Message ID | 20210722205219.7934-1-yu-cheng.yu@intel.com (mailing list archive) |
---|---|
Headers | show |
Series | Control-flow Enforcement: Shadow Stack | expand |
On 7/22/21 1:51 PM, Yu-cheng Yu wrote: > Linux distributions with CET are available now, and Intel processors with CET > are already on the market. It would be nice if CET support can be accepted > into the kernel. > > Changes in v28: > - Rebase to Linus tree v5.14-rc2. > - Patch #1: Update Document to indicate no-user-shstk also disables IBT. > - Patch #23: Update shstk_setup() with wrmsrl_safe(). Update return value. > - Patch #25: Split out copy_thread() changes. Add support for old clone(). > Add comments. > - Add comments for get_xsave_addr() (Patch #25, #26). Could you characterize where this whole thing is? Are we at the point where the feedback is slowing down? What kind of feedback are you getting? How stable is the ABI versus the last revision?
On 7/22/2021 2:08 PM, Dave Hansen wrote: > On 7/22/21 1:51 PM, Yu-cheng Yu wrote: >> Linux distributions with CET are available now, and Intel processors with CET >> are already on the market. It would be nice if CET support can be accepted >> into the kernel. >> >> Changes in v28: >> - Rebase to Linus tree v5.14-rc2. >> - Patch #1: Update Document to indicate no-user-shstk also disables IBT. >> - Patch #23: Update shstk_setup() with wrmsrl_safe(). Update return value. >> - Patch #25: Split out copy_thread() changes. Add support for old clone(). >> Add comments. >> - Add comments for get_xsave_addr() (Patch #25, #26). > > Could you characterize where this whole thing is? > > Are we at the point where the feedback is slowing down? What kind of > feedback are you getting? How stable is the ABI versus the last revision? > The ABI has not changed since last version, except the addition of shadow stack support for legacy clone(). This does not de-stabilize the ABI. Looking back at recent feedback: - Boris had given lots of comments on code flow, syntax, etc. Those are all addressed. - Andy L. commented on the signal handling part, especially the introduction of a ucontext extension. That is eliminated and now there is the UC_WAIT_ENDBR flag. - Kirill commented a few issues on mm patches. Those are addressed. - Peter Z. requested splitting shadow stack and ibt. That is done. As for running/testing of the series, overall it is stable. Yu-cheng