On Fri 2020-09-18 14:21:10, Yu, Yu-cheng wrote: > On 9/18/2020 2:00 PM, Pavel Machek wrote: > > On Fri 2020-09-18 12:32:57, Dave Hansen wrote: > > > On 9/18/20 12:23 PM, Yu-cheng Yu wrote: > > > > Emulation of the legacy vsyscall page is required by some programs > > > > built before 2013. Newer programs after 2013 don't use it. > > > > Disable vsyscall emulation when Control-flow Enforcement (CET) is > > > > enabled to enhance security. > > > > > > How does this "enhance security"? > > > > > > What is the connection between vsyscall emulation and CET? > > > > Boom. > > > > We don't break compatibility by default, and you should not tell > > people to enable CET by default if you plan to do this. > > I would revise the wording if there is another version. What this patch > does is: > > If an application is compiled for CET and the system supports it, then the > application cannot do vsyscall emulation. Earlier we allow the emulation, > and had a patch that fixes the shadow stack and endbr for the emulation > code. Since newer programs mostly do no do the emulation, we changed the > patch do block it when attempted. > > This patch would not block any legacy applications or any applications on > older machines. Aha, makes sense, sorry for the noise. Best regards, Pavel -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: PGP signature