From: Peter Zijlstra <peterz@infradead.org>
To: "Edgecombe, Rick P" <rick.p.edgecombe@intel.com>
Cc: "Torvalds, Linus" <torvalds@linux-foundation.org>,
"keescook@chromium.org" <keescook@chromium.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"fweimer@redhat.com" <fweimer@redhat.com>,
"hjl.tools@gmail.com" <hjl.tools@gmail.com>,
"x86@kernel.org" <x86@kernel.org>
Subject: Re: CET shadow stack app compatibility
Date: Tue, 15 Nov 2022 10:43:59 +0100 [thread overview]
Message-ID: <Y3NfX0zXDIZztwKL@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <7d8133c7e0186bdaeb3893c1c808148dc0d11945.camel@intel.com>
Let me hijack this and go off on a tangent..
On Mon, Nov 14, 2022 at 11:15:44PM +0000, Edgecombe, Rick P wrote:
> The breakage derives from how the decision is made on whether to enable
> shadow stack enforcement. Glibc will do this by checking a bit in the
> elf header of the binary. It then tells the kernel to turn CET on via a
> separate kernel API. But instead of this elf bit being selected by
> application developers, it was mostly applied in various automated ways
> (mostly default on) by distro builds for years. This huge amount of
> untested enablement has not generated any visible issues for users yet,
> because without kernel support the presence of this bit has not
> generated any actual CET enforcement.
CET is two things, ideally we're fully eradicate the term CET, never
again mention CET, ever. Whoever at Intel decided to push that term has
created so much confusion it's not funny :/
The feature at hand here is backward edge control flow -- or shadow
stacks (the means to implement this). Be explicit about this, do *NOT*
use CET ever again.
The other thing CET has is forward edge control flow -- or indirect
branch tracking, this is a completely different and independent feature
and not advertised or implemented here.
These things are obviously related, but since they're two independent
features there's the endless confusion as to which is actually meant.
(go (re)watch the last plumbers conf talks on the subject -- there's
always someone who gets is wrong)
The only things that should have CET in their name are the CR4 bit and
the two MSRs, nothing more.
ELF bits should not, must not, be called CET. API, not CET, Compiler
features, also not CET.
(and I know it's too late to eradicate some of it, but please, at least
make sure the kernel doesn't propagate this nonsense).
next prev parent reply other threads:[~2022-11-15 9:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-14 23:15 CET shadow stack app compatibility Edgecombe, Rick P
2022-11-15 2:01 ` Linus Torvalds
2022-11-15 7:33 ` Florian Weimer
2022-11-15 16:57 ` Edgecombe, Rick P
2022-12-02 18:48 ` Florian Weimer
2022-12-05 19:02 ` Edgecombe, Rick P
2022-11-15 9:43 ` Peter Zijlstra [this message]
2022-11-15 17:04 ` Edgecombe, Rick P
2022-11-15 18:45 ` Peter Zijlstra
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y3NfX0zXDIZztwKL@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=fweimer@redhat.com \
--cc=hjl.tools@gmail.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=rick.p.edgecombe@intel.com \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).