From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=qj00=43=kvack.org=owner-linux-mm@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,
	URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 3AFCCC10F25
	for <linux-mm@archiver.kernel.org>; Tue, 10 Mar 2020 02:14:13 +0000 (UTC)
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by mail.kernel.org (Postfix) with ESMTP id D38BE2146E
	for <linux-mm@archiver.kernel.org>; Tue, 10 Mar 2020 02:14:12 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="L6Xq9iZG"
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org D38BE2146E
Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix)
	id 3CCAB6B0098; Mon,  9 Mar 2020 22:14:12 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 37D996B0099; Mon,  9 Mar 2020 22:14:12 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 26CEC6B009A; Mon,  9 Mar 2020 22:14:12 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from forelay.hostedemail.com (smtprelay0182.hostedemail.com [216.40.44.182])
	by kanga.kvack.org (Postfix) with ESMTP id 0C19C6B0098
	for <linux-mm@kvack.org>; Mon,  9 Mar 2020 22:14:12 -0400 (EDT)
Received: from smtpin13.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251])
	by forelay05.hostedemail.com (Postfix) with ESMTP id B7C08181AEF10
	for <linux-mm@kvack.org>; Tue, 10 Mar 2020 02:14:11 +0000 (UTC)
X-FDA: 76577832702.13.man69_41b219834a656
X-HE-Tag: man69_41b219834a656
X-Filterd-Recvd-Size: 5636
Received: from mail-ot1-f67.google.com (mail-ot1-f67.google.com [209.85.210.67])
	by imf04.hostedemail.com (Postfix) with ESMTP
	for <linux-mm@kvack.org>; Tue, 10 Mar 2020 02:14:11 +0000 (UTC)
Received: by mail-ot1-f67.google.com with SMTP id k26so4449876otr.2
        for <linux-mm@kvack.org>; Mon, 09 Mar 2020 19:14:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc:content-transfer-encoding;
        bh=gAewQcsa0gHih3wXpHAV80ssMemQtrtXXF853KTte9o=;
        b=L6Xq9iZGLEa1l14/JrlBDJBkv6HSKObpOzYqkDvz6JQ3GsPAHMI1pWejPHQchkBx/J
         7DYTfbBRiVRSC0rvWKTxzNI97bTlim0XdN1HVXIso9GWDDH9ZIEbUsirmgrK6cjDzCTV
         Ge94uFgJxo8bbnbP094yO7yKys8bFQDoQAIyZXhbAPUTDKRJU0Y23zTDUcqdQo0643N+
         scYHFsyP+aMiDWTUKAw8HAzoul6KYwMEnWVYDdb1HCxu9FCzTzNwuC4hfZJEYYtjNDbh
         71T4jtmAKGVBmywAehooLNjMEYzMwT8EoZhKl4EpuxgMTAxYCKfHbzE3aG4uKl6iobk8
         PSag==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc:content-transfer-encoding;
        bh=gAewQcsa0gHih3wXpHAV80ssMemQtrtXXF853KTte9o=;
        b=GI5XLn2cDnkPYMb8Gutbads16pEIQ8O6WCleDlsNioBCbQmNr9Uxj2pb4y3rwIymB+
         hh/wUJ901NpcbjWByvG/8332BxcF0AXgxkT+3+EyOcM5UiQGiibC9O74EVY3Fvwp/wLE
         NrmjUOVy+frvztGUDVb6yVUcARKe8ACFab1Xdu/hXehv40JRwkR4Dn4cShxmRTjOODGY
         cqmv3XeGLuzC7c9csXXouMGKUeCwwHDQACzGUCMU3uaj7F/QmzzfInZTKE63tvbnr/hz
         9Ao4M3JywmHQ/Sn3fITI1nBIYJwV86FSV7JxhHUAyzfybe3JECrvDQR4CcXIu68ZplbQ
         pTvA==
X-Gm-Message-State: ANhLgQ1ENhS9RXD9qbs+C9qwQBbTwIj1sKb9CNyzfOioPYTggmO5Hwb4
	cuKvhPvhLrSfHYSCdM49nEtkqdRNCDkNOGwGX8A=
X-Google-Smtp-Source: ADFU+vtaVVdLu4F7XALa/kOBsPcMpoxoqzHShyPAI8Uyv+DJuJS2VG1IYhdWG4KhM/G0WcnD+WqCE+VveBubEMUEXwI=
X-Received: by 2002:a9d:19ef:: with SMTP id k102mr12179526otk.220.1583806450481;
 Mon, 09 Mar 2020 19:14:10 -0700 (PDT)
MIME-Version: 1.0
References: <CAMe9rOpJjaro_qK6kghGNuSHDaP_MjVaZMbok2kbuBD48VmvXg@mail.gmail.com>
 <E7E7A2AE-500A-4817-B00A-BE419E89C6F9@amacapital.net>
In-Reply-To: <E7E7A2AE-500A-4817-B00A-BE419E89C6F9@amacapital.net>
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Mon, 9 Mar 2020 19:13:34 -0700
Message-ID: <CAMe9rOoZazTpWcK1hr4d25z8Gv3yGbpn_48R1RHGfq-aDOJ0Eg@mail.gmail.com>
Subject: Re: [RFC PATCH v9 01/27] Documentation/x86: Add CET description
To: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>, Yu-cheng Yu <yu-cheng.yu@intel.com>, 
	"the arch/x86 maintainers" <x86@kernel.org>, "H. Peter Anvin" <hpa@zytor.com>, Thomas Gleixner <tglx@linutronix.de>, 
	Ingo Molnar <mingo@redhat.com>, LKML <linux-kernel@vger.kernel.org>, 
	"open list:DOCUMENTATION" <linux-doc@vger.kernel.org>, Linux-MM <linux-mm@kvack.org>, 
	linux-arch <linux-arch@vger.kernel.org>, Linux API <linux-api@vger.kernel.org>, 
	Arnd Bergmann <arnd@arndb.de>, Andy Lutomirski <luto@kernel.org>, Balbir Singh <bsingharora@gmail.com>, 
	Borislav Petkov <bp@alien8.de>, Cyrill Gorcunov <gorcunov@gmail.com>, 
	Dave Hansen <dave.hansen@linux.intel.com>, Eugene Syromiatnikov <esyr@redhat.com>, 
	Florian Weimer <fweimer@redhat.com>, Jann Horn <jannh@google.com>, Jonathan Corbet <corbet@lwn.net>, 
	Kees Cook <keescook@chromium.org>, Mike Kravetz <mike.kravetz@oracle.com>, 
	Nadav Amit <nadav.amit@gmail.com>, Oleg Nesterov <oleg@redhat.com>, Pavel Machek <pavel@ucw.cz>, 
	Peter Zijlstra <peterz@infradead.org>, Randy Dunlap <rdunlap@infradead.org>, 
	"Ravi V. Shankar" <ravi.v.shankar@intel.com>, 
	Vedvyas Shanbhogue <vedvyas.shanbhogue@intel.com>, Dave Martin <Dave.Martin@arm.com>, 
	x86-patch-review@intel.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>

