Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1521690pxk; Fri, 18 Sep 2020 15:07:46 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxBBfQ1gScHWoAi6v5rkE7iCZacv33BqAUs9AHQ/jY/IMykpRc4iftN2E7XMp2yRtwv9QxL X-Received: by 2002:a17:906:3f89:: with SMTP id b9mr38836794ejj.463.1600466866368; Fri, 18 Sep 2020 15:07:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1600466866; cv=none; d=google.com; s=arc-20160816; b=XpMmnpkKHoGJR3UFEmYJJ2j/StGwetCwiawKHEBI9sq+FQF5xqaGjD+pAOwcSfhxRv L3k77SmuEHrFhilLfnZjWqmGIeUswczSHVEBB0pHS/264Z0DKz1Nx/FFNtP5Bz5xT2XE hEEH8jh/qyexWX3Thd3sKPD5Rc91+z9U+LE5CNSe2Pe+mBULOGjOeXMCOp0yOiActL5p zP6USrDXVdwkPQNp+uVou/q5DGmMT6/glZDAZ5pTfSKLm8HVOk14XIs2RD2QC4mvgwZq 0wTFxvFXitWlkyKAkhY7KjBOy3eQQ2gfgTJzX0V7KeqfiYs8rb2f+x1zdBAf8qstS9+N 4bpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=4gbDhCJiFXqe+3X2EMcIghSayMU06623EnUJE6/tcUU=; b=gGWo3i/2Bdo1PZHbUNJPmDYggiDV1wQFf8E9CY23bVxra52I32OrhSeXWUAYwVfRl9 AmoWbsF3YjEqiZtp1gj9FJIkVu76enV3EX1O7guARGQ/65GZfLf8ZqFWFWXbJcORP/Ds UOriNX4AdJpFAledZkN3n6R1IgvFIS2kwYdDSVsRb6r4LycTIpDt7/qChjxVo2uDmo+a +oS/bFsvWcOW0USze+DOx5dy4w6OTUi5TOVIB2j307A2REUC75UBKMn2/YUWrRb7iGbC 3zynkmzP/9utWDnhctTkp+lzqe8R3wUb98Ttq4aAOkkfRoC9lGGR7Salo5kRm85bpxMe Epfw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id nq4si3342084ejb.569.2020.09.18.15.07.23; Fri, 18 Sep 2020 15:07:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726245AbgIRWEA (ORCPT + 99 others); Fri, 18 Sep 2020 18:04:00 -0400 Received: from jabberwock.ucw.cz ([46.255.230.98]:38744 "EHLO jabberwock.ucw.cz" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726154AbgIRWEA (ORCPT ); Fri, 18 Sep 2020 18:04:00 -0400 Received: by jabberwock.ucw.cz (Postfix, from userid 1017) id 8146F1C0B78; Sat, 19 Sep 2020 00:03:55 +0200 (CEST) Date: Sat, 19 Sep 2020 00:03:55 +0200 From: Pavel Machek To: "H.J. Lu" Cc: "Yu, Yu-cheng" , Randy Dunlap , the arch/x86 maintainers , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , LKML , "open list:DOCUMENTATION" , Linux-MM , linux-arch , Linux API , Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Peter Zijlstra , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang Subject: Re: [PATCH v12 1/8] x86/cet/ibt: Add Kconfig option for user-mode Indirect Branch Tracking Message-ID: <20200918220355.GC7443@duo.ucw.cz> References: <20200918192312.25978-1-yu-cheng.yu@intel.com> <20200918192312.25978-2-yu-cheng.yu@intel.com> <20200918205933.GB4304@duo.ucw.cz> <019b5e45-b116-7f3d-f1f2-3680afbd676c@intel.com> <20200918214020.GF4304@duo.ucw.cz> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xesSdrSSBC0PokLI" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --xesSdrSSBC0PokLI Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri 2020-09-18 14:46:12, H.J. Lu wrote: > On Fri, Sep 18, 2020 at 2:40 PM Pavel Machek wrote: > > > > On Fri 2020-09-18 14:25:12, Yu, Yu-cheng wrote: > > > On 9/18/2020 1:59 PM, Pavel Machek wrote: > > > > On Fri 2020-09-18 13:24:13, Randy Dunlap wrote: > > > > > Hi, > > > > > > > > > > If you do another version of this: > > > > > > > > > > On 9/18/20 12:23 PM, Yu-cheng Yu wrote: > > > > > > Introduce Kconfig option X86_INTEL_BRANCH_TRACKING_USER. > > > > > > > > > > > > Indirect Branch Tracking (IBT) provides protection against CALL= -/JMP- > > > > > > oriented programming attacks. It is active when the kernel has= this > > > > > > feature enabled, and the processor and the application support = it. > > > > > > When this feature is enabled, legacy non-IBT applications conti= nue to > > > > > > work, but without IBT protection. > > > > > > > > > > > > Signed-off-by: Yu-cheng Yu > > > > > > --- > > > > > > v10: > > > > > > - Change build-time CET check to config depends on. > > > > > > > > > > > > arch/x86/Kconfig | 16 ++++++++++++++++ > > > > > > 1 file changed, 16 insertions(+) > > > > > > > > > > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > > > > > > index 6b6dad011763..b047e0a8d1c2 100644 > > > > > > --- a/arch/x86/Kconfig > > > > > > +++ b/arch/x86/Kconfig > > > > > > @@ -1963,6 +1963,22 @@ config X86_INTEL_SHADOW_STACK_USER > > > > > > If unsure, say y. > > > > > > +config X86_INTEL_BRANCH_TRACKING_USER > > > > > > + prompt "Intel Indirect Branch Tracking for user-mode" > > > > > > + def_bool n > > > > > > + depends on CPU_SUP_INTEL && X86_64 > > > > > > + depends on $(cc-option,-fcf-protection) > > > > > > + select X86_INTEL_CET > > > > > > + help > > > > > > + Indirect Branch Tracking (IBT) provides protection ag= ainst > > > > > > + CALL-/JMP-oriented programming attacks. It is active= when > > > > > > + the kernel has this feature enabled, and the processo= r and > > > > > > + the application support it. When this feature is ena= bled, > > > > > > + legacy non-IBT applications continue to work, but wit= hout > > > > > > + IBT protection. > > > > > > + > > > > > > + If unsure, say y > > > > > > > > > > If unsure, say y. > > > > > > > > Actually, it would be "If unsure, say Y.", to be consistent with the > > > > rest of the Kconfig. > > > > > > > > But I wonder if Yes by default is good idea. Only very new CPUs will > > > > support this, right? Are they even available at the market? Should = the > > > > help text say "if your CPU is Whatever Lake or newer, ...." :-) ? > > > > > > I will revise the wording if there is another version. But a CET-cap= able > > > kernel can run on legacy systems. We have been testing that combinat= ion. > > > > Yes, but enabling CET is unneccessary overhead on older systems. And > > Kconfig is great place to explain that. > > >=20 > I can't tell any visible CET kernel overhead on my non-CET machines. I assume you are not a troll but you sound a bit like one. Please list kernel size before and after enabling X86_INTEL_CET option(s). That's the overhead I'm talking about, and that's why Kconfig should explain what machines this is useful on. Best regards, Pavel --=20 (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blo= g.html --xesSdrSSBC0PokLI Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iF0EABECAB0WIQRPfPO7r0eAhk010v0w5/Bqldv68gUCX2UuywAKCRAw5/Bqldv6 8tNJAJ9zzAqfN0aeU1k6gJtk7OBI9HGT+gCffaWJMFOfRANSTM5cDlxOOo23LTw= =3UMg -----END PGP SIGNATURE----- --xesSdrSSBC0PokLI--