Thread (107 messages) 107 messages, 7 authors, 2020-04-08

Re: [RFC PATCH v9 05/27] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack protection

From: Yu-cheng Yu <hidden>
Date: 2020-03-06 21:16:59
Also in: linux-arch, linux-doc, linux-mm, lkml

On Fri, 2020-03-06 at 11:02 -0800, Dave Hansen wrote:
On 3/6/20 10:37 AM, Yu-cheng Yu wrote:
quoted
We used to do this for CET instructions, but after adding kernel-mode
instructions and inserting ENDBR's, the code becomes cluttered.  I also
found an earlier discussion on the ENDBR:

https://lore.kernel.org/lkml/CALCETrVRH8LeYoo7V1VBPqg4WS0Enxtizt=T7dPvgoeWfJrdzA@mail.gmail.com/ (local)

It makes sense to let the user know early on that the system cannot support
CET and cannot build a CET-enabled kernel.

One thing we can do is to disable CET in Kconfig and not in kernel
build, which I will do in the next version.
I'll go on the record and say I think we should allow building
CET-enabled kernels on old toolchains.  We need it for build test
coverage.  We can spit out a warning, but we need to allow building it.
The build test will go through (assembler or .byte), once the opcode patch
is applied [1].  Also, when we enable kernel-mode CET, it is difficult to
build IBT code without the right tool chain.

Yu-cheng

[1] opcode patch: 
https://lore.kernel.org/lkml/20200204171425.28073-1-yu-cheng.yu@intel.com/ (local)

Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help