From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.6 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AB22DC43464 for ; Fri, 18 Sep 2020 21:06:40 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 2F129235F8 for ; Fri, 18 Sep 2020 21:06:40 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="IWLwt/Jb" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2F129235F8 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 9CC836B0095; Fri, 18 Sep 2020 17:06:39 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 9A25C6B0096; Fri, 18 Sep 2020 17:06:39 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 8B8256B0098; Fri, 18 Sep 2020 17:06:39 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0099.hostedemail.com [216.40.44.99]) by kanga.kvack.org (Postfix) with ESMTP id 74F226B0095 for ; Fri, 18 Sep 2020 17:06:39 -0400 (EDT) Received: from smtpin01.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay02.hostedemail.com (Postfix) with ESMTP id 37BF93631 for ; Fri, 18 Sep 2020 21:06:39 +0000 (UTC) X-FDA: 77277416118.01.bead62_4b0f06a2712e Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin01.hostedemail.com (Postfix) with ESMTP id 09FC91004D017 for ; Fri, 18 Sep 2020 21:06:39 +0000 (UTC) X-HE-Tag: bead62_4b0f06a2712e X-Filterd-Recvd-Size: 4609 Received: from mail-io1-f65.google.com (mail-io1-f65.google.com [209.85.166.65]) by imf21.hostedemail.com (Postfix) with ESMTP for ; Fri, 18 Sep 2020 21:06:38 +0000 (UTC) Received: by mail-io1-f65.google.com with SMTP id m17so8538174ioo.1 for ; Fri, 18 Sep 2020 14:06:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MvHhXjI9PINmG+l6DCDjKQZbsTRKGGMkTBP5zN5aSFQ=; b=IWLwt/JbdMSRpT6Wv3WAyCBN9qFCREgWtJcF0R1RIzLVY0SISm4RFwHsdcXIdL5d4E Yy7/2s+LDlk/87c0Fp+tQVi0zmDpn6GNtT8zIFczwsT7f4zqRnFy453Wbrx2aO+2VbVj vdaq2zhFJLmSjCLU0mocGAmtZoaaUK6RKO8Qz0A7yeJUTDJbRPhXHIh5ZOcHlXUvXFk3 LUOd/Bi9DKb0KWJIFqeinsKHmFCXFee6BbXLTqIXmNkioPBdjnv37wleZo/wrgkqn1NX 72vkgJhAipRe1DB64E2Yesd7jEdncu2/Nm2GU5jxRqcToMVoB7Ia5jtjXQAZwflWHYOc Ckjw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MvHhXjI9PINmG+l6DCDjKQZbsTRKGGMkTBP5zN5aSFQ=; b=B+29Evc9b+Gj6x31hWjG3RJ/+lKcfcJnwKrDAOZtEOwycOCOZdl8sdI//E5Jq4R2mH IyXSicxostPm/QxtkaXqPZl5Mf6qLyaF/5oH5G16xsJh1YEFfZPQT4ABVTlFxXTIe16Q W7/XrUXc0YHXSb/JpBJCEhwYn5+xyEOCOHlSiOSs5ohM7PSYLDqnlqtdUhzDf7m2cuvj HmVTJV1biaZrpxh84ko3PvEfaWmXNDU1ZcsxUqtsWd9yz1Gdm4Qegu0tZqChaS0liLdl yOTLKbsvolxOv6VgGLdF7lKGyBvyQUjnmNy+gFnmfnZsc+XzL7b8+r19SF8VMFFKZ7qO eacQ== X-Gm-Message-State: AOAM533xAyHkTFSqc2MoJyz6Hjzv+xYoqrUFyAqEVaT7q4GvZ4VOl0m8 DczD8QYi+FqWKBAIWtf+QSc3ol8i8Yq/tZ/PEf4= X-Google-Smtp-Source: ABdhPJz3m6rfOxVGTE582qPYyesCg/UTfBm54/gjoz20D1+b0ua1bBFx46wx6IdHom/D2OhPgwwR2gJWI9CZGMjZWXc= X-Received: by 2002:a5e:9e4c:: with SMTP id j12mr29230986ioq.37.1600463197971; Fri, 18 Sep 2020 14:06:37 -0700 (PDT) MIME-Version: 1.0 References: <20200918192312.25978-1-yu-cheng.yu@intel.com> <20200918192312.25978-9-yu-cheng.yu@intel.com> <20200918210026.GC4304@duo.ucw.cz> In-Reply-To: <20200918210026.GC4304@duo.ucw.cz> From: "H.J. Lu" Date: Fri, 18 Sep 2020 14:06:02 -0700 Message-ID: Subject: Re: [PATCH v12 8/8] x86: Disallow vsyscall emulation when CET is enabled To: Pavel Machek Cc: Dave Hansen , Yu-cheng Yu , "the arch/x86 maintainers" , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , LKML , "open list:DOCUMENTATION" , Linux-MM , linux-arch , Linux API , Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Peter Zijlstra , Randy Dunlap , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang Content-Type: text/plain; charset="UTF-8" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Sep 18, 2020 at 2:00 PM Pavel Machek wrote: > > On Fri 2020-09-18 12:32:57, Dave Hansen wrote: > > On 9/18/20 12:23 PM, Yu-cheng Yu wrote: > > > Emulation of the legacy vsyscall page is required by some programs > > > built before 2013. Newer programs after 2013 don't use it. > > > Disable vsyscall emulation when Control-flow Enforcement (CET) is > > > enabled to enhance security. > > > > How does this "enhance security"? > > > > What is the connection between vsyscall emulation and CET? > > Boom. > > We don't break compatibility by default, and you should not tell > people to enable CET by default if you plan to do this. > Nothing will be broken. CET enabled applications don't use/need vsyscall emulation. -- H.J.