Received: by 2002:ab2:60d1:0:b0:1f7:5705:b850 with SMTP id i17csp390992lqm; Wed, 1 May 2024 04:07:04 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVnCt1CcF9pdGMu6/QG1yR7Jp59b5dRIE3q/vctaeGGvfUfYM2d7dlSa0eMdXogTy8LyvB1Q1/L7a9m/yMxstMpxCRKlnIigOakTZEmsQ== X-Google-Smtp-Source: AGHT+IEQ1vRLwx9o7E3dLAEtt1XaCSKpK/aFWnZbSHsgH+mtawGU1tOjRPKEGmwtjZA601aJD6tO X-Received: by 2002:a05:6102:354:b0:47c:2784:b68a with SMTP id e20-20020a056102035400b0047c2784b68amr2045943vsa.24.1714561624193; Wed, 01 May 2024 04:07:04 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1714561624; cv=pass; d=google.com; s=arc-20160816; b=t7gQvrZN89e1F9ICyieLQSWL0JqvzRwo3niYTcpeYVhnYhc/saD8L/Ba081mqxigHv 17A9KMDWoRNl9aS64sTKRWnEg8FlH4O2DNLx5ps8bBlNx4kYAafjlouqywy484PD1TY0 1DIzYScqAh8sagBEv8toFbWq6Eo1g79x0YyM1JYemckA4BKZT2OMN80q/o71Gzd5+YEH Hp3wzktC1/XY/WZXK49ZC82SIrkVDka+uFpvzc5hH7tXsAZWPceDbIr7ZljVcObnKXan yiZlpGrNQdQD+OTwR6NJaZP1a/3tgv2DJXBVVpqHNI3V6TI/6aNeJ8+2y9dPLIfoLV+7 X9gw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=aNpiIghGKhPJ0ZIxsrzl9Nb+y+hsY2vBs19eG4Yd/jM=; fh=M4eHaguOTye1WORh3+u0KVFOPHOUKwHxXszFH8aJGcA=; b=x0leXBdFH/Bos3mEBfilbc/nz+zcLN5/wGu9cqRG12S2rBl0It0ZXm6LYfbEBBFpoL 0QKb47v3cm06QO3KyKPQ3HaSwtOPM5+9uD08UzEDWRuDLxtlhbScIlBBnDFgt2Qu6+9N wGwSO3Nk20vDGlgnHw2KnOSQJdwL0n14JAOUnW3vhWLjE8WeS+YxRsknPj/+6iGlHLv1 6A4ke3gXaa6I+35FgV+YuO5U+j4Ll9FlV6UXM5Bb0n/8MjIVfOtwd0vQlVl0YOIXApMY Y+DZsMTWkA1buLAD4nJA6PPMkQ35LiFksbnMpwibtBKp6K9eTHoQtowIjEFZS8m1f4ch m1Ew==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=eL6YOqnp; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-165165-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-165165-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [2604:1380:45d1:ec00::1]) by mx.google.com with ESMTPS id dg13-20020a056102570d00b0047cfd96bedfsi996106vsb.413.2024.05.01.04.07.04 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 May 2024 04:07:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-165165-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) client-ip=2604:1380:45d1:ec00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=desiato.20200630 header.b=eL6YOqnp; arc=pass (i=1 dkim=pass dkdomain=infradead.org); spf=pass (google.com: domain of linux-kernel+bounces-165165-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45d1:ec00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-165165-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id E3E421C20819 for ; Wed, 1 May 2024 11:07:03 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 761B560BBE; Wed, 1 May 2024 11:06:48 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b="eL6YOqnp" Received: from desiato.infradead.org (desiato.infradead.org [90.155.92.199]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4A9C95028F; Wed, 1 May 2024 11:06:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=90.155.92.199 