On Mon, Mar 9, 2020 at 6:21 PM Andy Lutomirski <luto@amacapital.net> wrote:
>
> I am baffled by this discussion.
>
> >> On Mar 9, 2020, at 5:09 PM, H.J. Lu <hjl.tools@gmail.com> wrote:
> >>
> >> =EF=BB=BFOn Mon, Mar 9, 2020 at 4:59 PM Andy Lutomirski <luto@amacapit=
al.net> wrote:
> >
> >>>> .
> >> This could presumably have been fixed by having libpcre or sljit
> >> disable IBT before calling into JIT code or by running the JIT code in
> >> another thread.  In the other direction, a non-CET libpcre build could
> >> build IBT-capable JITted code and enable JIT (by syscall if we allow
> >> that or by creating a thread?) when calling it.  And IBT has this
> >
> > This is not how thread in user space works.
>
> void create_cet_thread(void (*func)(), unsigned int cet_flags);
>
> I could implement this using clone() if the kernel provides the requisite=
 support. Sure, creating threads behind libc=E2=80=99s back like this is pe=
rilous, but it can be done.

Sure, this can live outside of libc with kernel support.

> >
> >> fancy legacy bitmap to allow non-instrumented code to run with IBT on,
> >> although SHSTK doesn't have hardware support for a similar feature.
> >
> > All these changes are called CET enabing.
>
> What does that mean?  If program A loads library B, and library B very ca=
refully loads CET-mismatched code, program A may be blissfully unaware.

Any source changes to make codes CET compatible is to enable CET.

Shadow stack can't be turned on or off arbitrarily.  ld.so checks it and
makes sure that everything is consistent.  But this is entirely done in
user space.  In the first phase, we want to make CET simple, not too
complicated.


H.J.