From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.6 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C13EFC43466 for ; Fri, 18 Sep 2020 21:46:50 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 422BF2311C for ; Fri, 18 Sep 2020 21:46:50 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="tfndcyVD" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 422BF2311C Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 90F998E0003; Fri, 18 Sep 2020 17:46:49 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 89B168E0001; Fri, 18 Sep 2020 17:46:49 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 787B68E0003; Fri, 18 Sep 2020 17:46:49 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0155.hostedemail.com [216.40.44.155]) by kanga.kvack.org (Postfix) with ESMTP id 5D7C58E0001 for ; Fri, 18 Sep 2020 17:46:49 -0400 (EDT) Received: from smtpin10.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay01.hostedemail.com (Postfix) with ESMTP id 2CAF5180AD802 for ; Fri, 18 Sep 2020 21:46:49 +0000 (UTC) X-FDA: 77277517338.10.sofa58_070ee622712e Received: from filter.hostedemail.com (10.5.16.251.rfc1918.com [10.5.16.251]) by smtpin10.hostedemail.com (Postfix) with ESMTP id 0C67816A0BE for ; Fri, 18 Sep 2020 21:46:49 +0000 (UTC) X-HE-Tag: sofa58_070ee622712e X-Filterd-Recvd-Size: 6858 Received: from mail-il1-f195.google.com (mail-il1-f195.google.com [209.85.166.195]) by imf36.hostedemail.com (Postfix) with ESMTP for ; Fri, 18 Sep 2020 21:46:48 +0000 (UTC) Received: by mail-il1-f195.google.com with SMTP id a19so7769686ilq.10 for ; Fri, 18 Sep 2020 14:46:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=tEtbTCyG2rnV0biaFUft9F3G7S1Bq/fIXdfXEt6SoFU=; b=tfndcyVD0M/bXUGTAbsmnIWMQiyXNfjabqa9SSP2Hj1voEfSH6Z1MBJtiAMWa2TGv1 6tPXBXrMNbJHxQlz5BVy8hna39lXHstRkN8uusvJjUOobFqCmqY69qlv4qoZjp4oM/Zw AVfbqa7IsxoEtMrYPIZIEDgWpIYIN1vuiJ96DlCPb1wYHvs9X0OsYUZH+MG+QTQiDOXi 4pyhof/Z1GDu5FqNz9E6GBuXXHjDu3lqtyxxc0njesBymBEY79/Uak2H0YczKaky8WAh YvMFt+FCI98OuqvIsX5aZ9Zkv0Evmzet9eK6ZwqgjBXEXvJG5s0LEA7jBUBLuxH4fdup xCAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=tEtbTCyG2rnV0biaFUft9F3G7S1Bq/fIXdfXEt6SoFU=; b=f+L9V05+0LpHcR0ZJU8gA8YOiu1HJcaHIT48+8RICJPf2dYCPF1MbL80kcnrURCbR7 eLwmXUoHhpgxMzbp3gMIfOmT2XK/meNQ8vwQVysID+N7RNzp3gPkSQmBIikE9o7ROewE OFdzmWsEfnN+mWcvaGEJAtKFYjrF2HOMDZogqT15biL7Vs7giEpagvhnsyYxLl96fm5b 3U+5iHNXNqErX0G9jnXcCoHLhz224FdsSAYbwblDUYc0qs80fjw1GT1CDG9DrVCDIJ6K bqOfUxZxWIWof9y5v33PeNXPcu/ZVcvOSByAasNCW/NIdZPH6akLcKC7YBQIi8f/tEqW c0NA== X-Gm-Message-State: AOAM533paiPpV3EbxD44WZwDgMtL5adLff/w3YsO6P89x+BHzBhwn2ok vHpteaHakozqLwG3CErVfd+QF83St5O0CHpITzvQfUhvuTGncQ== X-Google-Smtp-Source: ABdhPJwqRKc2lDEZUy74lLjvsye0RI/hv+bCAqYBBOF/2360WuZAZQ/oPtM7F2ODkpRnbVa9LomvtJnyqwSVzG9Pgx8= X-Received: by 2002:a92:c9c4:: with SMTP id k4mr8200166ilq.292.1600465608096; Fri, 18 Sep 2020 14:46:48 -0700 (PDT) MIME-Version: 1.0 References: <20200918192312.25978-1-yu-cheng.yu@intel.com> <20200918192312.25978-2-yu-cheng.yu@intel.com> <20200918205933.GB4304@duo.ucw.cz> <019b5e45-b116-7f3d-f1f2-3680afbd676c@intel.com> <20200918214020.GF4304@duo.ucw.cz> In-Reply-To: <20200918214020.GF4304@duo.ucw.cz> From: "H.J. Lu" Date: Fri, 18 Sep 2020 14:46:12 -0700 Message-ID: Subject: Re: [PATCH v12 1/8] x86/cet/ibt: Add Kconfig option for user-mode Indirect Branch Tracking To: Pavel