On Fri, Sep 18, 2020 at 2:00 PM Pavel Machek <pavel@xxxxxx> wrote: > > On Fri 2020-09-18 12:32:57, Dave Hansen wrote: > > On 9/18/20 12:23 PM, Yu-cheng Yu wrote: > > > Emulation of the legacy vsyscall page is required by some programs > > > built before 2013. Newer programs after 2013 don't use it. > > > Disable vsyscall emulation when Control-flow Enforcement (CET) is > > > enabled to enhance security. > > > > How does this "enhance security"? > > > > What is the connection between vsyscall emulation and CET? > > Boom. > > We don't break compatibility by default, and you should not tell > people to enable CET by default if you plan to do this. > Nothing will be broken. CET enabled applications don't use/need vsyscall emulation. -- H.J.
