linux.git - Linus' kernel tree

diff options

author	Peter Zijlstra <peterz@infradead.org>	2025-02-26 12:25:17 +0100
committer	Ingo Molnar <mingo@kernel.org>	2025-02-26 12:27:45 +0100
commit	97e59672a9d2aec0c27f6cd6a6b0edfdd6e5a85c (patch)
tree	67e510c3bfdf0f606266b1c801d2b762d5da79f3 /tools/perf/scripts/python/export-to-postgresql.py
parent	029f718fedd72872f7475604fe71b2a841108834 (diff)

x86/ibt: Add paranoid FineIBT mode

Due to concerns about circumvention attacks against FineIBT on 'naked' ENDBR, add an additional caller side hash check to FineIBT. This should make it impossible to pivot over such a 'naked' ENDBR instruction at the cost of an additional load. The specific pivot reported was against the SYSCALL entry site and FRED will have all those holes fixed up. https://lore.kernel.org/linux-hardening/Z60NwR4w%2F28Z7XUa@ubun/ This specific fineibt_paranoid_start[] sequence was concocted by Scott. Suggested-by: Scott Constable <scott.d.constable@intel.com> Reported-by: Jennifer Miller <jmill@asu.edu> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Signed-off-by: Ingo Molnar <mingo@kernel.org> Reviewed-by: Kees Cook <kees@kernel.org> Link: https://lore.kernel.org/r/20250224124200.598033084@infradead.org

Diffstat (limited to 'tools/perf/scripts/python/export-to-postgresql.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: