From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9FE87C4332F for ; Wed, 21 Dec 2022 10:42:06 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 297078E0002; Wed, 21 Dec 2022 05:42:06 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 247E48E0001; Wed, 21 Dec 2022 05:42:06 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 10FBA8E0002; Wed, 21 Dec 2022 05:42:06 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 013258E0001 for ; Wed, 21 Dec 2022 05:42:05 -0500 (EST) Received: from smtpin17.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id B5210160385 for ; Wed, 21 Dec 2022 10:42:05 +0000 (UTC) X-FDA: 80265973410.17.6C6E77A Received: from mail.skyhub.de (mail.skyhub.de [5.9.137.197]) by imf26.hostedemail.com (Postfix) with ESMTP id CD7F4140007 for ; Wed, 21 Dec 2022 10:42:03 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=alien8.de header.s=dkim header.b=GRapVaWD; dmarc=pass (policy=none) header.from=alien8.de; spf=pass (imf26.hostedemail.com: domain of bp@alien8.de designates 5.9.137.197 as permitted sender) smtp.mailfrom=bp@alien8.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1671619324; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=7CkPGRhXt3C7bFJAAfAquxjwR0jOGrK7nYvDtt66hu0=; b=GdxxUWEs1U3hBG+arILwO3DLmxhKc9arn+vv/FkA5d/sRgjjhNTqhFD3hRp/D53xjRA0dw H691ksue/V/Lz3Rkh1kSZ/PtNCpF9xtK3wlR3N5oe5QuX3xACaHUHhYdJifdRDnpVSE0iS rrZlLdN9yLPNE6KDqAymGguiZZY1Tig= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=alien8.de header.s=dkim header.b=GRapVaWD; dmarc=pass (policy=none) header.from=alien8.de; spf=pass (imf26.hostedemail.com: domain of bp@alien8.de designates 5.9.137.197 as permitted sender) smtp.mailfrom=bp@alien8.de ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1671619324; a=rsa-sha256; cv=none; b=AOWAE5fNkVd90EQXpOJSnzunYSWY9dtBXA6fwsc4RaOSI0/DochOj6/GnArfIDbifs7l+j 7Wrw7e4g9L9hY3GKAQ+o9oJTY/4z2P5S86z9HW14NwDB4l2ELNqfwQJhJUK9oXsTNTG2Gt rlW8BlSgakszDBiTjziGWwMEUkcO4hk= Received: from zn.tnic (p5de8e9fe.dip0.t-ipconnect.de [93.232.233.254]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 6336C1EC02DD; Wed, 21 Dec 2022 11:42:02 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1671619322; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=7CkPGRhXt3C7bFJAAfAquxjwR0jOGrK7nYvDtt66hu0=; b=GRapVaWDu6lZKfhjZkiYhoCHcSPH+kXJtn6xjHiQKh9E52C2tgrmD9oM27Qi8Fx3F0TQnp Tx+E5Ly5kbjJqyLrEbKUFVUEN4r5ZwOENt65wDkoyUzNgSL74aL+jBj194kl+VeDrmtZV6 s0lwbodldKDf8V+pdOweza6DxQ4DwwY= Date: Wed, 21 Dec 2022 11:41:58 +0100 From: Borislav Petkov To: "Edgecombe, Rick P" Cc: "akpm@linux-foundation.org" , "tglx@linutronix.de" , "linux-arch@vger.kernel.org" , "kcc@google.com" , "Lutomirski, Andy" , "nadav.amit@gmail.com" , "kirill.shutemov@linux.intel.com" , "Schimpe, Christina" , "peterz@infradead.org" , "corbet@lwn.net" , "linux-kernel@vger.kernel.org" , "jannh@google.com" , "dethoma@microsoft.com" , "x86@kernel.org" , "pavel@ucw.cz" , "rdunlap@infradead.org" , "linux-api@vger.kernel.org" , "john.allen@amd.com" , "arnd@arndb.de" , "jamorris@linux.microsoft.com" , "rppt@kernel.org" , "bsingharora@gmail.com" , "mike.kravetz@oracle.com" , "oleg@redhat.com" , "fweimer@redhat.com" , "keescook@chromium.org" , "gorcunov@gmail.com" , "Yu, Yu-cheng" , "andrew.cooper3@citrix.com" , "hpa@zytor.com" , "mingo@redhat.com" , "mtk.manpages@gmail.com" , "hjl.tools@gmail.com" , "linux-mm@kvack.org" , "Syromiatnikov, Eugene" , "Yang, Weijiang" , "linux-doc@vger.kernel.org" , "dave.hansen@linux.intel.com" , "Eranian, Stephane" Subject: