Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp1040928rwi; Mon, 10 Oct 2022 10:20:59 -0700 (PDT) X-Google-Smtp-Source: AMsMyM5ezWk6zRDkPH2vMvfG1pFCh55zpdHicxyn+5p5EbySavgolyY1OpJ6Aox9uv+7qHFyMGzQ X-Received: by 2002:a17:903:2cd:b0:182:f36b:31ef with SMTP id s13-20020a17090302cd00b00182f36b31efmr3488455plk.171.1665422459014; Mon, 10 Oct 2022 10:20:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1665422459; cv=none; d=google.com; s=arc-20160816; b=I8YxKVwW8GWovJJvuvFadDNxUsR+rjKaLXyvWS7AlLjLi0Zpbnbjgp1AsdrfA+vRf7 zMV4NTdqH4fzlMWWgs6aZm83qrrwwf/GXUGtxRqbDWANIHYU84JOyMeERm3LTLj3aUzP 5T8amFzZkFn4LenEeaSvDD4rY7tk1+cQBUSt40lj/SpVTnP7t8EUFVj+OhmZN34/a7Ed +VVR0a6Exzs18HOB80g7Zwiw42/968d+JI41qtLjy93VHLSGk13jLT/6j+jcVH5fB1Xw fP3+fnY4yk5HcmXF9o0F2vOh9oGDEb8plgS1XV6beyDXTe2z7OnFORUb6SjqUQU/w2BJ OTIg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=oOAMrHmRSpkJakBve7WdskWcaTVGvBf9qYMZKSI8SYQ=; b=JKQM2euh1z7abOE7Yc5+bQ1Shso3hrx8oUrbgoPYJqCgUJv1+SbQ4xXRW4HgSZm5J5 QkfHmT1L9cSTAWCemsLTSeKpkDXbXMiC68CRDxC5s87t5mIHEFErQl5y2pTiRtKeW/0O vAHsee7LU6cExG4u/Y/pcCmOM62eSrOKTjhZHOaetFqC1J1H2r0X/c3yUg88QN7YySBI Ui+YVpdXtlCNrTS/5jz4WsA8BZJ0ubKfQlW2w8NU2bCAP/+M+mnB1YAgTO7k0Ii2KCCp M9EErm/GRg3dCd/DmOgk2AKY3pu71Ta3fEUMeVDNwTsiVAOp420JQg0cNwxWCOBQ5ryo mfCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Q8sYVnf0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q6-20020a056a00084600b005632e26e7ffsi7402273pfk.309.2022.10.10.10.20.46; Mon, 10 Oct 2022 10:20:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=Q8sYVnf0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229663AbiJJQwT (ORCPT + 99 others); Mon, 10 Oct 2022 12:52:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60616 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229505AbiJJQwQ (ORCPT ); Mon, 10 Oct 2022 12:52:16 -0400 Received: from mail-qk1-x72c.google.com (mail-qk1-x72c.google.com [IPv6:2607:f8b0:4864:20::72c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 00FAD4BA6A; Mon, 10 Oct 2022 09:52:16 -0700 (PDT) Received: by mail-qk1-x72c.google.com with SMTP id o22so6601572qkl.8; Mon, 10 Oct 2022 09:52:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=oOAMrHmRSpkJakBve7WdskWcaTVGvBf9qYMZKSI8SYQ=; b=Q8sYVnf00kTWCRr5s2EW8yzbBLdtj9OCViQALucyqGDOJtQP3MHEdqAQReGolr/xzD oXsuCmag5lCpq+NCRO/cO6srCK6qFv1sTmdB+kMBkSTN02u5chyUgsAoDAW2knrLNr3b cbs4o2MjKbMNiTTkwHvVPc902Ls2ARbirKrjLLQJTjH8zq4pZKKe+blfBZPJ+xiPx7IN z4H8esj5bJnmfTax22U98Ph9FdG4zFBlZsAzhGctc6nOePpHfTX+0WF61MQKPws4ABpL gQpNfXR+UILoj6Bz/Vrm1Hz+pG0Q2njH/JLdw8oCKQd2tydifWBU3SxuFCFx30Y8vwzT CzKA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oOAMrHmRSpkJakBve7WdskWcaTVGvBf9qYMZKSI8SYQ=; b=4BQSQk028K+h30wPoqOqGonZEhELiMbZ4iGdxZ+6qbumO5sftxz49AmdyzFrDGIv5b mOneLb3SjBKSDliL8V7Viexg88SQH2kvPfPLjpZ+Ep9x0RL5rHzAfoB+WTLJgiNdJiFh vtR/xIlLzWcb75Qre2gJwiNrdYSIGeXbKZ1O22Dx4/00US1XOLrh13PV8TVuxwcQF8CI c4h/ZyUif8/eYxgy3BlE9JQW9CBt8qlh4TdXaXM8gBoTuToKGcDj61LHmcawFjO82Wv2 mE3E+0NUYJp1MU6dCGFhDBM802nAKzBROA389WRAvi+k8SJEh1LsGU+XPo+83ID2nfcF MFnw== X-Gm-Message-State: ACrzQf2gnp1UU9S4RP4DL/Myt+LOvx6GwtWiDDKE2UkJ695vuHcETR7Z wmvZfg36m3jYdLaFbov+hOl53Nx46K2V+0HDAog= X-Received: by 2002:a05:620a:2552:b0:6ca:bf8f:4d27 with SMTP id s18-20020a05620a255200b006cabf8f4d27mr13312607qko.383.1665420735085; Mon, 10 Oct 2022 