scottconstable wrote: I also do not want to lose sight of one of the other obvious advantages that was mentioned in the PR description:
> One additional benefit of this patch is that it can benefit other CFI > approaches that build on kCFI, such as FineIBT. For example, this proposed > enhancement to FineIBT must be able to infer (at kernel init time) which > registers are live at an indirect call target: > https://lkml.org/lkml/2024/9/27/982. If the arity bits are available in the > kCFI type ID, then this information is trivial to infer. To elaborate, we are concurrently working on a Linux kernel patch to enhance FineIBT (which is a KCFI-like solution that utilizes x86 Indirect Branch Tracking). The goal is to extend FineIBT to poison live argument registers if a hash check fails after a branch mis-prediction. This enhancement can help to mitigate a variety of Spectre attacks in the Linux kernel. https://github.com/llvm/llvm-project/pull/117121 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
