Received: by 2002:a05:6a10:a841:0:0:0:0 with SMTP id d1csp619227pxy;
        Wed, 28 Apr 2021 10:35:51 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJx9oglLdz+lc3fepg8eVoyvgj+nYFetxuaOEp+rbJko3uhj3v6c+k8J9/dIu5DWg6HNQ7hM
X-Received: by 2002:a05:6402:cb4:: with SMTP id cn20mr12654942edb.167.1619631351158;
        Wed, 28 Apr 2021 10:35:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1619631351; cv=none;
        d=google.com; s=arc-20160816;
        b=YpURYcgKQwU5jiNVV1ylIflYdOu0U/Hm+tHOaeeEfGqeJvwlp6MdkrVFoZcodW6JHf
         UxBJXaItVLDdKed7OjKKal1m1fE4JAFySSffSTWF1zRi3/WL6UB2FP5uRbfG1tutyNd5
         ZePWS+Vscm0xGS456t1ms1EpwCCv7xiRNJ+iWZedBTCWui3kMtVleLjP8zB/G3t20EzK
         RpjqNNb7A8BHb6t5FumLpqpC4c0++XnEzxZG/dY+n/FAlZqvMLDlJV7cCHx+qJc5KvjE
         Pn1ZRxpoL1L7MEANlFiKqcCNZcZ8sLUWi8BS7bDXybckfs3eAha6N8W495AR7FoHSsDZ
         mzRA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:content-language
         :mime-version:accept-language:in-reply-to:references:message-id:date
         :thread-index:thread-topic:subject:to:from;
        bh=CaoPvG8vHS2HwOIYP+cgN/Y51C6OtY3P1whgjGq1TOY=;
        b=DTc3PRwWBCu6i8lx/Ji8dj28yySTtoZb5EnchpEMQqg4iFLv6Ry+sywWlAowzmSElS
         m4RUXVo3lpePA2GY39OEcO+T5m7O0+XOuOOZfcOzLGb/YojjdUBzWO0fydtly1FBehEU
         T/74DaC2PIeHwMsTwMdaBfeAJcw9hHvy3uX2vT8MEYHXG3O6ysQjGUlx0xBV2kVccvWo
         aO6icdkWEWVHM7DR7WJPtWao+qwKaRUslff6UfAXjgnmgcAwAeJD/rU4NntqW0WkDavd
         szUWIskfyQWdM3g3Tv3hll+tDwdtUQASfsN4iFE6NRH/IYbvMEzbFAoYuiyjk9fB4S8H
         Soxg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id b10si671773ejy.181.2021.04.28.10.35.27;
        Wed, 28 Apr 2021 10:35:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240181AbhD1OtX convert rfc822-to-8bit (ORCPT
        <rfc822;machinecat1666@gmail.com> + 99 others);
        Wed, 28 Apr 2021 10:49:23 -0400
Received: from eu-smtp-delivery-151.mimecast.com ([185.58.86.151]:47595 "EHLO
        eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S239032AbhD1OtW (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 28 Apr 2021 10:49:22 -0400
Received: from AcuMS.aculab.com (156.67.243.121 [156.67.243.121]) (Using
 TLS) by relay.mimecast.com with ESMTP id
 uk-mta-213-Q40LSYhmNgio6b75f9Ipug-1; Wed, 28 Apr 2021 15:48:34 +0100
X-MC-Unique: Q40LSYhmNgio6b75f9Ipug-1
Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) by
 AcuMS.aculab.com (fd9f:af1c:a25b:0:994c:f5c2:35d6:9b65) with Microsoft SMTP
 Server (TLS) id 15.0.1497.2; Wed, 28 Apr 2021 15:48:32 +0100
Received: from AcuMS.Aculab.com ([fe80::994c:f5c2:35d6:9b65]) by
 AcuMS.aculab.com ([fe80::994c:f5c2:35d6:9b65%12]) with mapi id
 15.00.1497.015; Wed, 28 Apr 2021 15:48:32 +0100
From:   David Laight <David.Laight@ACULAB.COM>
To:     'Yu-cheng Yu' <yu-cheng.yu@intel.com>,
        "x86@kernel.org" <x86@kernel.org>,
        "H. Peter Anvin" <hpa@zytor.com>,
        Thomas Gleixner <tglx@linutronix.de>,
        "Ingo Molnar" <mingo@redhat.com>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        "linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
        "linux-mm@kvack.org" <linux-mm@kvack.org>,
        "linux-arch@vger.kernel.org" <linux-arch@vger.kernel.org>,
        "linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
        Arnd Bergmann <arnd@arndb.de>,
        Andy Lutomirski <luto@kernel.org>,
        Balbir Singh <bsingharora@gmail.com>,
        Borislav Petkov <bp@alien8.de>,
        Cyrill Gorcunov <gorcunov@gmail.com>,
        Dave Hansen <dave.hansen@linux.intel.com>,
        "Eugene Syromiatnikov" <esyr@redhat.com>,
        Florian Weimer <fweimer@redhat.com>,
        "H.J. Lu" <hjl.tools@gmail.com>, Jann Horn <jannh@google.com>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Mike Kravetz <mike.kravetz@oracle.com>,
        Nadav Amit <nadav.amit@gmail.com>,
        Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>,
        Peter Zijlstra <peterz@infradead.org>,
        Randy Dunlap <rdunlap@infradead.org>,
        "Ravi V. Shankar" <ravi.v.shankar@intel.com>,
        Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>,
        Dave Martin <Dave.Martin@arm.com>,
        "Weijiang Yang" <weijiang.yang@intel.com>,
        Pengfei Xu <pengfei.xu@intel.com>,
        "Haitao Huang" <haitao.huang@intel.com>
Subject: RE: [PATCH v26 0/9] Control-flow Enforcement: Indirect Branch
 Tracking
Thread-Topic: [PATCH v26 0/9] Control-flow Enforcement: Indirect Branch
 Tracking
Thread-Index: AQHXO6ae1Nsozyj+DkCGokhshY0p/arKAkvw
Date:   Wed, 28 Apr 2021 14:48:32 +0000
Message-ID: <0e03c50ea05440209d620971b9db4f29@AcuMS.aculab.com>
References: <20210427204720.25007-1-yu-cheng.yu@intel.com>
In-Reply-To: <20210427204720.25007-1-yu-cheng.yu@intel.com>
Accept-Language: en-GB, en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.202.205.107]
MIME-Version: 1.0
Authentication-Results: relay.mimecast.com;
        auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: aculab.com
Content-Language: en-US
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8BIT
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Yu-cheng Yu
> Sent: 27 April 2021 21:47
> 
> Control-flow Enforcement (CET) is a new Intel processor feature that blocks
> return/jump-oriented programming attacks.  Details are in "Intel 64 and
> IA-32 Architectures Software Developer's Manual" [1].
...

Does this feature require that 'binary blobs' for out of tree drivers
be compiled by a version of gcc that adds the ENDBRA instructions?

If enabled for userspace, what happens if an old .so is dynamically
loaded?
Or do all userspace programs and libraries have to have been compiled
with the ENDBRA instructions?

	David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)