Re: [PATCH v12 8/8] x86: Disallow vsyscall emulation when CET is enabled

From: H.J. Lu
Date: Fri Sep 18 2020 - 17:06:40 EST

Next message: Linus Torvalds: "Re: [PATCH 1/4] mm: Trial do_wp_page() simplification"
Previous message: John Hubbard: "Re: [PATCH 1/4] mm: Trial do_wp_page() simplification"
In reply to: Pavel Machek: "Re: [PATCH v12 8/8] x86: Disallow vsyscall emulation when CET is enabled"
Next in thread: Dave Hansen: "Re: [PATCH v12 8/8] x86: Disallow vsyscall emulation when CET is enabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Sep 18, 2020 at 2:00 PM Pavel Machek <pavel@xxxxxx> wrote:
>
> On Fri 2020-09-18 12:32:57, Dave Hansen wrote:
> > On 9/18/20 12:23 PM, Yu-cheng Yu wrote:
> > > Emulation of the legacy vsyscall page is required by some programs
> > > built before 2013. Newer programs after 2013 don't use it.
> > > Disable vsyscall emulation when Control-flow Enforcement (CET) is
> > > enabled to enhance security.
> >
> > How does this "enhance security"?
> >
> > What is the connection between vsyscall emulation and CET?
>
> Boom.
>
> We don't break compatibility by default, and you should not tell
> people to enable CET by default if you plan to do this.
>

Nothing will be broken. CET enabled applications don't use/need
vsyscall emulation.

--
H.J.

Next message: Linus Torvalds: "Re: [PATCH 1/4] mm: Trial do_wp_page() simplification"
Previous message: John Hubbard: "Re: [PATCH 1/4] mm: Trial do_wp_page() simplification"
In reply to: Pavel Machek: "Re: [PATCH v12 8/8] x86: Disallow vsyscall emulation when CET is enabled"
Next in thread: Dave Hansen: "Re: [PATCH v12 8/8] x86: Disallow vsyscall emulation when CET is enabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]