Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp1170434imm; Thu, 4 Oct 2018 09:12:47 -0700 (PDT) X-Google-Smtp-Source: ACcGV62n0tdxAxY5Z3i3n0BfQY/ZM9qPmSMpthdWlD53ekpDaNw5sLAfIdLTgZR64JPZsfimszXd X-Received: by 2002:a62:594f:: with SMTP id n76-v6mr7664738pfb.42.1538669567625; Thu, 04 Oct 2018 09:12:47 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1538669567; cv=none; d=google.com; s=arc-20160816; b=yMqbz3R0pnxI0vsQxBuUoe/SrZDPO0wOYGGm0vP49FOWUNZ1eCeF1+w8B6ZOdqArNm EPmM6YF1T9g4450XglnLrN3PnU2dfHvWzrM0zD/2Si7VXov/TH++gW3/NKojr/99hXBj tpmq/ZYT2/TEImp8JWB6iKRUs/P6z3a4ZXfZLZCmymQX7RqQxgBd2pe8+NulYIXyz6Zk N8L5DZL2Ok++paDA986iQVN8PWSoRXujN0JHQRHEwHLrjEkioi/fKOiMk2ZCz8KVhP7x DAFBvQJ0HF0E6zrUf4XXxhEhwmjScPtBcr+6ANtHxsLwXcxAmhHykVJgwQxnzN+noUQz BL5A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=zwA+tSgQuA+pgEuJcmrQMT7TOK3gYP4Fut+qMSm90Hg=; b=WMndq+894OmrTyl/JnDl/WJPMhtszUZelVZYheDNsJK8q0Rn8V24zP8OxValgg6erP 24iI2WQQY9d7BuNhTWEkWGJR0sSJORH7C8ASM0hVH8OyJFd3HunQ+W/Byd8A76J6UOnC 7cxortwsOo9+KIzJO+7tGQrbo7OmVQEnBUONE1aUWRCddH+v8279uw0Iw/XwC5M5vHHQ 0nCzmsS7LblWdqc1P4SlkeB8QxXFwHdLky8UFV4Nb/bQBw3xvJ9gCF2Ldkkuo5hef2ck YZE9rIKwOvHUoE2cqyalI1MO7nN5rrE/BnZO9KFwp5hD7DfkBds6ZotpdEzuhp9E25Tx MqDg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=WJAHVy74; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r8-v6si5696323pfh.229.2018.10.04.09.12.31; Thu, 04 Oct 2018 09:12:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@amacapital-net.20150623.gappssmtp.com header.s=20150623 header.b=WJAHVy74; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727709AbeJDXGO (ORCPT + 99 others); Thu, 4 Oct 2018 19:06:14 -0400 Received: from mail-wm1-f66.google.com ([209.85.128.66]:51047 "EHLO mail-wm1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727484AbeJDXGO (ORCPT ); Thu, 4 Oct 2018 19:06:14 -0400 Received: by mail-wm1-f66.google.com with SMTP id s12-v6so9596254wmc.0 for ; Thu, 04 Oct 2018 09:12:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amacapital-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zwA+tSgQuA+pgEuJcmrQMT7TOK3gYP4Fut+qMSm90Hg=; b=WJAHVy74lH3c9Jeb/T+x86gz1Cx56o2qAQ9NBp14bVHT73QP6EpmuA3Wa7a7RUC7hN ffNQ53yVTyYps3wQ+jTptvKUoz2pdUV9cbIMrE/RzpzJzvdeqtiqzj1IDAaKTUZFSBYF +oeaRVYyLIhjQzHST+WbYpUwZ1kvrkGsPtDoAfqYoYjSWFnLr0wqUPJu7WyCQLoEQu3F tVbG6mIrVJD/qNzCS30H6TvQ9gTv5b7MnYapTdLiILuioWj+C+93M2frkxPNbbl4HRyF 8DriNhs1EzLc4+MV2oU0VnQA8J6/3bivnGfi4h4A6AMi5toKpL9ngZONX6K4Mg7Eevp0 6E8Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zwA+tSgQuA+pgEuJcmrQMT7TOK3gYP4Fut+qMSm90Hg=; b=abeYMoYH0eHzBsnwMqPXu1mCKcRPJyEPCVNCtdVpj/6GDYgWndQURR+5+nb/82l7s2 LukgafEkqjL/OBjPioUZKdXnQCvKkH+qOGyuF9V1FEX+qftnwHml7/88WIcpHhBaqu4M MNJ8khmo768I53vvKUSjZ76rhcXt2tnsBW7O3okeHBz9VCIXn4IqvL5ClyLEKb5bTs+a QxgBlmgOnzm28syQWTfqUBtYdxQ/R9oHbYkqkA44DvxTbdHNluwg51n8aFgl4eoWVxxp dlyBKwklLcaxIMZGh/wRMNriaj1XoYq8JDQ6xiQYYUPMb2Ozt9xsk1aCj2dNhw6GTHcJ Dqzw== X-Gm-Message-State: ABuFfojWh7AWxNFRkfVRSLu8F/8ff7bJ5GYElXGMGadkAhSixLm4qAMO 3oZ97oP50LCgqK0062HACdJnKBzO9i05MVF/ifUulQ== X-Received: by 2002:a1c:1fcd:: with SMTP id f196-v6mr5267962wmf.19.1538669535756; Thu, 04 Oct 2018 09:12:15 -0700 (PDT) MIME-Version: 1.0 References: <20180921150553.21016-1-yu-cheng.yu@intel.com> <20180921150553.21016-7-yu-cheng.yu@intel.com> <20181004132811.GJ32759@asgard.redhat.com> <3350f7b42b32f3f7a1963a9c9c526210c24f7b05.camel@intel.com> <87murtn19o.fsf@mid.deneb.enyo.de> In-Reply-To: <87murtn19o.fsf@mid.deneb.enyo.de> From: Andy Lutomirski Date: Thu, 4 Oct 2018 09:12:04 -0700 Message-ID: Subject: Re: [RFC PATCH v4 6/9] x86/cet/ibt: Add arch_prctl functions for IBT To: Florian Weimer Cc: Yu-cheng Yu , Eugene Syromiatnikov , X86 ML , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , LKML , linux-doc@vger.kernel.org, Linux-MM , linux-arch , Linux API , Arnd Bergmann , Balbir Singh , Cyrill Gorcunov , Dave Hansen , Florian Weimer , "H. J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , "Shanbhogue, Vedvyas" , libc-alpha , "Carlos O'Donell" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Oct 4, 2018 at 9:08 AM Florian Weimer wrote: > > * Yu-cheng Yu: > > > On Thu, 2018-10-04 at 15:28 +0200, Eugene Syromiatnikov wrote: > >> On Fri, Sep 21, 2018 at 08:05:50AM -0700, Yu-cheng Yu wrote: > >> > Update ARCH_CET_STATUS and ARCH_CET_DISABLE to include Indirect > >> > Branch Tracking features. > >> > > >> > Introduce: > >> > > >> > arch_prctl(ARCH_CET_LEGACY_BITMAP, unsigned long *addr) > >> > Enable the Indirect Branch Tracking legacy code bitmap. > >> > > >> > The parameter 'addr' is a pointer to a user buffer. > >> > On returning to the caller, the kernel fills the following: > >> > > >> > *addr = IBT bitmap base address > >> > *(addr + 1) = IBT bitmap size > >> > >> Again, some structure with a size field would be better from > >> UAPI/extensibility standpoint. > >> > >> One additional point: "size" in the structure from kernel should have > >> structure size expected by kernel, and at least providing there "0" from > >> user space shouldn't lead to failure (in fact, it is possible to provide > >> structure size back to userspace even if buffer is too small, along > >> with error). > > > > This has been in GLIBC v2.28. We cannot change it anymore. > > In theory, you could, if you change the ARCH_CET_LEGACY_BITMAP > constant, so that glibc will not use the different arch_prctl > operation. We could backport the change into the glibc 2.28 dynamic > linker, so that existing binaries will start using CET again. Then > only statically linked binaries will be impacted. > > It's definitely not ideal, but it's doable if the interface is > terminally broken or otherwise unacceptable. But to me it looks like > this threshold isn't reached here. I tend to agree. But I do think there's a real problem that should be fixed and won't affect ABI: the *name* of the prctl is pretty bad. I read the test several times trying to decide if you meant ARCH_GET_CET_LEGACY_BITMAP? But you don't. Maybe name it ARCH_CET_CREATE_LEGACY_BITMAP? And explicitly document what it does if legacy bitmap already exists? --Andy