From: Peter Zijlstra <peterz@infradead.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Dave Hansen <dave.hansen@intel.com>, Borislav Petkov <bp@suse.de>,
Linus Torvalds <torvalds@linux-foundation.org>,
Steven Rostedt <rostedt@goodmis.org>, x86-ml <x86@kernel.org>,
lkml <linux-kernel@vger.kernel.org>
Subject: Re: [GIT PULL] x86/urgent for v5.11-rc7
Date: Mon, 8 Feb 2021 11:33:30 +0100 [thread overview]
Message-ID: <YCETejMWLKW9Se6p@hirez.programming.kicks-ass.net> (raw)
In-Reply-To: <2BFAADF3-EBAA-46D6-B1F6-7A41CB85DA1C@amacapital.net>
On Sun, Feb 07, 2021 at 10:31:32AM -0800, Andy Lutomirski wrote:
>
> > On Feb 7, 2021, at 10:19 AM, Dave Hansen <dave.hansen@intel.com> wrote:
> >
> > On 2/7/21 9:58 AM, Borislav Petkov wrote:
> >>> On Sun, Feb 07, 2021 at 09:49:18AM -0800, Linus Torvalds wrote:
> >>> On Sun, Feb 7, 2021 at 2:40 AM Borislav Petkov <bp@suse.de> wrote:
> >>>> - Disable CET instrumentation in the kernel so that gcc doesn't add
> >>>> ENDBR64 to kernel code and thus confuse tracing.
> >>> So this is clearly the right thing to do for now, but I wonder if
> >>> people have a plan for actually enabling CET and endbr at cpl0 at some
> >>> point?
> >> It probably is an item on some Intel manager's to-enable list. So far,
> >> the CET enablement concentrates only on userspace but dhansen might know
> >> more about future plans. CCed.
> >
> > It's definitely on our radar to look at after CET userspace.
> >
> > The only question for me is whether it will be worth doing with the
> > exiting kernel entry/exit architecture.
>
> I assume you mean: is anyone sufficiently inspired to try to handle
> NMI correctly? I have a whole pile of nacks saved up for incorrect
> implementations, although I will try to wrap them in polite
> explanations of precisely what is wrong :)
Yeah, the IST stack recursion possibilities are 'fun'. But IIRC CET-SS
has far more problems than just NMI. It will also run into all the ROP
tricks we pull for return tracing, CALL emulation and other lovely
things.
next prev parent reply other threads:[~2021-02-08 10:44 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-07 10:40 [GIT PULL] x86/urgent for v5.11-rc7 Borislav Petkov
2021-02-07 17:49 ` Linus Torvalds
2021-02-07 17:58 ` Borislav Petkov
2021-02-07 18:15 ` Linus Torvalds
2021-02-07 18:32 ` Dave Hansen
2021-02-07 18:40 ` Linus Torvalds
2021-02-07 22:45 ` Josh Poimboeuf
2021-02-08 15:02 ` Steven Rostedt
2021-02-08 15:33 ` Josh Poimboeuf
2021-02-08 15:47 ` Peter Zijlstra
2021-02-08 16:15 ` Steven Rostedt
2021-02-09 8:32 ` Miroslav Benes
2021-02-09 14:49 ` Steven Rostedt
2021-02-09 15:16 ` Miroslav Benes
2021-02-09 16:45 ` Alexei Starovoitov
2021-02-09 16:55 ` Andy Lutomirski
2021-02-09 18:09 ` Linus Torvalds
2021-02-09 18:26 ` Andy Lutomirski
2021-02-09 18:39 ` Linus Torvalds
2021-02-07 18:19 ` Dave Hansen
2021-02-07 18:31 ` Andy Lutomirski
2021-02-08 10:33 ` Peter Zijlstra [this message]
2021-02-07 20:44 ` Alexei Starovoitov
2021-02-07 22:35 ` Dave Hansen
2021-02-08 16:11 ` Yu, Yu-cheng
2021-02-07 18:29 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YCETejMWLKW9Se6p@hirez.programming.kicks-ass.net \
--to=peterz@infradead.org \
--cc=bp@suse.de \
--cc=dave.hansen@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=rostedt@goodmis.org \
--cc=torvalds@linux-foundation.org \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox