Re: [PATCH v2 3/7] x86/altcall: Optimise away endbr64 instruction where possible

2022-03-01 Thread Jan Beulich
On 01.03.2022 15:51, Andrew Cooper wrote: > On 01/03/2022 11:59, Jan Beulich wrote: >> On 14.02.2022 13:56, Andrew Cooper wrote: >>> @@ -330,6 +333,41 @@ static void init_or_livepatch >>> _apply_alternatives(struct alt_instr *start, >>> add_nops(buf + a->repl_len, total_len - a->repl_len)

Re: [PATCH v2 3/7] x86/altcall: Optimise away endbr64 instruction where possible

2022-03-01 Thread Andrew Cooper
On 01/03/2022 11:59, Jan Beulich wrote: > On 14.02.2022 13:56, Andrew Cooper wrote: >> @@ -330,6 +333,41 @@ static void init_or_livepatch >> _apply_alternatives(struct alt_instr *start, >> add_nops(buf + a->repl_len, total_len - a->repl_len); >> text_poke(orig, buf, total_len); >

Re: [PATCH v2 3/7] x86/altcall: Optimise away endbr64 instruction where possible

2022-03-01 Thread Jan Beulich
On 14.02.2022 13:56, Andrew Cooper wrote: > @@ -330,6 +333,41 @@ static void init_or_livepatch _apply_alternatives(struct > alt_instr *start, > add_nops(buf + a->repl_len, total_len - a->repl_len); > text_poke(orig, buf, total_len); > } > + > +/* > + * Clobber endbr6

Re: [PATCH v2 3/7] x86/altcall: Optimise away endbr64 instruction where possible

2022-02-14 Thread Jan Beulich
On 14.02.2022 17:03, Andrew Cooper wrote: > On 14/02/2022 13:51, Jan Beulich wrote: >> On 14.02.2022 14:31, Andrew Cooper wrote: >>> On 14/02/2022 13:06, Jan Beulich wrote: On 14.02.2022 13:56, Andrew Cooper wrote: > @@ -330,6 +333,41 @@ static void init_or_livepatch > _apply_alternat

Re: [PATCH v2 3/7] x86/altcall: Optimise away endbr64 instruction where possible

2022-02-14 Thread Andrew Cooper
On 14/02/2022 13:51, Jan Beulich wrote: > On 14.02.2022 14:31, Andrew Cooper wrote: >> On 14/02/2022 13:06, Jan Beulich wrote: >>> On 14.02.2022 13:56, Andrew Cooper wrote: @@ -330,6 +333,41 @@ static void init_or_livepatch _apply_alternatives(struct alt_instr *start, add_n

Re: [PATCH v2 3/7] x86/altcall: Optimise away endbr64 instruction where possible

2022-02-14 Thread Jan Beulich
On 14.02.2022 14:31, Andrew Cooper wrote: > On 14/02/2022 13:06, Jan Beulich wrote: >> On 14.02.2022 13:56, Andrew Cooper wrote: >>> @@ -330,6 +333,41 @@ static void init_or_livepatch >>> _apply_alternatives(struct alt_instr *start, >>> add_nops(buf + a->repl_len, total_len - a->repl_len)

Re: [PATCH v2 3/7] x86/altcall: Optimise away endbr64 instruction where possible

2022-02-14 Thread Andrew Cooper
On 14/02/2022 13:06, Jan Beulich wrote: > On 14.02.2022 13:56, Andrew Cooper wrote: >> With altcall, we convert indirect branches into direct ones. With that >> complete, none of the potential targets need an endbr64 instruction. >> >> Furthermore, removing the endbr64 instructions is a security d

Re: [PATCH v2 3/7] x86/altcall: Optimise away endbr64 instruction where possible

2022-02-14 Thread Jan Beulich
On 14.02.2022 13:56, Andrew Cooper wrote: > With altcall, we convert indirect branches into direct ones. With that > complete, none of the potential targets need an endbr64 instruction. > > Furthermore, removing the endbr64 instructions is a security defence-in-depth > improvement, because it lim

[PATCH v2 3/7] x86/altcall: Optimise away endbr64 instruction where possible

2022-02-14 Thread Andrew Cooper
With altcall, we convert indirect branches into direct ones. With that complete, none of the potential targets need an endbr64 instruction. Furthermore, removing the endbr64 instructions is a security defence-in-depth improvement, because it limits the options available to an attacker who has man