On 9/18/20 2:06 PM, H.J. Lu wrote:
> On Fri, Sep 18, 2020 at 2:00 PM Pavel Machek <[email protected]> wrote:
>> On Fri 2020-09-18 12:32:57, Dave Hansen wrote:
>>> On 9/18/20 12:23 PM, Yu-cheng Yu wrote:
>>>> Emulation of the legacy vsyscall page is required by some programs
>>>> built before 2013.  Newer programs after 2013 don't use it.
>>>> Disable vsyscall emulation when Control-flow Enforcement (CET) is
>>>> enabled to enhance security.
>>> How does this "enhance security"?
>>>
>>> What is the connection between vsyscall emulation and CET?
>> Boom.
>>
>> We don't break compatibility by default, and you should not tell
>> people to enable CET by default if you plan to do this.
>>
> Nothing will be broken.   CET enabled applications don't use/need
> vsyscall emulation.

Hi H.J.,

Could you explain your logic a bit more thoroughly, please?

I also suspect that Pavel was confused by your changelog where you said
that you do this when "CET is enabled".  Does enabled in this context mean:
1. Just CET support compiled in, or
2. Compiled in and on CET hardware, or
3. Compiled in to the kernel enabled in the app and running on CET
   hardware?

Reply via email to