Re: [PATCH v10 01/26] Documentation/x86: Add CET description

[PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 02/26] x86/cpufeatures: Add CET CPU feature flags for Control-flow Enforcement Technology (CET) · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 03/26] x86/fpu/xstate: Introduce CET MSR XSAVES supervisor states · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 03/26] x86/fpu/xstate: Introduce CET MSR XSAVES supervisor states · Sean Christopherson <hidden> · 2020-07-23
Re: [PATCH v10 03/26] x86/fpu/xstate: Introduce CET MSR XSAVES supervisor states · Yu-cheng Yu <hidden> · 2020-07-23
[PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-04-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-12
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-15
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · H.J. Lu <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-17
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · H.J. Lu <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-18
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Dave Hansen <hidden> · 2020-05-19
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andy Lutomirski <luto@amacapital.net> · 2020-05-19
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andy Lutomirski <luto@kernel.org> · 2020-05-20
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Yu-cheng Yu <hidden> · 2020-05-29
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andrew Cooper <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · H.J. Lu <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andrew Cooper <hidden> · 2020-05-16
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Peter Zijlstra <peterz@infradead.org> · 2020-05-22
Re: [PATCH v10 01/26] Documentation/x86: Add CET description · Andrew Cooper <hidden> · 2020-05-22
[PATCH v10 06/26] x86/mm: Change _PAGE_DIRTY to _PAGE_DIRTY_HW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 12/26] mm: Introduce VM_SHSTK for shadow stack memory · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 11/26] x86/mm: Update ptep_set_wrprotect() and pmdp_set_wrprotect() for transition from _PAGE_DIRTY_HW to _PAGE_COW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 14/26] x86/mm: Update maybe_mkwrite() for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 13/26] x86/mm: Shadow Stack page fault error checking · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 24/26] x86/cet/shstk: ELF header parsing for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 25/26] x86/cet/shstk: Handle thread shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 23/26] ELF: Introduce arch_setup_elf_property() · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Kees Cook <hidden> · 2020-05-21
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2020-05-22
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Eugene Syromiatnikov <hidden> · 2020-05-22
Re: [PATCH v10 26/26] x86/cet/shstk: Add arch_prctl functions for shadow stack · Yu-cheng Yu <hidden> · 2020-05-22
[PATCH v10 20/26] x86/cet/shstk: Handle signals for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 22/26] ELF: Add ELF program property parsing support · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 19/26] x86/cet/shstk: User-mode shadow stack support · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 21/26] ELF: UAPI and Kconfig additions for ELF program properties · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 18/26] mm: Update can_follow_write_pte() for shadow stack · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 17/26] mm/mmap: Add shadow stack pages to memory accounting · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 16/26] mm: Add guard pages around a shadow stack. · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 15/26] mm: Fixup places that call pte_mkwrite() directly · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 10/26] x86/mm: Update pte_modify for _PAGE_COW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 09/26] drm/i915/gvt: Change _PAGE_DIRTY to _PAGE_DIRTY_BITS · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 08/26] x86/mm: Introduce _PAGE_COW · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 07/26] x86/mm: Remove _PAGE_DIRTY_HW from kernel RO pages · Yu-cheng Yu <hidden> · 2020-04-29
[PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack · Dave Hansen <hidden> · 2020-05-07
Re: [PATCH v10 05/26] x86/cet/shstk: Add Kconfig option for user-mode Shadow Stack · Yu-cheng Yu <hidden> · 2020-05-07
[PATCH v10 04/26] x86/cet: Add control-protection fault handler · Yu-cheng Yu <hidden> · 2020-04-29
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Josh Poimboeuf <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Josh Poimboeuf <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-05-21
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Dave Hansen <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Dave Hansen <hidden> · 2020-07-23
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Yu-cheng Yu <hidden> · 2020-07-24
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-24
Re: [PATCH v10 00/26] Control-flow Enforcement: Shadow Stack · Sean Christopherson <hidden> · 2020-07-24

From: Dave Hansen <hidden>
Date: 2020-04-29 22:53:05
Also in: linux-arch, linux-doc, linux-mm, lkml

On 4/29/20 3:07 PM, Yu-cheng Yu wrote:

+Note:
+  There is no CET-enabling arch_prctl function.  By design, CET is enabled
+  automatically if the binary and the system can support it.

I think Andy and I danced around this last time.  Let me try to say it
more explicitly.

I want CET kernel enabling to able to be disconnected from the on-disk
binary.  I want a binary compiled with CET to be able to disable it, and
I want a binary not compiled with CET to be able to enable it.  I want
different threads in a process to be able to each have different CET status.

Which JITs was this tested with?  I think as a bare minimum we need to
know that this design can accommodate _a_ modern JIT.  It would be
horrible if the browser javascript engines couldn't use this design, for
instance.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help