Re: [RFC PATCH v9 01/27] Documentation/x86: Add CET description
From: Andy Lutomirski
Date: Mon Mar 09 2020 - 18:04:29 EST
> On Mar 9, 2020, at 2:13 PM, H.J. Lu <hjl.tools@xxxxxxxxx> wrote:
>
> ïOn Mon, Mar 9, 2020 at 1:59 PM Dave Hansen <dave.hansen@xxxxxxxxx> wrote:
>>
>> On 3/9/20 1:54 PM, H.J. Lu wrote:
>>>> If a program with the magic ELF CET flags missing canât make a
>>>> thread with IBT and/or SHSTK enabled, then I think weâve made an
>>>> error and should fix it.
>>>>
>>> A non-CET program can start a CET program and vice versa.
>>
>> Could we be specific here, please?
>>
>> HJ are you saying that:
>> * CET program can execve() a non-CET program, and
>> * a non-CET program can execve() a CET program
>>
>> ?
>
> Yes.
>
>> That's obvious.
>>
>> But what are the rules for clone()? Should there be rules for
>> mismatches for CET enabling between threads if a process (not child
>> processes)?
>
> What did you mean? A threaded application is either CET enabled or not
> CET enabled. A new thread from clone makes no difference.
Why? Daveâs example seems like a good reason to allow per-thread control.
>
> --
> H.J.