Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp3857889pxu; Mon, 30 Nov 2020 11:43:23 -0800 (PST) X-Google-Smtp-Source: ABdhPJyJTNPnhCcKmj1bu4MnDtTXfSV43oP03/6wlK5CG6fDHQr4+qt8n+kqRrlY3ND8j+dTCbv7 X-Received: by 2002:aa7:d7d7:: with SMTP id e23mr23900563eds.78.1606765403434; Mon, 30 Nov 2020 11:43:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1606765403; cv=none; d=google.com; s=arc-20160816; b=xzNI9/JXruXD3I7UxLrRJ2Qp8uXiVa6LSsxM1CFy7qeKoT5E2AYgZ72b3AXFjg4is+ e0ItHdxKfuSk9jPvPqz1ADK4CW6gX/W7IUxd+ZKn+/9+cs8OEUoMnOmuqvtkdv0JUMv7 5U7j1iYpbzIcKGx/fbvThygwaK9H39C799GmfROrXL2h7ZuyaH1tzL22/A6NLpnmBhMN sGeSN+jdpv8ncp13Y3W1AOfJ2sWZn3Gxlgr5Qwgz2H4voOtNfQS53IGVhLPHZT6zVD6V fYO3uCmmOHWI6DWR3PSg5CiXmTN3P49Bkh+aa02bTtU/xE2yxp3rgxY+wA5FZ7l77cIo y/hw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=0+kKX0kuteZmVrkELKmO38aHUCQfmtksSV+RNnpLrBU=; b=0Qx1Pj1Sb8ifa58/V9fwdfgyaMGscqlEor2K9pF0O/x11qhSaFvPqnPgA/0XQfGAxV Ae9sWzmSO2S9TdA7GOKtLWCu6jHFVPa09yZ20Xv1HTVNBu320THe34y7JQ0AUhE7HPng lL+WgDH80bnN0dBR3nwMCDflYr15QsHJSa6LteJXxiDJFsEnqUvfaMPQM3F/JRvZn2XG adOxHv61lZi/gaIc+6c5IrynHKKvl1pD3GIKgWcJSrva/wQIKuxF3Jcx8HEKYnCiQKnx +xUY4iItJuapam1eumi/4I3dejQs2CKjmPE131+e1eVCDUeJ50/8wirpFL/zcl1NwQeG 7ISg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="J/bqOdKx"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id x101si7128199ede.118.2020.11.30.11.43.00; Mon, 30 Nov 2020 11:43:23 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b="J/bqOdKx"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729995AbgK3TkV (ORCPT + 99 others); Mon, 30 Nov 2020 14:40:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39786 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729976AbgK3TkU (ORCPT ); Mon, 30 Nov 2020 14:40:20 -0500 Received: from mail-lj1-x242.google.com (mail-lj1-x242.google.com [IPv6:2a00:1450:4864:20::242]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C992FC061A49 for ; Mon, 30 Nov 2020 11:39:11 -0800 (PST) Received: by mail-lj1-x242.google.com with SMTP id y10so19814262ljc.7 for ; Mon, 30 Nov 2020 11:39:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=0+kKX0kuteZmVrkELKmO38aHUCQfmtksSV+RNnpLrBU=; b=J/bqOdKxRj6v313iPonX/IikdbWpTlowHmo/2YfKookREQFK4kMLQ8QiA2iHZ6s6hl 1iD9XEmJitK7+FqMZe21RtqW2tbK64eSNxhNMJQC5Nt/DZyxLElOjrWUqcfp7AU1xxl9 xPPPszWhrBash8DYZBc4GgMPxNcNzsz9Yn0MdTTqGdJKpEOXkv4+g61plZbdJ7IfXQ3e AtuxK9Ap3PCYyiaf7JVuSka96p0kGVmafDZo4hhLAdFXTIQ7T6sSY6gQZg9dEe/QLoPB VVuXdQsI9RjgoRMIqT31lf35pKiKvRTnZpHOT7SqIOU7yBIuYLjepszfGWRpOfHvJgga hTqQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=0+kKX0kuteZmVrkELKmO38aHUCQfmtksSV+RNnpLrBU=; b=qghYl1nDOX6qI8/M+sg8RSBv5+qdJEU247Fi1B9lya6fo2NjzCS7ltLWQ+jtClqQEH oiGv9t/NdpM0ISmtQolq2dPkbjsbRknLhMUjdn2El9oE/DZvGpQf9eDi2J0pfSLUd26H