Received: by 2002:a25:e7d8:0:0:0:0:0 with SMTP id e207csp87192ybh; Mon, 9 Mar 2020 16:52:41 -0700 (PDT) X-Google-Smtp-Source: ADFU+vuFtxBDo+AgxsJai7pOyBtJ+ricu8d4WvEL5w2RZPhmObVoKd8UdUjF1Q/WlFP8Q7va9pZk X-Received: by 2002:a9d:5e06:: with SMTP id d6mr15673807oti.311.1583797961045; Mon, 09 Mar 2020 16:52:41 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1583797961; cv=none; d=google.com; s=arc-20160816; b=LZG+hAcl5FmLRiLfCjFABNVrk4cNZm8gET3blImb7Gae2zEF2BpHxsj/V5eOGToImA t3OQ/JutbowfsHrxF6IHUmiSbx6DMLS0t7/81q3Svk/0xFgr0ilp8InXBOIMqzjU0pxY +QgizTwM6SP9Yc7V8sML8nLCzi0Skirxtwu4uw6Yi7fFPf0sYDg3q7l2yUrUlTTF9tgV Q3D9Ya0eXeIeXEmEzw92tx7e38+cPlRYb1Wbyg1pMBVg6r1PUVKlmINv1x2Apx1JhTyJ ikIUrpsoSWROA+edUmfdO7M4WthwcW1Lnry0juYyINYCQpawFm/Y6NXRG6/dl4kalyGm IfHg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=o4lgiWH6eSguIJ+rpfWkJ3kTc3LqylAb1v0iFg82xVM=; b=M63x61yseaeAHzX1FqphoUCiioy8bBBGgSruY8RDWA+sv5rhz5fVLBDKwQIQ9+usyP fjojRbuuSxVMWVyKJbWQZ0ZjWx0Ybyg6rz+1EYO7B7t0NTk7Vdsa2VEG7mVns8m06UIm sbhBSbheTICLEg8phX7MAWChcA3MLmbw4UWM/bD/F2KSfpCnEKeM9mBkf5o3fsJnU8/J 4/+gE+1l4hD2OXyMeRuNwznjlWWN9HLhC/uaxiQdmnDCEtcD70T95e6u4dxhsJDVLd3h RRL3bzr64L3TRtNSZzE4CYL1gg6k7XcrX0szUj7ddPnAV0NT2yxH6XmgaAAcsVh5+cvH DfQg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=fyg2S+K7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d8si7346201oti.306.2020.03.09.16.52.29; Mon, 09 Mar 2020 16:52:41 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=fyg2S+K7; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727414AbgCIXwL (ORCPT + 99 others); Mon, 9 Mar 2020 19:52:11 -0400 Received: from mail-oi1-f196.google.com ([209.85.167.196]:32795 "EHLO mail-oi1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726275AbgCIXwK (ORCPT ); Mon, 9 Mar 2020 19:52:10 -0400 Received: by mail-oi1-f196.google.com with SMTP id q81so12081256oig.0; Mon, 09 Mar 2020 16:52:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=o4lgiWH6eSguIJ+rpfWkJ3kTc3LqylAb1v0iFg82xVM=; b=fyg2S+K7jn/qeT9SgWQmqN2geEgL65yx1H+rp5dCEV5PiPqK6ni9UqjEfhJfsgoYaW OziD6jaWal/oW3ui7xlXuTch25yO5o22rGOlNiUK5YmTxJh5jehHuiLNSzBszIN6EtX3 FrTk+Aj1ToutZgYVqlzApuoQLjLKFsmKpz/w+eMQPBcLDX1pGXaQPDHRvWEAyPktuZVD cmqOIzRYB0UeOH/pENt97g0eaUUAdFksLKMVrcnH4xtgwdC3a3f3j2xPzohJeWb/1dD6 rDcMDBEK3h/W2+BvLcnxPhuhQalhW+3B2lKG9z/3a0N/RsNgVuDjidisF35y5lXkfYMW 1loA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=o4lgiWH6eSguIJ+rpfWkJ3kTc3LqylAb1v0iFg82xVM=; b=K9inyATudbDqwinGIwiQDFqZtLorQK8jIOIyVeMJ6Higm2UkFcZKdLTKU7sZU7+LYO iTGRrMPJZTdfEOFUHTaX3RR7iePHZDtuIQhO86APsOpXLPmsYzU1fvQ2SK3p0Gs1BD9l WF+jtsvYS2AspvkYMzKv29mzXiL/NGspHalzgRASHWPcSD14lcQIp3yX2H8U4U8IiDHJ bA7wogdbCri/dcD2KCTsSPjUvWGnq21WiyTFTjfOKI44epore8kBOIEgRHJGVhCWivLa 0LcmQe1zEmgHa8Am9juxnX139oeF6CJaPeGCpS1Nk6LCpXzBIOWomlg7wOw2P2bvmGII YDkA== X-Gm-Message-State: ANhLgQ0pf8OnGdWNHasf4bVn8/RaPuCWQ+zOn5rsu3yxAhn7/zOOf1Me A+LEeFCnrlfiTwljEWCni5LZWIn0/Z6wwv3GDbE= X-Received: by 2002:a05:6808:56:: with SMTP id v22mr1166010oic.116.1583797929940; Mon, 09 Mar 2020 16:52:09 -0700 (PDT) MIME-Version: 1.0 References: <0088001c-0b12-a7dc-ff2a-9d5c282fa36b@intel.com> <56ab33ac-865b-b37e-75f2-a489424566c3@intel.com> In-Reply-To: From: "H.J. Lu" Date: Mon, 9 Mar 2020 16:51:33 -0700 Message-ID: Subject: Re: [RFC PATCH v9 01/27] Documentation/x86: Add CET description To: Dave Hansen Cc: Andy Lutomirski , Yu-cheng Yu , "the arch/x86 maintainers" , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , LKML , linux-doc@vger.kernel.org, Linux-MM , linux-arch , Linux API , Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , x86-patch-review@intel.com Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Mar 9, 2020 at 4:21 PM Dave Hansen wrote: > > On 3/9/20 4:11 PM, H.J. Lu wrote: > > A threaded application is loaded from disk. The object file on disk is > > either CET enabled or not CET enabled. > > Huh. Are you saying that all instructions executed on userspace on > Linux come off of object files on the disk? That's an interesting > assertion. You might want to go take a look at the processes on your > systems. Here's my browser for example: > > # for p in $(ps aux | grep chromium | awk '{print $2}' ); do cat > /proc/$p/maps; done | grep ' r-xp 00000000 00:00 0' > ... > 202f00082000-202f000bf000 r-xp 00000000 00:00 0 > 202f000c2000-202f000c3000 r-xp 00000000 00:00 0 > 202f00102000-202f00103000 r-xp 00000000 00:00 0 > 202f00142000-202f00143000 r-xp 00000000 00:00 0 > 202f00182000-202f001bf000 r-xp 00000000 00:00 0 > > Lots of funny looking memory areas which are anonymous and executable! > Those didn't come off the disk. Same thing in firefox. Weird. Any > idea what those are? > > One guess: https://en.wikipedia.org/wiki/Just-in-time_compilation jitted code belongs to a process loaded from disk. Enable CET in an application which uses JIT engine means to also enable CET in JIT engine. Take git as an example, "git grep" crashed for me on Tiger Lake. It turned out that git itself was compiled with -fcf-protection and git was linked against libpcre2-8.so.0 also compiled with -fcf-protection, which has a JIT, sljit, which was not CET enabled. git crashed in the jitted codes due to missing ENDBR. I had to enable CET in sljit to make git working on CET enabled Tiger Lake. So we need to enable CET in JIT engine before enabling CET in applications which use JIT engine. -- H.J.