Re: [PATCH v28 00/32] Control-flow Enforcement: Shadow Stack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/22/2021 2:08 PM, Dave Hansen wrote:
On 7/22/21 1:51 PM, Yu-cheng Yu wrote:
Linux distributions with CET are available now, and Intel processors with CET
are already on the market.  It would be nice if CET support can be accepted
into the kernel.

Changes in v28:
- Rebase to Linus tree v5.14-rc2.
- Patch #1: Update Document to indicate no-user-shstk also disables IBT.
- Patch #23: Update shstk_setup() with wrmsrl_safe().  Update return value.
- Patch #25: Split out copy_thread() changes.  Add support for old clone().
   Add comments.
- Add comments for get_xsave_addr() (Patch #25, #26).

Could you characterize where this whole thing is?

Are we at the point where the feedback is slowing down?  What kind of
feedback are you getting?  How stable is the ABI versus the last revision?


The ABI has not changed since last version, except the addition of shadow stack support for legacy clone(). This does not de-stabilize the ABI.

Looking back at recent feedback:

- Boris had given lots of comments on code flow, syntax, etc. Those are all addressed.

- Andy L. commented on the signal handling part, especially the introduction of a ucontext extension. That is eliminated and now there is the UC_WAIT_ENDBR flag.

- Kirill commented a few issues on mm patches.  Those are addressed.

- Peter Z. requested splitting shadow stack and ibt.  That is done.

As for running/testing of the series, overall it is stable.

Yu-cheng



[Index of Archives]     [Linux Kernel]     [Kernel Newbies]     [x86 Platform Driver]     [Netdev]     [Linux Wireless]     [Netfilter]     [Bugtraq]     [Linux Filesystems]     [Yosemite Discussion]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Device Mapper]

  Powered by Linux