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714561607; cv=none; b=nytBgwOFV59eMf1KHQWSSuuzUnulrzgX39BHlMx49BClTnnNgfB0UoX9FvYgatA/Jsct1lfM1KtsF4svU26ONxeRNnbZyhi9MgtGuoB1fUDn0Wcbd2ACSMcFlt71z8xvFn6Qtt0C/l8knZmqcL7k/Zd0HvOEG4zQlmXZKA0v+P4= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1714561607; c=relaxed/simple; bh=hqFVMicxiJEATeOF/1jtox+rOiQl5zLUQQK3VQGe1ag=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=cy5/TJMe5TInNIY5YfWlSIKG8KlVAcbHt/DUbXngtrfUN+6KUKjhzEjxjQ0OCVUozfUnLpV9x4wjIiG90jvr7KJBaCPxV5lrRaRnET2+9l6PdF0kICsOIhKaEbTC+CswtfZqSyGmJtTZSYn4cOQu3C3JqvXQgUhZNAF+VnmJzpI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org; spf=none smtp.mailfrom=infradead.org; dkim=pass (2048-bit key) header.d=infradead.org header.i=@infradead.org header.b=eL6YOqnp; arc=none smtp.client-ip=90.155.92.199 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=infradead.org Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=infradead.org DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=desiato.20200630; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=aNpiIghGKhPJ0ZIxsrzl9Nb+y+hsY2vBs19eG4Yd/jM=; b=eL6YOqnpySW2lWXLYPLdhXlpO/ 0Z/4wH1ftAMvgh9jO3if19zP4ThcY0bxTX5I5xow1Y0EOZt+V1VO+a8C5E379CH6JOr6uUtIVy2o5 CpinvZONv3FR2koeGLiTyHfLxT269URPDm8ceepTtAPEZ11d9gwZHGymjl4ia6dz2kr6uOYnyo57/ g657iUjhv20jq0gV6KRanU1KStOlqk9xo8zoKu+bkU9dsF+p96ZIWZqLWALill5zOermPnuNtEhdr NEQyX8Xm2H3QanwU+igqLYuTtja6/l5lW0yH9IPLT0xJeUaJLWxlaR5ohbuSi5rrHEk7A0flsV/8k TU7tF6Iw==; Received: from j130084.upc-j.chello.nl ([24.132.130.84] helo=noisy.programming.kicks-ass.net) by desiato.infradead.org with esmtpsa (Exim 4.97.1 #2 (Red Hat Linux)) id 1s27mx-0000000HM6l-1X6Z; Wed, 01 May 2024 11:06:18 +0000 Received: by noisy.programming.kicks-ass.net (Postfix, from userid 1000) id 0BBA7300362; Wed, 1 May 2024 13:06:15 +0200 (CEST) Date: Wed, 1 May 2024 13:06:14 +0200 From: Peter Zijlstra To: Kees Cook Cc: "Gustavo A. R. Silva" , Catalin Marinas , Will Deacon , Thomas Gleixner , Ingo Molnar , Borislav Petkov , Dave Hansen , x86@kernel.org, "H. Peter Anvin" , Nathan Chancellor , Nick Desaulniers , Bill Wendling , Justin Stitt , linux-hardening@vger.kernel.org, linux-arm-kernel@lists.infradead.org, llvm@lists.linux.dev, linux-kernel@vger.kernel.org Subject: Re: [PATCH] hardening: Refresh KCFI options, add some more Message-ID: <20240501110614.GI40213@noisy.programming.kicks-ass.net> References: <20240426222940.work.884-kees@kernel.org> <20240430092140.GE40213@noisy.programming.kicks-ass.net> <202404301037.9E34D4811@keescook> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202404301037.9E34D4811@keescook> On Tue, Apr 30, 2024 at 10:48:36AM -0700, Kees Cook wrote: > On Tue, Apr 30, 2024 at 11:21:40AM +0200, Peter Zijlstra wrote: > > On Fri, Apr 26, 2024 at 03:29:44PM -0700, Kees Cook wrote: > > > > > - CONFIG_CFI_CLANG=y for x86 and arm64. (And disable FINEIBT since > > > it isn't as secure as straight KCFI.) > > > > Oi ? > > Same objection I always had[1]: moving the check into the destination > means attacks with control over executable memory contents can just omit > the check. I thought it was game over if you could write arbitrary test anyway? The whole CFI thing was about clobbering data (function pointers to be more specific), and both are robust against that.