On Tue, Jun 30, 2026 at 4:40 PM Dave Hansen <[email protected]> wrote:
>
> On 6/30/26 15:47, Xiang Mei wrote:
> > On Tue, Jun 30, 2026 at 3:14 PM H. Peter Anvin <[email protected]> wrote:
> >> On 2026-06-30 15:05, Dave Hansen wrote:
> >>> On 6/30/26 15:02, Xiang Mei wrote:
> >>>> Please feel free to ask any questions; I am glad to help.
> >>> How do the CET features: kernel IBT and the (theoretical for Linux)
> >>> kernel shadow stacks impact the situation?
> >> CET should prevent this from being the target of a JOP attack.
> >>
> > You are right; CET breaks the assumption that this technique needs a
> > CFH primitive.
>
> I'm not sure what you're saying.
>
> Are you saying that this ENTER-based technique is worthless if IBT is in
> play, so the new stack gap is a worthless mitigation too?

IBT makes it hard to use a CFH primitive(including ENTER gadgets,
which are a subset of CFH gadgets).
Currently, it's worthless to enlarge the guard area for Fine-IBT/kCFI
protected targets.

Xiang

Reply via email to