Re: [PATCH v4 07/39] x86: Add user control-protection fault handler Message-ID: References: <20221203003606.6838-1-rick.p.edgecombe@intel.com> <20221203003606.6838-8-rick.p.edgecombe@intel.com> <3aaf1b0d67492415acb9b3d06bb97e916cb7b77a.camel@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <3aaf1b0d67492415acb9b3d06bb97e916cb7b77a.camel@intel.com> X-Rspamd-Queue-Id: CD7F4140007 X-Rspamd-Server: rspam09 X-Rspam-User: X-Stat-Signature: hhoe434349omot997xroom5o8qbr9gzm X-HE-Tag: 1671619323-852190 X-HE-Meta: U2FsdGVkX18vQQ5cXIA4lfqMdSbTxgBzGc5EhIDa23rHeo5Da2/GXSbBETyJcLsUw9HqUeBMudt6Q1K3vIAdO3E1MKzcZfA5DrM/2qs5ktNVcCkh97p8DuuCbgB0/yqOfWxqycb+pCnPADeXXzJqWA7zQAg77D70hvH8nfYX1WZYwUssvWG2llS/WUn6gHR1tYvNsK/Sjx31GM2Hmk2yzH4boK35yyKO9WZnXvmHRlrH381QhIdaU0s7fkbiiOc+pPJdn8u7y0+q7DbAmytnx4cb8o+omLRLtkVhX48PYECL6rP7amvaQ8s5Mq2PakjNrIc3S3SAqmAT/EYtjGaWri/EnL+ZWJbPfNlyd2rCJojNDwscKetXP0Oly6hUYnpVJGMLlarI711kXTX6EmaqvFrX1/Hkf2z4knANJhmIORK/AkySZ4OFj6tNav7Aezykhmp6r8Zogj18ICkfQhjA887bK8fH/nHhX1qhkV1iwV93M9eZqon+vzKFF9marl47AnSGCCjBnoLRg+BdetH7g9VEvy1oJnXtkqFd9Wa2znPUOQ1FVXqOwaZSSfRemiwrM3XsKhm2qnEERFCpCIkOaaJxkB1zH8F2f9UqAxGZ7SC2ZsfRTB4x/QGiB0Of10zU0vpi3pgKHnxS380i5gZiu1L7mjKbfbrMuu0hzIlB/7mfnGMudaNugumLu0AdLUv7U+3K6etFGZISOPBRaYqn50/1cJxhB1d/6DScM2MxwmdY8IHu23MHwHg72EIp5mTmtV8b8Q3luTW2soJMeYD7ICLy2N2v26iu7Rt1eLUBY2D9bAgh5q6ld0HR66I5KZMyRz9RI/C14y57kqJuiU4jr3+wz5ECwqgstjvJd6b5FvRH+LiV+fVVvGU4wHGwDfTYc+f9OTGf4RHDNB9Uvg5snMzMl6P1gU1Yv1ir1FdKP7lRraWnmXhP+8RIFg7phi6tvLsnduTYnjnnoGReiYB sEQ== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Wed, Dec 21, 2022 at 12:37:51AM +0000, Edgecombe, Rick P wrote: > You mean having separate paths for kernel IBT and user shadow stack > that compile out? I guess it could just all be in place if > CONFIG_X86_CET is in place. > > I don't know, I thought it was relatively clean, but I can remove it. Yeah, I'm wondering if we really need the ifdeffery. I always question ifdeffery because it is a) ugly, b) a mess to deal with and having it is not really worth it. Yeah, we save a couple of KBs, big deal. What would practically happen is, shadow stack will be default-enabled on the majority of kernels out there - distro ones - so it will be enabled practically everywhere. And it'll be off only in some self-built kernels which are the very small minority. And how much are the space savings with the whole set applied, with and without the Kconfig item enabled? Probably only a couple of KBs. And if so, I'm thinking we could at least make the traps.c stuff unconditional - it'll be there but won't run. Unless we get some weird #CP but it'll be caught by do_unexpected_cp(). And you have feature tests everywhere so it's not like it'll get "misused". And when you do that, you'll have everything a lot simpler, a lot less Kconfig items to build-test and all good. Right? Or am I completely way off into the weeds here and am missing an important aspect...? Thx. -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette