Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1501877pxk; Fri, 18 Sep 2020 14:26:34 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxMkFfapvf9cQ7DTIBx0GwxPBftnmdZ99aGlnbU5bTYCGVgBGkgthtzCLUeKVEOqVwUu+V3 X-Received: by 2002:a17:906:7e42:: with SMTP id z2mr37265483ejr.206.1600464393960; Fri, 18 Sep 2020 14:26:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600464393; cv=none; d=google.com; s=arc-20160816; b=DZBmltg4NONxJDevS/ecIQz2haDz0hMErjeh55wr4/7frZJ6CQ5kW4ZEBE4R/QQxwX qpMZufIXRezRrid6lHMkGa8jcBTyu8p9ZT2RkOlDul6EFwSI24Wz4sJhqNcoOIkMEpuE 9/q9xpUQ6pYUWjHfpVwoEQevM/eFX1+vHKDx90MsHrR7Yl6xbFcwl8FAIw+/sJ56U8ZA oZwWdCtEt/IAwHtD+EpGJbqi6pcj3hJyE035Og7M4nCfXzv/w2kfPNmfPYm1iB45yYpL GEJdRafzmW8hEgtsjZeLHU2lqi5umCMdD3k25a6NvqPWVK6Gu86sw+9xO6i0PKnidks8 LLXQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject:ironport-sdr:ironport-sdr; bh=7DH2OqJiLDeFeBvkWarHdd1afGCOiPx3S3YRxJanoA0=; b=SARMAs7fwUIzvhDs8QDhm7wlkwFIWLHW3tj5Kf8KpY1gV7IxZtuZJy5yzAQIyZ2LYE xLiZgZqCcZCC404l8vekf6ryuwabT1qEU+HdkU3lkiEJtU5cqwlZrXozUesaoqFk39NW 8MfrmtA0yjpt9c1bwtDSa3uwTxvpwSAQP+ZmO9m4W03KCvwkGPMyNZTEFc1rE11UHRXW 0Mz0aWwmxMWZ+XsM0PkR2VzBtk1JY8d83y7vOxHrCvl1fdSd2+jN9aZFcFwx6vATVOyP J/mGNd8ODrwcjimmu0+o9sU30RMMunBQ5Rydg3oj6015uUE7u3OeSTueReUWPs4IEOgv 1V3w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dd25si2988355ejb.177.2020.09.18.14.26.09; Fri, 18 Sep 2020 14:26:33 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726252AbgIRVZQ (ORCPT + 99 others); Fri, 18 Sep 2020 17:25:16 -0400 Received: from mga02.intel.com ([134.134.136.20]:40168 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726118AbgIRVZP (ORCPT ); Fri, 18 Sep 2020 17:25:15 -0400 IronPort-SDR: yOilVnswrj4ux1IPD2errlg1fU9PLGNc+Ym7Zqg4NDtf/+THt4vHat+sgAxggV65Be1MMk0VBq UQXnyTk48WSg== X-IronPort-AV: E=McAfee;i="6000,8403,9748"; a="147719056" X-IronPort-AV: E=Sophos;i="5.77,274,1596524400"; d="scan'208";a="147719056" X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga001.jf.intel.com ([10.7.209.18]) by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Sep 2020 14:25:15 -0700 IronPort-SDR: ZiAjpg9H+lTWiWwlbjyUOoATbibiuL2QEtEgXKwIohCa+6zltUvTvc3s1u8mlpNXGGhxxqAhG7 J6PuvaHWSUyQ== X-IronPort-AV: E=Sophos;i="5.77,274,1596524400"; d="scan'208";a="381051638" Received: from yyu32-mobl1.amr.corp.intel.com (HELO [10.212.0.248]) ([10.212.0.248]) by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Sep 2020 14:25:13 -0700 Subject: Re: [PATCH v12 1/8] x86/cet/ibt: Add Kconfig option for user-mode Indirect Branch Tracking To: Pavel Machek , Randy Dunlap Cc: x86@kernel.org, "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , linux-kernel@vger.kernel.org, linux-doc@vger.kernel.org, linux-mm@kvack.org, linux-arch@vger.kernel.org, linux-api@vger.kernel.org, Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Peter Zijlstra , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang References: <20200918192312.25978-1-yu-cheng.yu@intel.com> <20200918192312.25978-2-yu-cheng.yu@intel.com> <20200918205933.GB4304@duo.ucw.cz> From: "Yu, Yu-cheng" Message-ID: <019b5e45-b116-7f3d-f1f2-3680afbd676c@intel.com> Date: Fri, 18 Sep 2020 14:25:12 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0 MIME-Version: 1.0 In-Reply-To: <20200918205933.GB4304@duo.ucw.cz> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 9/18/2020 1:59 PM, Pavel Machek wrote: > On Fri 2020-09-18 13:24:13, Randy Dunlap wrote: >> Hi, >> >> If you do another version of this: >> >> On 9/18/20 12:23 PM, Yu-cheng Yu wrote: >>> Introduce Kconfig option X86_INTEL_BRANCH_TRACKING_USER. >>> >>> Indirect Branch Tracking (IBT) provides protection against CALL-/JMP- >>> oriented programming attacks. It is active when the kernel has this >>> feature enabled, and the processor and the application support it. >>> When this feature is enabled, legacy non-IBT applications continue to >>> work, but without IBT protection. >>> >>> Signed-off-by: Yu-cheng Yu >>> --- >>> v10: >>> - Change build-time CET check to config depends on. >>> >>> arch/x86/Kconfig | 16 ++++++++++++++++ >>> 1 file changed, 16 insertions(+) >>> >>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig >>> index 6b6dad011763..b047e0a8d1c2 100644 >>> --- a/arch/x86/Kconfig >>> +++ b/arch/x86/Kconfig >>> @@ -1963,6 +1963,22 @@ config X86_INTEL_SHADOW_STACK_USER >>> >>> If unsure, say y. >>> >>> +config X86_INTEL_BRANCH_TRACKING_USER >>> + prompt "Intel Indirect Branch Tracking for user-mode" >>> + def_bool n >>> + depends on CPU_SUP_INTEL && X86_64 >>> + depends on $(cc-option,-fcf-protection) >>> + select X86_INTEL_CET >>> + help >>> + Indirect Branch Tracking (IBT) provides protection against >>> + CALL-/JMP-oriented programming attacks. It is active when >>> + the kernel has this feature enabled, and the processor and >>> + the application support it. When this feature is enabled, >>> + legacy non-IBT applications continue to work, but without >>> + IBT protection. >>> + >>> + If unsure, say y >> >> If unsure, say y. > > Actually, it would be "If unsure, say Y.", to be consistent with the > rest of the Kconfig. > > But I wonder if Yes by default is good idea. Only very new CPUs will > support this, right? Are they even available at the market? Should the > help text say "if your CPU is Whatever Lake or newer, ...." :-) ? I will revise the wording if there is another version. But a CET-capable kernel can run on legacy systems. We have been testing that combination. Yu-cheng