* Rick P. Edgecombe: > On Sun, 2022-11-06 at 10:33 +0100, Florian Weimer wrote: >> * H. J. Lu: >> >> > This change doesn't make a binary CET compatible. It just requires >> > that the toolchain must be updated and all binaries have to be >> > recompiled with the new toolchain to enable CET. It doesn't solve >> > any >> > issue which can't be solved by not updating glibc. >> >> Right, and it doesn't even address the library case (the kernel would >> have to hook into mmap for that). The kernel shouldn't do this. > > Shadow stack shouldn't enable as a result of loading a library, if > that's what you mean. It's the opposite—loading incompatible libraries needs to disable shadow stack (or ideally, not enable it in the first place). Technically, I think most incompatible code resides in libraries, so this kernel change achieves nothing besides punishing early implementations of the published-as-finalized x86-64 ABI. Thanks, Florian
