Received: by 2002:a25:f815:0:0:0:0:0 with SMTP id u21csp1850581ybd;
        Thu, 27 Jun 2019 02:39:49 -0700 (PDT)
X-Google-Smtp-Source: APXvYqyigZZSPyVj00b4kjW1//JmWymxtEwfhYdIAXN5T9YR/9mdP0agOTeQVbHynZQ9ybefU73F
X-Received: by 2002:a17:902:e512:: with SMTP id ck18mr3380193plb.53.1561628389317;
        Thu, 27 Jun 2019 02:39:49 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561628389; cv=none;
        d=google.com; s=arc-20160816;
        b=iY9E7fThSUV60ofJOefk4wfGAzoZe3ZdgcAcFgmhpV/VS+cTAisVEkc/9nBhWiT9UH
         YLEUJRluzOUUtuqQdP77gf8apUgR3/ZYEffdyw34RaqlMDzyJAh8ZhvqIJMfCzL5E8rO
         0ExCglCVdql+DYMH9BStEu39hxy5vSmbRlG/5MlfF0BKIXXr/EPnH73qn/xssLLixaZq
         Ih6Pl7HpWUDXDTItqdkTIIN6i05nSeUHK7coTjQNT8h+JFs+6ft62iO8ZxfGP6RDZvuV
         QBNfZvltbrKPNQ8KGRpFNf9omc7GJQWmACBYDKBQ773d3rOl4BSsmS9JR637TVYnclCY
         0Euw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:message-id
         :in-reply-to:date:references:subject:cc:to:from;
        bh=4b54uAuZ4BltrN1t2Af3HeuszVCm7fzlcea0qBuLP40=;
        b=gfxx0gj5xXaL4/gV0Vo1xMk3iJMKpKG2iMb6sJRAdnAKYdR68KNFeVPJhZXzBlY92L
         qjP9o8kXJa4AFsEjXKwcLUBScsUJflkjAPAOXdB86vZGrgvrzxgEiWzBL3YGS7pscXN7
         BF31+wHabGvoE8en9qW6nPTLQiCRzYQm7b1OdTtKno+3S2ZQ7505iywdp+q1vr8F8n9r
         EV3cVAck31NoVUB9onsK3twE9KvRWHbzdtpOCgz1aSqikDEoEOXi0Yh55P2ABsULR3JF
         fLD4E0YKLuNrXnScoFmnmAzvBghYBGTF6GKPG3OBEWclBuI5XOkk4SBB5dXJ+s6PX5Ff
         ABxg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h2si1636150pgs.227.2019.06.27.02.39.31;
        Thu, 27 Jun 2019 02:39:49 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726531AbfF0JjI (ORCPT <rfc822;tinymelodyofdream@gmail.com>
        + 99 others); Thu, 27 Jun 2019 05:39:08 -0400
Received: from mx1.redhat.com ([209.132.183.28]:53881 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1725385AbfF0JjI (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 27 Jun 2019 05:39:08 -0400
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 889F081E0A;
        Thu, 27 Jun 2019 09:38:59 +0000 (UTC)
Received: from oldenburg2.str.redhat.com (dhcp-192-180.str.redhat.com [10.33.192.180])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 507835C1B4;
        Thu, 27 Jun 2019 09:38:46 +0000 (UTC)
From:   Florian Weimer <fweimer@redhat.com>
To:     Andy Lutomirski <luto@kernel.org>
Cc:     Dave Martin <Dave.Martin@arm.com>,
        Yu-cheng Yu <yu-cheng.yu@intel.com>, X86 ML <x86@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>,
        LKML <linux-kernel@vger.kernel.org>,
        "open list\:DOCUMENTATION" <linux-doc@vger.kernel.org>,
        Linux-MM <linux-mm@kvack.org>,
        linux-arch <linux-arch@vger.kernel.org>,
        Linux API <linux-api@vger.kernel.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Balbir Singh <bsingharora@gmail.com>,
        Cyrill Gorcunov <gorcunov@gmail.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Eugene Syromiatnikov <esyr@redhat.com>,
        "H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Mike Kravetz <mike.kravetz@oracle.com>,
        Nadav Amit <nadav.amit@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
        Peter Zijlstra <peterz@infradead.org>,
        Randy Dunlap <rdunlap@infradead.org>,
        "Ravi V. Shankar" <ravi.v.shankar@intel.com>,
        Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
        Szabolcs Nagy <szabolcs.nagy@arm.com>,
        libc-alpha <libc-alpha@sourceware.org>
Subject: Re: [PATCH] binfmt_elf: Extract .note.gnu.property from an ELF file
References: <20190501211217.5039-1-yu-cheng.yu@intel.com>
        <20190502111003.GO3567@e103592.cambridge.arm.com>
        <CALCETrVZCzh+KFCF6ijuf4QEPn=R2gJ8FHLpyFd=n+pNOMMMjA@mail.gmail.com>
Date:   Thu, 27 Jun 2019 11:38:45 +0200
In-Reply-To: <CALCETrVZCzh+KFCF6ijuf4QEPn=R2gJ8FHLpyFd=n+pNOMMMjA@mail.gmail.com>
        (Andy Lutomirski's message of "Wed, 26 Jun 2019 10:14:07 -0700")
Message-ID: <87ef3fweoq.fsf@oldenburg2.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Thu, 27 Jun 2019 09:39:08 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

* Andy Lutomirski:

> Also, I don't think there's any actual requirement that the upstream
> kernel recognize existing CET-enabled RHEL 8 binaries as being
> CET-enabled.  I tend to think that RHEL 8 jumped the gun here.

The ABI was supposed to be finalized and everyone involved thought it
had been reviewed by the GNU gABI community and other interested
parties.  It had been included in binutils for several releases.

From my point of view, the kernel is just a consumer of the ABI.  The
kernel would not change an instruction encoding if it doesn't like it
for some reason, either.

> While the upstream kernel should make some reasonble effort to make
> sure that RHEL 8 binaries will continue to run, I don't see why we
> need to go out of our way to keep the full set of mitigations
> available for binaries that were developed against a non-upstream
> kernel.

They were developed against the ABI specification.

I do not have a strong opinion what the kernel should do going forward.
I just want to make clear what happened.

Thanks,
Florian