Received: by 2002:a05:6a10:9afc:0:0:0:0 with SMTP id t28csp449988pxm; Fri, 25 Feb 2022 11:11:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJyFo+HmicHZ0GFDvkys/P4o5wrFBfZCsanE2V5mVpf9Aahf31hageggEKksH8fFI+cInMrl X-Received: by 2002:a17:902:cf03:b0:14d:880d:75b5 with SMTP id i3-20020a170902cf0300b0014d880d75b5mr8883803plg.129.1645816312917; Fri, 25 Feb 2022 11:11:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645816312; cv=none; d=google.com; s=arc-20160816; b=xRSdV2LNeQasAdwwSZuBXoEN5YcoFL2gMVW6USIuFZ3bLymB+sivZuzmPyK4zjDh5W aH83ncidFv559i8gnihrb9gBWnWx0SGgBmtC/Et+27JUKmnH2KhuRSRu/ypTK5a6oQNP +VO7Uvu2f0oa/PaAspPmhj4Bvr4RD+Ca07uUo/acBln0wWTeiWkIbH+rlGgkXHMZNZTH ARC7KoLsyu/cxhZFsumu1MEUTTr//sKWd7w0ElsSxsrfVI7d5WdZVCvHD/cfFiXWTJuB inw5TlzNqbrrLQiCRu+r5GbGFIrz58eUfBjm9GL3PA5+IA4ndstbfAERMo1mUd5yykyZ I47Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=5qjyT+ZKelgJd14rLylT5OWqzGIhr+cM5+hmXw+z1ks=; b=gTyIW+QvDPtlyFBFQTGniwjT84HvDr/+uiHGRYKmP8LMcx2+q+KThzwxem9Jt7nZLe PBFMKyXPZ2u/fIKB7YAUVCrRfNgjPewBKQaC2KPY8dh1GT3PVhInLB1YeWF0mju2LbtM /loXSwzI9jRZyCY4ok5E/CU74Kq39is+eK2BxtQb/8IpVA7Ou6YR9SQkXHKJL4Q4B5Hm JxfsGEblBTZ+pO8b0JD75C/WLR/53Lu9JBRDvUq5UH4HBj0yWRxfMkn2GSdZ43I1Z8nX SQL8/B0PN8XQBcH45SO4OtRUdAjx2bCkM74RSI67N2f7Pvg0h3JDAfpijZSaWAO36tlN zXwQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=vtxXtq6l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g2-20020a17090a714200b001bb80e872acsi7769789pjs.157.2022.02.25.11.11.09; Fri, 25 Feb 2022 11:11:52 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@infradead.org header.s=casper.20170209 header.b=vtxXtq6l; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241571AbiBYNnH (ORCPT + 99 others); Fri, 25 Feb 2022 08:43:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241618AbiBYNmw (ORCPT ); Fri, 25 Feb 2022 08:42:52 -0500 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0C599F1AE4 for ; Fri, 25 Feb 2022 05:42:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Type:MIME-Version: References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=5qjyT+ZKelgJd14rLylT5OWqzGIhr+cM5+hmXw+z1ks=; b=vtxXtq6lyyGnmOQCvptEhOc4kd 9Mk9/G3y9yJsU3rG11DJg7uufbhi1tcznol8gzNChBKRSR3q6acBC6SCg5YpGNf/FlscIRDWyej6v Qu7e32jyFeeA32ccazORQpuzjwncy9gjKVRYkaQfCiFZhadfbK9lwFErcx8G5cB5xdkJEb7P/o1Ye hOgvQtD3duxvYglhM9j3lizp42/3O7SIK+9plV0GbNPdOHQUszsJNurUryHyEn+FMn6a7vn9d+3pP 9qkFOROW8pruhgArn0Fhf3SciLssYS4LxJZEIH+EyHdg+DHfjmbiK0SAqqhxfw5gTlWnnTQ8w5PwX 7qTtm5tw==; Received: from j217100.upc-j.chello.nl ([24.132.217.100] helo=noisy.programming.kicks-ass.net) by casper.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1nNar4-005p3W-H8; Fri, 25 Feb 2022 13:41:54 +0000 Received: from hirez.programming.kicks-ass.net (hirez.programming.kicks-ass.net [192.168.1.225]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by noisy.programming.kicks-ass.net (Postfix) with ESMTPS id A3839300067; Fri, 25 Feb 2022 14:41:52 +0100 (CET) Received: by hirez.programming.kicks-ass.net (Postfix, from userid 1000) id 8077A235EF288; Fri, 25 Feb 2022 14:41:52 +0100 (CET) Date: Fri, 25 Feb 2022 14:41:52 +0100 From: Peter Zijlstra To: Kees Cook Cc: x86@kernel.org, joao@overdrivepizza.com, hjl.tools@gmail.com, jpoimboe@redhat.com, andrew.cooper3@citrix.com, linux-kernel@vger.kernel.org, ndesaulniers@google.com, samitolvanen@google.com, mark.rutland@arm.com, alyssa.milburn@intel.com, mbenes@suse.cz, rostedt@goodmis.org, mhiramat@kernel.org, alexei.starovoitov@gmail.com, Nathan Chancellor , llvm@lists.linux.dev Subject: Re: [PATCH v2 05/39] x86: Base IBT bits Message-ID: References: <20220224145138.952963315@infradead.org> <20220224151322.307406918@infradead.org> <202202241627.EEF3D5D2@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202202241627.EEF3D5D2@keescook> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Feb 24, 2022 at 04:35:51PM -0800, Kees Cook wrote: > > --- a/arch/x86/Makefile > > +++ b/arch/x86/Makefile > > @@ -36,7 +36,7 @@ endif > > > > # How to compile the 16-bit code. Note we always compile for -march=i386; > > # that way we can complain to the user if the CPU is insufficient. > > -REALMODE_CFLAGS := -m16 -g -Os -DDISABLE_BRANCH_PROFILING \ > > +REALMODE_CFLAGS := -m16 -g -Os -DDISABLE_BRANCH_PROFILING -D__DISABLE_EXPORTS \ > > -Wall -Wstrict-prototypes -march=i386 -mregparm=3 \ > > -fno-strict-aliasing -fomit-frame-pointer -fno-pic \ > > -mno-mmx -mno-sse $(call cc-option,-fcf-protection=none) > > This change seems important separately from this patch, yes? (Or at > least a specific call-out in the commit log.) It was to not stuff endbr in realmode code. *something* complained about it (and Joao independently mentioned it on IRC). Could be I hit some compile fail somewhere and this was the cleanest way to simply make it go away. I'll go mention it somewhere.