From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=yEt/=C3=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.6 required=3.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id DFA76C43466
	for <linux-mm@archiver.kernel.org>; Fri, 18 Sep 2020 21:36:50 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id 7051123788
	for <linux-mm@archiver.kernel.org>; Fri, 18 Sep 2020 21:36:50 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="KL1m+3il"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7051123788
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id C15398E0003; Fri, 18 Sep 2020 17:36:49 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id BC42E8E0001; Fri, 18 Sep 2020 17:36:49 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id A8B598E0003; Fri, 18 Sep 2020 17:36:49 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0154.hostedemail.com [216.40.44.154])
	by kanga.kvack.org (Postfix) with ESMTP id 909CA8E0001
	for <linux-mm@kvack.org>; Fri, 18 Sep 2020 17:36:49 -0400 (EDT)
Received: from smtpin15.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay01.hostedemail.com (Postfix) with ESMTP id 4AC6A180AD802
	for <linux-mm@kvack.org>; Fri, 18 Sep 2020 21:36:49 +0000 (UTC)
X-FDA: 77277492138.15.rub73_5e14e132712e
Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251])
	by smtpin15.hostedemail.com (Postfix) with ESMTP id C6CD81814B0C7
	for <linux-mm@kvack.org>; Fri, 18 Sep 2020 21:36:48 +0000 (UTC)
X-HE-Tag: rub73_5e14e132712e
X-Filterd-Recvd-Size: 5306
Received: from mail-io1-f68.google.com (mail-io1-f68.google.com [209.85.166.68])
	by imf21.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Fri, 18 Sep 2020 21:36:48 +0000 (UTC)
Received: by mail-io1-f68.google.com with SMTP id h4so8602148ioe.5
        for <linux-mm@kvack.org>; Fri, 18 Sep 2020 14:36:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=DYAfKOEgqTvyvH0yDy3llMH0PY9ahaiDfu83a2kBOFs=;
        b=KL1m+3ilCVTJWW4GEz6PYiYht8QSLyBWsxXqbceneOydilxk6IrertQdBtA2CBI86L
         WSMD/cf/ZhKtIvBJpcrokAe/Xt0vEpWOO3fm1z8KNdFEXXrIVcYVnnaD2ln73UBCeWOl
         yu3pZDws9ashJZGh/QIj4vuWx2TBWwtFoU6FvoT+c++UO2XHEoINN9rEME+AnVxslmtF
         VzoxMB+Hufev73B1IRmeKm+JCi9JBWLSaYKxnZS607wEaGrkHD/t3oSh1keAEK7ViOQr
         EvFRyZb45rQHwrjluEGg9JANUw6IVf1geB1isIB8hEYC1doRYCexQtAm4WS6/WB3w4Hj
         Purg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=DYAfKOEgqTvyvH0yDy3llMH0PY9ahaiDfu83a2kBOFs=;
        b=sYGlINjxwmkVjtf833jvPzwyNafL0/PAyla4DsR4efJh/bLZVypFcTqzMbDr5gDFjw
         D7W3Ug0vAc5AMa2zfzhtdDYxJVW0Lij3fQElYXM63fM2DUj+9weZYx+HYKmh948jD0At
         wea3aVkk9UYyavWDBlzvstw2n9N37qo3EdtQlBaKE7xmYPzH2XWdFZxrOzoaBlGUjfLL
         pQfO8QOQb7fjAHf+S5rXFAeHWZZB9ydF4/Pv1ssmXFO1l6zL1Bozh09jcWCQKZccGOMz
         vq3Z415V8oKP3p3ryaT5JCsBLUa6v8zSLJZa0bSNVignDMGscXNzWFiG3MuPgxVeu/gw
         Wr8w==
X-Gm-Message-State: AOAM5302tkfL8ktuAt9I585cKdxbQF9B/HbhAsozqLLL5zas3JV1iMjU
	nC07wlNpKTCfvLNsO4AjP+054ntreMp5xGi4aqcd/tI5gFd5cQ==
X-Google-Smtp-Source: ABdhPJxcSizO6W8h2GV+qS06uMaeznfZ+zoijcOqzbPihxuHG8PsGc9HW19RbwJQQTgjZshpByRKce18anYGPKoMnRQ=
X-Received: by 2002:a05:6602:6c9:: with SMTP id n9mr28333723iox.91.1600465007846;
 Fri, 18 Sep 2020 14:36:47 -0700 (PDT)
MIME-Version: 1.0
