On 4/9/2021 10:14 AM, Borislav Petkov wrote:
On Fri, Apr 09, 2021 at 08:52:52AM -0700, Yu, Yu-cheng wrote:
Recall we had complicated code for the XSAVES features detection in
xstate.c. Dave Hansen proposed the solution and then the whole thing
becomes simple. Because of this flag, even when only the shadow stack is
available, the code handles it nicely.
Is that what you mean?
@@ -53,6 +55,8 @@ static short xsave_cpuid_features[] __initdata = {
X86_FEATURE_INTEL_PT,
X86_FEATURE_PKU,
X86_FEATURE_ENQCMD,
+ X86_FEATURE_CET, /* XFEATURE_CET_USER */
+ X86_FEATURE_CET, /* XFEATURE_CET_KERNEL */
or what is the piece which becomes simpler?
Yes, this is it.
Would this equal to only CONFIG_X86_CET (one Kconfig option)? In fact, when
you proposed only CONFIG_X86_CET, things became much simpler.
When you use CONFIG_X86_SHADOW_STACK instead, it should remain same
simple no?
Signals, arch_prctl, and ELF header are three places that need to depend
on either shadow stack or IBT is configured. To remain simple, we can
make all three depend on CONFIG_X86_SHADOW_STACK, and in Kconfig, make
CONFIG_X86_IBT depend on CONFIG_X86_SHADOW_STACK. Without shadow stack,
IBT itself is not as useful anyway.
Practically, IBT is not much in terms of code size. Since we have already
separated the two, why don't we leave it as-is. When people start using it
more, there will be more feedback, and we can decide if one Kconfig is
better?
Because when we add stuff to the kernel, we add the simplest and
cleanest version possible and later, when we determine that additional
functionality is needed, *then* we add it. Not the other way around.
Our Kconfig symbol space is already an abomination so we can't just add
some more and decide later.
What happens in such situations usually is stuff gets added, it bitrots
and some poor soul - very likely a maintainer who has to mop up after
everybody - comes and cleans it up. I'd like to save myself that
cleaning up.
Thx.