Thread (62 messages) 62 messages, 5 authors, 2021-08-21

Re: [PATCH v28 00/32] Control-flow Enforcement: Shadow Stack

From: Yu, Yu-cheng <hidden>
Date: 2021-07-23 17:28:54
Also in: linux-arch, linux-doc, linux-mm, lkml

On 7/22/2021 2:08 PM, Dave Hansen wrote:
On 7/22/21 1:51 PM, Yu-cheng Yu wrote:
quoted
Linux distributions with CET are available now, and Intel processors with CET
are already on the market.  It would be nice if CET support can be accepted
into the kernel.

Changes in v28:
- Rebase to Linus tree v5.14-rc2.
- Patch #1: Update Document to indicate no-user-shstk also disables IBT.
- Patch #23: Update shstk_setup() with wrmsrl_safe().  Update return value.
- Patch #25: Split out copy_thread() changes.  Add support for old clone().
   Add comments.
- Add comments for get_xsave_addr() (Patch #25, #26).
Could you characterize where this whole thing is?

Are we at the point where the feedback is slowing down?  What kind of
feedback are you getting?  How stable is the ABI versus the last revision?
The ABI has not changed since last version, except the addition of 
shadow stack support for legacy clone().  This does not de-stabilize the 
ABI.

Looking back at recent feedback:

- Boris had given lots of comments on code flow, syntax, etc.  Those are 
all addressed.

- Andy L. commented on the signal handling part, especially the 
introduction of a ucontext extension.  That is eliminated and now there 
is the UC_WAIT_ENDBR flag.

- Kirill commented a few issues on mm patches.  Those are addressed.

- Peter Z. requested splitting shadow stack and ibt.  That is done.

As for running/testing of the series, overall it is stable.

Yu-cheng
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help