References: <20200918192312.25978-1-yu-cheng.yu@intel.com> <20200918192312.25978-2-yu-cheng.yu@intel.com>
 <ce2524cc-081b-aec9-177a-11c7431cb20d@infradead.org> <20200918205933.GB4304@duo.ucw.cz>
 <CAMe9rOo0+SBPtN7yb8_-h0dRAoOXkad8wi9d-EiWAfgFSedXjQ@mail.gmail.com> <20200918212403.GE4304@duo.ucw.cz>
In-Reply-To: <20200918212403.GE4304@duo.ucw.cz>
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Fri, 18 Sep 2020 14:36:11 -0700
Message-ID: <CAMe9rOrO_Yat4VbeqDvs8UsjOhEtCiDW0pLY-kQkK8yND_iO_A@mail.gmail.com>
Subject: Re: [PATCH v12 1/8] x86/cet/ibt: Add Kconfig option for user-mode
 Indirect Branch Tracking
To: Pavel Machek <pavel@ucw.cz>
Cc: Randy Dunlap <rdunlap@infradead.org>, Yu-cheng Yu <yu-cheng.yu@intel.com>, 
	"the arch/x86 maintainers" <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>, 
	Ingo Molnar <mingo@redhat.com>, LKML <linux-kernel@vger.kernel.org>, 
	"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>, Linux-MM <linux-mm@kvack.org>, 
	linux-arch <linux-arch@vger.kernel.org>, Linux API <linux-api@vger.kernel.org>, 
	Arnd Bergmann <arnd@arndb.de>, Andy Lutomirski <luto@kernel.org>, Balbir Singh <bsingharora@gmail.com>, 
	Borislav Petkov <bp@alien8.de>, Cyrill Gorcunov <gorcunov@gmail.com>, 
	Dave Hansen <dave.hansen@linux.intel.com>, Eugene Syromiatnikov <esyr@redhat.com>, 
	Florian Weimer <fweimer@redhat.com>, Jann Horn <jannh@google.com>, Jonathan Corbet <corbet@lwn.net>, 
	Kees Cook <keescook@chromium.org>, Mike Kravetz <mike.kravetz@oracle.com>, 
	Nadav Amit <nadav.amit@gmail.com>, Oleg Nesterov <oleg@redhat.com>, 
	Peter Zijlstra <peterz@infradead.org>, "Ravi V. Shankar" <ravi.v.shankar@intel.com>, 
	Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>, Dave Martin <Dave.Martin@arm.com>, 
	Weijiang Yang <weijiang.yang@intel.com>
Content-Type: text/plain; charset="UTF-8"
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Fri, Sep 18, 2020 at 2:24 PM Pavel Machek <pavel@ucw.cz> wrote:
>
> Hi!
>
> > > > > +   help
> > > > > +     Indirect Branch Tracking (IBT) provides protection against
> > > > > +     CALL-/JMP-oriented programming attacks.  It is active when
> > > > > +     the kernel has this feature enabled, and the processor and
> > > > > +     the application support it.  When this feature is enabled,
> > > > > +     legacy non-IBT applications continue to work, but without
> > > > > +     IBT protection.
> > > > > +
> > > > > +     If unsure, say y
> > > >
> > > >         If unsure, say y.
> > >
> > > Actually, it would be "If unsure, say Y.", to be consistent with the
> > > rest of the Kconfig.
> > >
> > > But I wonder if Yes by default is good idea. Only very new CPUs will
> > > support this, right? Are they even available at the market? Should the
> > > help text say "if your CPU is Whatever Lake or newer, ...." :-) ?
> > >
> >
> > CET enabled kernel runs on all x86-64 processors.  All my machines
> > are running the same CET enabled kernel binary.
>
> I believe that.
>
> But enabling CET in kernel is useless on Core 2 Duo machine, right?
>

This is very important for CET kernel to run on Core 2 Duo machine.
Otherwise, a distro needs to provide 2 kernel binaries, one for CET
CPU and one for non-CET CPU.


-- 
H.J.