> On Mar 9, 2020, at 2:13 PM, H.J. Lu <hjl.tools@xxxxxxxxx> wrote: > > On Mon, Mar 9, 2020 at 1:59 PM Dave Hansen <dave.hansen@xxxxxxxxx> wrote: >> >> On 3/9/20 1:54 PM, H.J. Lu wrote: >>>> If a program with the magic ELF CET flags missing can’t make a >>>> thread with IBT and/or SHSTK enabled, then I think we’ve made an >>>> error and should fix it. >>>> >>> A non-CET program can start a CET program and vice versa. >> >> Could we be specific here, please? >> >> HJ are you saying that: >> * CET program can execve() a non-CET program, and >> * a non-CET program can execve() a CET program >> >> ? > > Yes. > >> That's obvious. >> >> But what are the rules for clone()? Should there be rules for >> mismatches for CET enabling between threads if a process (not child >> processes)? > > What did you mean? A threaded application is either CET enabled or not > CET enabled. A new thread from clone makes no difference. Why? Dave’s example seems like a good reason to allow per-thread control. > > -- > H.J.
