nt8ifqP8wZZO5GHk64Dowa9IiZisoQ9LMgtLPBmraDo5QRvA0n 6SLCJAgDeznfABE1GbT2iBsAp5HBS716YS7y1ijBaYcF/OBwDeWjxDTaA48XJHstZ++t HCAEd5ptP+GjhbB36Mp8YjokRVCEkrkjgteaW8ZicqmU/fdQmYYyvY9riaYchckLBwnN 346A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id e129-20020a636987000000b0041183daa0ffsi9415067pgc.761.2022.10.31.13.11.19; Mon, 31 Oct 2022 13:11:32 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229934AbiJaTOM (ORCPT + 98 others); Mon, 31 Oct 2022 15:14:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229744AbiJaTOK (ORCPT ); Mon, 31 Oct 2022 15:14:10 -0400 Received: from relay1-d.mail.gandi.net (relay1-d.mail.gandi.net [217.70.183.193]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6AB50120BD for ; Mon, 31 Oct 2022 12:14:09 -0700 (PDT) Received: (Authenticated sender: joao@overdrivepizza.com) by mail.gandi.net (Postfix) with ESMTPA id 52DBF240004; Mon, 31 Oct 2022 19:13:50 +0000 (UTC) MIME-Version: 1.0 Date: Mon, 31 Oct 2022 12:13:50 -0700 From: Joao Moreira To: Kees Cook Cc: Peter Zijlstra , x86@kernel.org, Sami Tolvanen , linux-kernel@vger.kernel.org, Mark Rutland , Josh Poimboeuf Subject: Re: [PATCH] x86/ibt: Implement FineIBT In-Reply-To: <202210182218.56AD2871@keescook> References: <202210181020.79AF7F7@keescook> <202210182218.56AD2871@keescook> Message-ID: X-Sender: joao@overdrivepizza.com Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2022-10-18 22:19, Kees Cook wrote: > On Tue, Oct 18, 2022 at 09:48:42PM -0700, Joao Moreira wrote: >> > > Is it useful to get the compiler to emit 0xcc with >> > > -fpatchable-function-entry under any circumstance? I can probably >> > > change >> > > that quickly if needed/useful. >> > >> > Having it emit 0xcc for the bytes in front of the symbol might be >> > interesting. It would mean a few kernel changes, but nothing too hard. Should I push for this within clang? I have the patch semi-ready (below) and would have some cycles this week for polishing it. >> > >> > That is, -fpatchable-function-entry=N,M gets us N-M bytes in at the >> > start of the symbol and M bytes in front of it. The N-M bytes at the >> > start of the function *are* executed and should obviously not become >> > 0xcc (GCC keeps them 0x90 while LLVM makes them large NOPs). >> >> Uhum, all makes sense. I drafted something here: >> >> https://github.com/lvwr/llvm-project/commits/joao/int3 >> >> Let me know if this works for you or if there is something that should >> be >> tweaked, like adding a specific flag and such. This currently emits >> 0xcc >> instead of 0x90 for the nops before the function entry symbol for >> kernel >> code on x86-64. It seems to be working (see generated snippet below), >> but >> let me know otherwise: >> >> Generated with -fpatchable-function-entry=10,5 >> >> Disassembly of section .text: >> >> 0000000000000000 : >> 0: cc int3 >> 1: cc int3 >> 2: cc int3 >> 3: cc int3 >> 4: cc int3 >> >> 0000000000000005 : >> 5: 0f 1f 44 00 08 nopl 0x8(%rax,%rax,1) >> a: 41 57 push %r15 >> c: 41 56 push %r14 > > Cool! I like that. Assuming objtool doesn't freak out, that seems like > a > nice way to go.