RclvtHRH+JE/VYEOO4mluSUxJJvwm8vtct88UUpKSfpYq0ewwAOhF4EPouZ2v3m54trQ osWJmNlDjXD38SiykA0+oTvXKzVOS+RuU0MbqPMuWuT5aolWbtBx8kMwX26ItAs4m5aO Xh/KqTigZ2nonOm3A5w94/aOHvQFCJQSY9Fe/+0hqWuz9r6hq8VQld4fCvAp05JIXQmh XzPw== X-Gm-Message-State: AOAM530siPXYS5wspSNQ9JxWjn85+r85N+bVepkye4MJF+r0pX2iJn9C w9fDDLj/hUXjcaqHn8CHUj38eDovRdIuz/Rb7lAwkQ== X-Received: by 2002:a05:651c:1292:: with SMTP id 18mr10179147ljc.334.1606765149900; Mon, 30 Nov 2020 11:39:09 -0800 (PST) MIME-Version: 1.0 References: <20201110162211.9207-2-yu-cheng.yu@intel.com> <20201130182641.29812-1-ndesaulniers@google.com> <4fad528b-e467-f96d-b7fb-9484fd975886@intel.com> In-Reply-To: <4fad528b-e467-f96d-b7fb-9484fd975886@intel.com> From: =?UTF-8?B?RsSBbmctcnXDrCBTw7JuZw==?= Date: Mon, 30 Nov 2020 11:38:58 -0800 Message-ID: Subject: Re: [PATCH v15 01/26] Documentation/x86: Add CET description To: "Yu, Yu-cheng" Cc: Nick Desaulniers , Dave P Martin , Arnd Bergmann , Borislav Petkov , bsingharora@gmail.com, Jonathan Corbet , dave.hansen@linux.intel.com, esyr@redhat.com, Florian Weimer , gorcunov@gmail.com, "H.J. Lu" , "H. Peter Anvin" , jannh@google.com, Kees Cook , linux-api@vger.kernel.org, linux-arch , Linux Doc Mailing List , LKML , linux-mm@kvack.org, luto@kernel.org, mike.kravetz@oracle.com, Ingo Molnar , nadav.amit@gmail.com, oleg@redhat.com, pavel@ucw.cz, pengfei.xu@intel.com, Peter Zijlstra , ravi.v.shankar@intel.com, Randy Dunlap , Thomas Gleixner , vedvyas.shanbhogue@intel.com, weijiang.yang@intel.com, X86 ML , Luis Lozano , clang-built-linux , erich.keane@intel.com Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Nov 30, 2020 at 10:34 AM Yu, Yu-cheng wrote= : > > On 11/30/2020 10:26 AM, Nick Desaulniers wrote: > > (In response to https://lore.kernel.org/lkml/20201110162211.9207-2-yu-c= heng.yu@intel.com/) > > > >> These need to be enabled to build a CET-enabled kernel, and Binutils v= 2.31 > >> and GCC v8.1 or later are required to build a CET kernel. > > > > What about LLVM? Surely CrOS might be of interest to ship this on (we s= hip the > > equivalent for aarch64 on Android). > > > > I have not built with LLVM, but think it probably will work as well. I > will test it. > > >> An application's CET capability is marked in its ELF header and can be > >> verified from the following command output, in the NT_GNU_PROPERTY_TYP= E_0 > >> field: > >> > >> readelf -n | grep SHSTK > >> properties: x86 feature: IBT, SHSTK > > > > Same for llvm-readelf. > > > > I will add that to the document. > > Thanks, > Yu-cheng The baseline LLVM version is 10.0.1, which is good enough for clang -fcf-protection=3Dfull, llvm-readelf -n, LLD's .note.gnu.property handling (the LLD option is `-z force-ibt`, though) --=20 =E5=AE=8B=E6=96=B9=E7=9D=BF