Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1501877pxk;
        Fri, 18 Sep 2020 14:26:34 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxMkFfapvf9cQ7DTIBx0GwxPBftnmdZ99aGlnbU5bTYCGVgBGkgthtzCLUeKVEOqVwUu+V3
X-Received: by 2002:a17:906:7e42:: with SMTP id z2mr37265483ejr.206.1600464393960;
        Fri, 18 Sep 2020 14:26:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1600464393; cv=none;
        d=google.com; s=arc-20160816;
        b=DZBmltg4NONxJDevS/ecIQz2haDz0hMErjeh55wr4/7frZJ6CQ5kW4ZEBE4R/QQxwX
         qpMZufIXRezRrid6lHMkGa8jcBTyu8p9ZT2RkOlDul6EFwSI24Wz4sJhqNcoOIkMEpuE
         9/q9xpUQ6pYUWjHfpVwoEQevM/eFX1+vHKDx90MsHrR7Yl6xbFcwl8FAIw+/sJ56U8ZA
         oZwWdCtEt/IAwHtD+EpGJbqi6pcj3hJyE035Og7M4nCfXzv/w2kfPNmfPYm1iB45yYpL
         GEJdRafzmW8hEgtsjZeLHU2lqi5umCMdD3k25a6NvqPWVK6Gu86sw+9xO6i0PKnidks8
         LLXQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :in-reply-to:mime-version:user-agent:date:message-id:from:references
         :cc:to:subject:ironport-sdr:ironport-sdr;
        bh=7DH2OqJiLDeFeBvkWarHdd1afGCOiPx3S3YRxJanoA0=;
        b=SARMAs7fwUIzvhDs8QDhm7wlkwFIWLHW3tj5Kf8KpY1gV7IxZtuZJy5yzAQIyZ2LYE
         xLiZgZqCcZCC404l8vekf6ryuwabT1qEU+HdkU3lkiEJtU5cqwlZrXozUesaoqFk39NW
         8MfrmtA0yjpt9c1bwtDSa3uwTxvpwSAQP+ZmO9m4W03KCvwkGPMyNZTEFc1rE11UHRXW
         0Mz0aWwmxMWZ+XsM0PkR2VzBtk1JY8d83y7vOxHrCvl1fdSd2+jN9aZFcFwx6vATVOyP
         J/mGNd8ODrwcjimmu0+o9sU30RMMunBQ5Rydg3oj6015uUE7u3OeSTueReUWPs4IEOgv
         1V3w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id dd25si2988355ejb.177.2020.09.18.14.26.09;
        Fri, 18 Sep 2020 14:26:33 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726252AbgIRVZQ (ORCPT <rfc822;kkoh.linux@gmail.com>
        + 99 others); Fri, 18 Sep 2020 17:25:16 -0400
Received: from mga02.intel.com ([134.134.136.20]:40168 "EHLO mga02.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726118AbgIRVZP (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 18 Sep 2020 17:25:15 -0400
IronPort-SDR: yOilVnswrj4ux1IPD2errlg1fU9PLGNc+Ym7Zqg4NDtf/+THt4vHat+sgAxggV65Be1MMk0VBq
 UQXnyTk48WSg==
X-IronPort-AV: E=McAfee;i="6000,8403,9748"; a="147719056"
X-IronPort-AV: E=Sophos;i="5.77,274,1596524400"; 
   d="scan'208";a="147719056"
X-Amp-Result: SKIPPED(no attachment in message)
X-Amp-File-Uploaded: False
Received: from orsmga001.jf.intel.com ([10.7.209.18])
  by orsmga101.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Sep 2020 14:25:15 -0700
IronPort-SDR: ZiAjpg9H+lTWiWwlbjyUOoATbibiuL2QEtEgXKwIohCa+6zltUvTvc3s1u8mlpNXGGhxxqAhG7
 J6PuvaHWSUyQ==
X-IronPort-AV: E=Sophos;i="5.77,274,1596524400"; 
   d="scan'208";a="381051638"
Received: from yyu32-mobl1.amr.corp.intel.com (HELO [10.212.0.248]) ([10.212.0.248])
  by orsmga001-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 18 Sep 2020 14:25:13 -0700
Subject: Re: [PATCH v12 1/8] x86/cet/ibt: Add Kconfig option for user-mode
 Indirect Branch Tracking
To:     Pavel Machek <pavel@ucw.cz>, Randy Dunlap <rdunlap@infradead.org>
Cc:     x86@kernel.org, "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        Ingo Molnar <mingo@redhat.com>, linux-kernel@vger.kernel.org,
        linux-doc@vger.kernel.org, linux-mm@kvack.org,
        linux-arch@vger.kernel.org, linux-api@vger.kernel.org,
        Arnd Bergmann <arnd@arndb.de>,
        Andy Lutomirski <luto@kernel.org>,
        Balbir Singh <bsingharora@gmail.com>,
