From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <hjl.tools@gmail.com>
Received: from mail-il1-x141.google.com (mail-il1-x141.google.com
 [IPv6:2607:f8b0:4864:20::141])
 by sourceware.org (Postfix) with ESMTPS id B253B3894E5A
 for <libc-alpha@sourceware.org>; Wed, 29 Apr 2020 20:30:17 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org B253B3894E5A
Received: by mail-il1-x141.google.com with SMTP id x2so3737085ilp.13
 for <libc-alpha@sourceware.org>; Wed, 29 Apr 2020 13:30:17 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=lAIIsvPZxW/G5rXAwgcO/QgxpguHxB2/QQwZJRvfLJ4=;
 b=lifDY6V9FRezuqpq9RTlFJG/kOQbUgXAZCazxxoGoe/AAy0h5i3MUG+S2rlPRrgODz
 ZLoifAC/cDwfl+o/MwlESACgvdk77w4JmiPTljNRaT/buDRuA3ricLPAI7t5kvmByCA7
 ywAvg0kTiNjP/EkOPPVubm5aD7YofE8zJTiGC6BecUz70K90JBPBvaVl9SmmEHv4dFjb
 DKcLzF6I/QJMumEBKWLiS/9rNhHhgFmFLHEAfT1IiYKHlbpNtSahH8hTv68FMSVhisWe
 txqxSjz7C9xD1hxKd5W7Z2KIVQwLEFV1TdehQg4IAWNxdK0xzMxu5k71EIIffeNg3/mm
 Bdrw==
X-Gm-Message-State: AGi0PuYbwzc8f0hFOC1HrFh5YMQ7PWJpw77chuUnxeFYIpxR2GE7kch9
 70O9b+kcNu/h69vs4+A5IOKSxXs2SpSBEftzX9B7NfED
X-Google-Smtp-Source: APiQypLQJ2hTaHgmiOelKMmyh/20GrW0ub/XxIfDk+CZCeOhLEnhpVkfDDv0m+awDUFp8BEtkjpdmAMa12nPHDP4rOw=
X-Received: by 2002:a92:cc4a:: with SMTP id t10mr154718ilq.292.1588192217186; 
 Wed, 29 Apr 2020 13:30:17 -0700 (PDT)
MIME-Version: 1.0
References: <20200428215243.236312-1-hjl.tools@gmail.com>
 <eaff7b7d-63c6-e495-0d57-86fb225f9c20@linaro.org>
In-Reply-To: <eaff7b7d-63c6-e495-0d57-86fb225f9c20@linaro.org>
From: "H.J. Lu" <hjl.tools@gmail.com>
Date: Wed, 29 Apr 2020 13:29:41 -0700
Message-ID: <CAMe9rOpAVzU8f6ZwkqpuWJice3U0pm5gFJT+a8J8J_-asCQb4Q@mail.gmail.com>
Subject: Re: [PATCH 0/3] x86: Add --enable-cet=permissive
To: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Cc: GNU C Library <libc-alpha@sourceware.org>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-11.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_2,
 GIT_PATCH_3, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <http://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <http://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-List-Received-Date: Wed, 29 Apr 2020 20:30:20 -0000

On Wed, Apr 29, 2020 at 11:27 AM Adhemerval Zanella via Libc-alpha
<libc-alpha@sourceware.org> wrote:
>
>
>
> On 28/04/2020 18:52, H.J. Lu via Libc-alpha wrote:
> > When CET is enabled, it is an error to dlopen a non CET enabled shared
> > library in CET enabled application.  It may be desirable to make CET
> > permissive, that is disable CET when dlopening a non CET enabled shared
> > library.  With the new --enable-cet=permissive configure option, CET is
> > disabled when dlopening a non CET enabled shared library.
>
> Does not CET already provide a tunable to make it permissive? If the idea

Yes, it can be controlled by a tunable.

> is to enable as de-facto for a distro bootstrap, why not make it default
> then?

A distro can choose CET control default to permissive or enforced at build time.

> >
> > To support --enable-cet=permissive, CET_MAX is renamed to
> > CET_CONTROL_MASK and <dl-procruntime.c> is included in rtld.c to get
> > architecture specific initializer in rtld_global.
> >
> > H.J. Lu (3):
> >   CET: Rename CET_MAX to CET_CONTROL_MASK [BZ #25887]
> >   rtld: Get architecture specific initializer in rtld_global
> >   x86: Add --enable-cet=permissive
> >
> >  INSTALL                              | 26 +++++++++++--------
> >  config.h.in                          |  3 +++
> >  elf/rtld.c                           |  2 ++
> >  manual/install.texi                  | 12 ++++++---
> >  sysdeps/unix/sysv/linux/x86/Makefile |  2 +-
> >  sysdeps/x86/Makefile                 | 18 +++++++++----
> >  sysdeps/x86/cet-tunables.h           | 22 ++++++++++++++--
> >  sysdeps/x86/configure                | 21 ++++++++-------
> >  sysdeps/x86/configure.ac             | 19 +++++++-------
> >  sysdeps/x86/cpu-features.c           |  7 +++--
> >  sysdeps/x86/cpu-tunables.c           | 39 +++++++++++-----------------
> >  sysdeps/x86/dl-cet.c                 |  6 ++---
> >  sysdeps/x86/dl-procruntime.c         |  5 ++++
> >  sysdeps/x86/tst-cet-legacy-5.c       | 25 ++++++++++++------
> >  sysdeps/x86/tst-cet-legacy-6.c       | 25 ++++++++++++------
> >  15 files changed, 141 insertions(+), 91 deletions(-)
> >



-- 
H.J.