Re: [PATCH v8 01/27] Documentation/x86: Add CET description

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
Subject: Re: [PATCH v8 01/27] Documentation/x86: Add CET description
From: Florian Weimer <fweimer@xxxxxxxxxx>
Date: Wed, 14 Aug 2019 10:07:45 +0200
Cc: x86@xxxxxxxxxx, "H. Peter Anvin" <hpa@xxxxxxxxx>, Thomas Gleixner <tglx@xxxxxxxxxxxxx>, Ingo Molnar <mingo@xxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, linux-doc@xxxxxxxxxxxxxxx, linux-mm@xxxxxxxxx, linux-arch@xxxxxxxxxxxxxxx, linux-api@xxxxxxxxxxxxxxx, Arnd Bergmann <arnd@xxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>, Balbir Singh <bsingharora@xxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Cyrill Gorcunov <gorcunov@xxxxxxxxx>, Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>, Eugene Syromiatnikov <esyr@xxxxxxxxxx>, "H.J. Lu" <hjl.tools@xxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Mike Kravetz <mike.kravetz@xxxxxxxxxx>, Nadav Amit <nadav.amit@xxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Pavel Machek <pavel@xxxxxx>, Peter Zijlstra <peterz@xxxxxxxxxxxxx>, Randy Dunlap <rdunlap@xxxxxxxxxxxxx>, "Ravi V. Shankar" <ravi.v.shankar@xxxxxxxxx>, Vedvyas Shanbhogue <vedvyas.shanbhogue@xxxxxxxxx>, Dave Martin <Dave.Martin@xxxxxxx>
In-reply-to: <20190813205225.12032-2-yu-cheng.yu@intel.com> (Yu-cheng Yu's message of "Tue, 13 Aug 2019 13:51:59 -0700")
References: <20190813205225.12032-1-yu-cheng.yu@intel.com> <20190813205225.12032-2-yu-cheng.yu@intel.com>
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)

* Yu-cheng Yu:

> +ENDBR
> +    The compiler inserts an ENDBR at all valid branch targets.  Any
> +    CALL/JMP to a target without an ENDBR triggers a control
> +    protection fault.

Is this really correct?  I think ENDBR is needed only for indirect
branch targets where the jump/call does not have a NOTRACK prefix.  In
general, for security hardening, it seems best to minimize the number of
ENDBR instructions, and use NOTRACK for indirect jumps which derive the
branch target address from information that cannot be modified.

Thanks,
Florian

Follow-Ups:
- Re: [PATCH v8 01/27] Documentation/x86: Add CET description
  - From: Yu-cheng Yu

References:
- [PATCH v8 00/27] Control-flow Enforcement: Shadow Stack
  - From: Yu-cheng Yu
- [PATCH v8 01/27] Documentation/x86: Add CET description
  - From: Yu-cheng Yu

Prev by Date: Re: [Cocci] [PATCH v2 08/10] scripts: Coccinelle script for namespace dependencies.
Next by Date: Re: [v2 08/10] scripts: Coccinelle script for namespace dependencies
Previous by thread: [PATCH v8 01/27] Documentation/x86: Add CET description
Next by thread: Re: [PATCH v8 01/27] Documentation/x86: Add CET description
Index(es):
- Date
- Thread

[Index of Archives] [Linux Kernel] [Kernel Newbies] [x86 Platform Driver] [Netdev] [Linux Wireless] [Netfilter] [Bugtraq] [Linux Filesystems] [Yosemite Discussion] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Device Mapper]