Twitter | Pretraživanje | |
Liran Alon 18. sij
Slides on Linux kernel CFI. Clang jmp-table based CFI seems quite bad as add many opcodes before indirect branch, exec additional jmp and requires global call-site visibility (E.g. doesn't work for cross-module branch). (1/2)
Reply Retweet Označi sa "sviđa mi se"
Liran Alon 18. sij
Odgovor korisniku/ci @Liran_Alon
RAP/XFG based on hash seems better. Interesting observation that 7% of indirect branches have >100 valid targets if only hash prototype. Thought: Add compiler annotation for non-cross-module func_ptr & targets that makes linker add unique arg for this branch targets hash? (2/2)
Reply Retweet Označi sa "sviđa mi se"
Dave dwizzzle Weston 18. sij
Odgovor korisniku/ci @Liran_Alon @smealum
I think did a detailed analysis between Clang CFI and XFG
Reply Retweet Označi sa "sviđa mi se"
Liran Alon
Actually, this also made me wonder on Intel CET forward-edge protection: It only verifies that indirect branch target ends with ENDBR64. i.e. Only validates it's some valid target and not considering context/prototype-hash as RAP/XFG. Doesn't this make ENDBR64 mechanism useless?
Reply Retweet Označi sa "sviđa mi se" More
Dave dwizzzle Weston 18. sij
Odgovor korisniku/ci @Liran_Alon @smealum
We don’t use endbranch in Windows
Reply Retweet Označi sa "sviđa mi se"
Liran Alon 18. sij
Odgovor korisniku/ci @dwizzzleMSFT @smealum
Well, that answers it... Kinda disappointing to see yet another HW mechanism added to future CPUs when we already know this early it's not useful compared to existing software techniques. It may turn up to have same future as MPX had... I wonder why Intel doesn't drop it then.
Reply Retweet Označi sa "sviđa mi se"