From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.8 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 71255C433E3 for ; Tue, 25 Aug 2020 09:15:04 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 2019420706 for ; Tue, 25 Aug 2020 09:15:03 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dXID83x2" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2019420706 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=redhat.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 787A38E000D; Tue, 25 Aug 2020 05:15:03 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 7377D8E0007; Tue, 25 Aug 2020 05:15:03 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 628168E000D; Tue, 25 Aug 2020 05:15:03 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0227.hostedemail.com [216.40.44.227]) by kanga.kvack.org (Postfix) with ESMTP id 4AEDC8E0007 for ; Tue, 25 Aug 2020 05:15:03 -0400 (EDT) Received: from smtpin21.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id E99BFBBE3 for ; Tue, 25 Aug 2020 09:15:02 +0000 (UTC) X-FDA: 77188531644.21.price74_5417f7b2705a Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin21.hostedemail.com (Postfix) with ESMTP id BF998180442C2 for ; Tue, 25 Aug 2020 09:15:02 +0000 (UTC) X-HE-Tag: price74_5417f7b2705a X-Filterd-Recvd-Size: 4280 Received: from us-smtp-delivery-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81]) by imf26.hostedemail.com (Postfix) with ESMTP for ; Tue, 25 Aug 2020 09:15:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1598346900; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=92i+0YUtQgEC4ia+7x4FHZS4hUNlAuigR1V4PDLFWpU=; b=dXID83x2aRkxAWfQMPZWk/vI0Qh6hxbzpf47lTeb+tvwUuSj24TdgkBRIgaD3YGlKDHCvj SX0gBQ3rs/KB+oGq+tV6STleCJU2EMW74zeeqTsUIgHcgFv0Gbs6KFrUuNrUir9FoGGTcZ CrwCG66NpsxslHzCJrVNy5/sTPOAUQQ= Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-493-qjGmojjQPt2LSoxrEMPg0A-1; Tue, 25 Aug 2020 05:14:56 -0400 X-MC-Unique: qjGmojjQPt2LSoxrEMPg0A-1 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id C7438100746B; Tue, 25 Aug 2020 09:14:52 +0000 (UTC) Received: from oldenburg2.str.redhat.com (ovpn-112-37.ams2.redhat.com [10.36.112.37]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5353C808AB; Tue, 25 Aug 2020 09:14:39 +0000 (UTC) From: Florian Weimer To: Andy Lutomirski Cc: Yu-cheng Yu , X86 ML , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , LKML , "open list\:DOCUMENTATION" , Linux-MM , linux-arch , Linux API , Arnd Bergmann , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , "H.J. Lu" , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Pavel Machek , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang Subject: Re: [PATCH v11 9/9] x86: Disallow vsyscall emulation when CET is enabled References: <20200825002645.3658-1-yu-cheng.yu@intel.com> <20200825002645.3658-10-yu-cheng.yu@intel.com> Date: Tue, 25 Aug 2020 11:14:37 +0200 In-Reply-To: (Andy Lutomirski's message of "Mon, 24 Aug 2020 17:32:35 -0700") Message-ID: <87pn7f9jeq.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Rspamd-Queue-Id: BF998180442C2 X-Spamd-Result: default: False [0.00 / 100.00] X-Rspamd-Server: rspam03 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: * Andy Lutomirski: > On Mon, Aug 24, 2020 at 5:30 PM Yu-cheng Yu wrote: >> >> From: "H.J. Lu" >> >> Emulation of the legacy vsyscall page is required by some programs built >> before 2013. Newer programs after 2013 don't use it. Disallow vsyscall >> emulation when Control-flow Enforcement (CET) is enabled to enhance >> security. > > NAK. > > By all means disable execute emulation if CET-IBT is enabled at the > time emulation is attempted, and maybe even disable the vsyscall page > entirely if you can magically tell that CET-IBT will be enabled when a > process starts, but you don't get to just disable it outright on a > CET-enabled kernel. Yeah, we definitely would have to revert/avoid this downstream. People definitely want to run glibc-2.12-era workloads on current kernels. Thanks for catching it. Florian