On Tue, Jun 30, 2026 at 4:40 PM Dave Hansen <[email protected]> wrote: > > On 6/30/26 15:47, Xiang Mei wrote: > > On Tue, Jun 30, 2026 at 3:14 PM H. Peter Anvin <[email protected]> wrote: > >> On 2026-06-30 15:05, Dave Hansen wrote: > >>> On 6/30/26 15:02, Xiang Mei wrote: > >>>> Please feel free to ask any questions; I am glad to help. > >>> How do the CET features: kernel IBT and the (theoretical for Linux) > >>> kernel shadow stacks impact the situation? > >> CET should prevent this from being the target of a JOP attack. > >> > > You are right; CET breaks the assumption that this technique needs a > > CFH primitive. > > I'm not sure what you're saying. > > Are you saying that this ENTER-based technique is worthless if IBT is in > play, so the new stack gap is a worthless mitigation too?
IBT makes it hard to use a CFH primitive(including ENTER gadgets, which are a subset of CFH gadgets). Currently, it's worthless to enlarge the guard area for Fine-IBT/kCFI protected targets. Xiang