09:52:15 -0700 (PDT) MIME-Version: 1.0 References: <20220929222936.14584-1-rick.p.edgecombe@intel.com> <20220929222936.14584-2-rick.p.edgecombe@intel.com> <87ilkr27nv.fsf@oldenburg.str.redhat.com> <62481017bc02b35587dd520ed446a011641aa390.camel@intel.com> In-Reply-To: <62481017bc02b35587dd520ed446a011641aa390.camel@intel.com> From: "H.J. Lu" Date: Mon, 10 Oct 2022 09:51:39 -0700 Message-ID: Subject: Re: [PATCH v2 01/39] Documentation/x86: Add CET description To: "Edgecombe, Rick P" Cc: "fweimer@redhat.com" , "bsingharora@gmail.com" , "hpa@zytor.com" , "Syromiatnikov, Eugene" , "peterz@infradead.org" , "rdunlap@infradead.org" , "keescook@chromium.org" , "Yu, Yu-cheng" , "dave.hansen@linux.intel.com" , "kirill.shutemov@linux.intel.com" , "Eranian, Stephane" , "linux-mm@kvack.org" , "nadav.amit@gmail.com" , "jannh@google.com" , "dethoma@microsoft.com" , "linux-arch@vger.kernel.org" , "kcc@google.com" , "bp@alien8.de" , "oleg@redhat.com" , "Yang, Weijiang" , "Lutomirski, Andy" , "pavel@ucw.cz" , "arnd@arndb.de" , "Moreira, Joao" , "tglx@linutronix.de" , "mike.kravetz@oracle.com" , "x86@kernel.org" , "linux-doc@vger.kernel.org" , "jamorris@linux.microsoft.com" , "john.allen@amd.com" , "rppt@kernel.org" , "mingo@redhat.com" , "Shankar, Ravi V" , "corbet@lwn.net" , "linux-kernel@vger.kernel.org" , "linux-api@vger.kernel.org" , "gorcunov@gmail.com" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 10, 2022 at 9:44 AM Edgecombe, Rick P wrote: > > On Mon, 2022-10-10 at 14:19 +0200, Florian Weimer wrote: > > Uhm, I think we are using binutils 2.30 with extra fixes. I hope > > that > > these binaries are still valid. > > Yea, you're right. Andrew Cooper pointed out it has been supported > since 2.29, so 2.30 should be fine. > > > > > More importantly, glibc needs to be configured with --enable-cet > > explicitly (unless the compiler defaults to CET). The default glibc > > build with a default GCC will produce dynamically-linked executables > > that disable CET (when running on later/differently configured glibc > > builds). The statically linked object files are not marked up for > > CET > > in that case. > > Thanks, that's a good point. I'll add a blurb about glibc needs to be > compiled with CET support. > > > > > I think the goal is to support the new kernel interface for actually > > switching on SHSTK in glibc 2.37. But at that point, hopefully all > > those existing binaries can start enjoying the STSTK benefits. > > Can you share more about this plan? HJ was previously planning to wait > until the kernel support was upstream before making any more glibc > changes. Hopefully this will be in time for that, but I'd really rather > not repeat what happened last time where we had to design the kernel > interface around not breaking old glibc's with mismatched CET > enablement. > > What did you think of the proposal to disable existing binaries and > start from scratch? Elaborated in the coverletter in the section > "Compatibility of Existing Binaries/Enabling Interface". My current glibc plan is that kernel won't enable CET automatically and glibc will issue syscall to enable CET at early startup time. All existing CET enabled dynamic executables will have CET enabled under the CET kernel and the updated CET glibc. -- H.J.