        Borislav Petkov <bp@alien8.de>,
        Cyrill Gorcunov <gorcunov@gmail.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        Eugene Syromiatnikov <esyr@redhat.com>,
        Florian Weimer <fweimer@redhat.com>,
        "H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Mike Kravetz <mike.kravetz@oracle.com>,
        Nadav Amit <nadav.amit@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>,
        Peter Zijlstra <peterz@infradead.org>,
        "Ravi V. Shankar" <ravi.v.shankar@intel.com>,
        Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
        Dave Martin <Dave.Martin@arm.com>,
        Weijiang Yang <weijiang.yang@intel.com>
References: <20200918192312.25978-1-yu-cheng.yu@intel.com>
 <20200918192312.25978-2-yu-cheng.yu@intel.com>
 <ce2524cc-081b-aec9-177a-11c7431cb20d@infradead.org>
 <20200918205933.GB4304@duo.ucw.cz>
From:   "Yu, Yu-cheng" <yu-cheng.yu@intel.com>
Message-ID: <019b5e45-b116-7f3d-f1f2-3680afbd676c@intel.com>
Date:   Fri, 18 Sep 2020 14:25:12 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101
 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <20200918205933.GB4304@duo.ucw.cz>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 9/18/2020 1:59 PM, Pavel Machek wrote:
> On Fri 2020-09-18 13:24:13, Randy Dunlap wrote:
>> Hi,
>>
>> If you do another version of this:
>>
>> On 9/18/20 12:23 PM, Yu-cheng Yu wrote:
>>> Introduce Kconfig option X86_INTEL_BRANCH_TRACKING_USER.
>>>
>>> Indirect Branch Tracking (IBT) provides protection against CALL-/JMP-
>>> oriented programming attacks.  It is active when the kernel has this
>>> feature enabled, and the processor and the application support it.
>>> When this feature is enabled, legacy non-IBT applications continue to
>>> work, but without IBT protection.
>>>
>>> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@intel.com>
>>> ---
>>> v10:
>>> - Change build-time CET check to config depends on.
>>>
>>>   arch/x86/Kconfig | 16 ++++++++++++++++
>>>   1 file changed, 16 insertions(+)
>>>
>>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
>>> index 6b6dad011763..b047e0a8d1c2 100644
>>> --- a/arch/x86/Kconfig
>>> +++ b/arch/x86/Kconfig
>>> @@ -1963,6 +1963,22 @@ config X86_INTEL_SHADOW_STACK_USER
>>>   
>>>   	  If unsure, say y.
>>>   
>>> +config X86_INTEL_BRANCH_TRACKING_USER
>>> +	prompt "Intel Indirect Branch Tracking for user-mode"
>>> +	def_bool n
>>> +	depends on CPU_SUP_INTEL && X86_64
>>> +	depends on $(cc-option,-fcf-protection)
>>> +	select X86_INTEL_CET
>>> +	help
>>> +	  Indirect Branch Tracking (IBT) provides protection against
>>> +	  CALL-/JMP-oriented programming attacks.  It is active when
>>> +	  the kernel has this feature enabled, and the processor and
>>> +	  the application support it.  When this feature is enabled,
>>> +	  legacy non-IBT applications continue to work, but without
>>> +	  IBT protection.
>>> +
>>> +	  If unsure, say y
>>
>> 	  If unsure, say y.
> 
> Actually, it would be "If unsure, say Y.", to be consistent with the
> rest of the Kconfig.
> 
> But I wonder if Yes by default is good idea. Only very new CPUs will
> support this, right? Are they even available at the market? Should the
> help text say "if your CPU is Whatever Lake or newer, ...." :-) ?

I will revise the wording if there is another version.  But a 
CET-capable kernel can run on legacy systems.  We have been testing that 
combination.

Yu-cheng