Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Split CFI jump tables between core kernel and entry code so KPTI doesn't have to map the entire jump table #23

Closed
kees opened this issue Nov 21, 2019 · 2 comments
Labels
[ARCH] x86_64 [Feature] CFI

Comments

@kees
Copy link

@kees kees commented Nov 21, 2019

https://outflux.net/blog/archives/2019/11/20/experimenting-with-clang-cfi-in-upstream-linux/

There seems to be some generated code that is being run at syscall entry that is not mapped. I suspect there is something still doing CFI checks on entry (and their resulting jump tables are missing), but I haven't found them yet. For now, disable KPTI under CFI (at run time, so test kernels can still boot with "pti" to enable it again).

@kees kees added [ARCH] x86_64 [Feature] CFI labels Nov 21, 2019
@kees
Copy link
Author

@kees kees commented Feb 25, 2020

Looks like current best solution is to just always map the jump tables.

@kees kees added the [PATCH] Exists label Feb 25, 2020
@kees kees changed the title KPTI+CFI on x86 trips over something in entry code Split CFI jump tables between core kernel and entry code so KPTI doesn't have to map the entire jump table Mar 11, 2021
@kees kees removed the [PATCH] Exists label Mar 11, 2021
@kees
Copy link
Author

@kees kees commented Sep 16, 2021

No longer an issue; the entry code is using the opaque types to avoid CFI instrumentation.

@kees kees closed this as completed Oct 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
[ARCH] x86_64 [Feature] CFI
Projects
None yet
Development

No branches or pull requests

1 participant