Re: [PATCH v12 1/8] x86/cet/ibt: Add Kconfig option for user-mode Indirect Branch Tracking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 18, 2020 at 2:24 PM Pavel Machek <pavel@xxxxxx> wrote:
>
> Hi!
>
> > > > > +   help
> > > > > +     Indirect Branch Tracking (IBT) provides protection against
> > > > > +     CALL-/JMP-oriented programming attacks.  It is active when
> > > > > +     the kernel has this feature enabled, and the processor and
> > > > > +     the application support it.  When this feature is enabled,
> > > > > +     legacy non-IBT applications continue to work, but without
> > > > > +     IBT protection.
> > > > > +
> > > > > +     If unsure, say y
> > > >
> > > >         If unsure, say y.
> > >
> > > Actually, it would be "If unsure, say Y.", to be consistent with the
> > > rest of the Kconfig.
> > >
> > > But I wonder if Yes by default is good idea. Only very new CPUs will
> > > support this, right? Are they even available at the market? Should the
> > > help text say "if your CPU is Whatever Lake or newer, ...." :-) ?
> > >
> >
> > CET enabled kernel runs on all x86-64 processors.  All my machines
> > are running the same CET enabled kernel binary.
>
> I believe that.
>
> But enabling CET in kernel is useless on Core 2 Duo machine, right?
>

This is very important for CET kernel to run on Core 2 Duo machine.
Otherwise, a distro needs to provide 2 kernel binaries, one for CET
CPU and one for non-CET CPU.


-- 
H.J.




[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [eCos]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux