On 4/29/20 3:07 PM, Yu-cheng Yu wrote: > +Note: > + There is no CET-enabling arch_prctl function. By design, CET is enabled > + automatically if the binary and the system can support it. I think Andy and I danced around this last time. Let me try to say it more explicitly. I want CET kernel enabling to able to be disconnected from the on-disk binary. I want a binary compiled with CET to be able to disable it, and I want a binary not compiled with CET to be able to enable it. I want different threads in a process to be able to each have different CET status. Which JITs was this tested with? I think as a bare minimum we need to know that this design can accommodate _a_ modern JIT. It would be horrible if the browser javascript engines couldn't use this design, for instance.