Machek Cc: "Yu, Yu-cheng" , Randy Dunlap , "the arch/x86 maintainers" , "H. Peter Anvin" , Thomas Gleixner , Ingo Molnar , LKML , "open list:DOCUMENTATION" , Linux-MM , linux-arch , Linux API , Arnd Bergmann , Andy Lutomirski , Balbir Singh , Borislav Petkov , Cyrill Gorcunov , Dave Hansen , Eugene Syromiatnikov , Florian Weimer , Jann Horn , Jonathan Corbet , Kees Cook , Mike Kravetz , Nadav Amit , Oleg Nesterov , Peter Zijlstra , "Ravi V. Shankar" , Vedvyas Shanbhogue , Dave Martin , Weijiang Yang Content-Type: text/plain; charset="UTF-8" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Fri, Sep 18, 2020 at 2:40 PM Pavel Machek wrote: > > On Fri 2020-09-18 14:25:12, Yu, Yu-cheng wrote: > > On 9/18/2020 1:59 PM, Pavel Machek wrote: > > > On Fri 2020-09-18 13:24:13, Randy Dunlap wrote: > > > > Hi, > > > > > > > > If you do another version of this: > > > > > > > > On 9/18/20 12:23 PM, Yu-cheng Yu wrote: > > > > > Introduce Kconfig option X86_INTEL_BRANCH_TRACKING_USER. > > > > > > > > > > Indirect Branch Tracking (IBT) provides protection against CALL-/JMP- > > > > > oriented programming attacks. It is active when the kernel has this > > > > > feature enabled, and the processor and the application support it. > > > > > When this feature is enabled, legacy non-IBT applications continue to > > > > > work, but without IBT protection. > > > > > > > > > > Signed-off-by: Yu-cheng Yu > > > > > --- > > > > > v10: > > > > > - Change build-time CET check to config depends on. > > > > > > > > > > arch/x86/Kconfig | 16 ++++++++++++++++ > > > > > 1 file changed, 16 insertions(+) > > > > > > > > > > diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig > > > > > index 6b6dad011763..b047e0a8d1c2 100644 > > > > > --- a/arch/x86/Kconfig > > > > > +++ b/arch/x86/Kconfig > > > > > @@ -1963,6 +1963,22 @@ config X86_INTEL_SHADOW_STACK_USER > > > > > If unsure, say y. > > > > > +config X86_INTEL_BRANCH_TRACKING_USER > > > > > + prompt "Intel Indirect Branch Tracking for user-mode" > > > > > + def_bool n > > > > > + depends on CPU_SUP_INTEL && X86_64 > > > > > + depends on $(cc-option,-fcf-protection) > > > > > + select X86_INTEL_CET > > > > > + help > > > > > + Indirect Branch Tracking (IBT) provides protection against > > > > > + CALL-/JMP-oriented programming attacks. It is active when > > > > > + the kernel has this feature enabled, and the processor and > > > > > + the application support it. When this feature is enabled, > > > > > + legacy non-IBT applications continue to work, but without > > > > > + IBT protection. > > > > > + > > > > > + If unsure, say y > > > > > > > > If unsure, say y. > > > > > > Actually, it would be "If unsure, say Y.", to be consistent with the > > > rest of the Kconfig. > > > > > > But I wonder if Yes by default is good idea. Only very new CPUs will > > > support this, right? Are they even available at the market? Should the > > > help text say "if your CPU is Whatever Lake or newer, ...." :-) ? > > > > I will revise the wording if there is another version. But a CET-capable > > kernel can run on legacy systems. We have been testing that combination. > > Yes, but enabling CET is unneccessary overhead on older systems. And > Kconfig is great place to explain that. > I can't tell any visible CET kernel overhead on my non-CET machines. -- H.J.