> On Apr 28, 2020, at 10:44 AM, H.J. Lu <hjl.to...@gmail.com> wrote:
>
> On Tue, Apr 28, 2020 at 10:24 AM David Woodhouse <dw...@infradead.org> wrote:
>>
>>
>>
>>> On 28 April 2020 17:14:49 BST, Peter Zijlstra <pet...@infradead.org> wrote:
>>> On Tue, Apr 28, 2020 at 02:41:33PM +0100, Andrew Cooper wrote:
>>>> Its fine to focus on userspace first, but the kernel is far more
>>> simple.
>>>>
>>>> Looking at that presentation, the only thing missing for kernel is
>>> the
>>>> notrack thunks, in the unlikely case that such code would be
>>> tolerated
>>>> (Frankly, I don't expect Xen or Linux to run with notrack enabled, as
>>>> there is no legacy code to be concerned with).
>>>
>>> Uhhh.. ftrace and kretprobes play dodgy games with the
>>> return stack, doesn't that make the CET thing slightly more
>>> interesting?
>>
>> Sure, there is work to do to enable CET. But Andy's point is that we
>> deliberately fixed up retpoline to be register-based *specifically* for the
>> purpose of being CET-compatible, so it's somewhat daft for GCC to be
>> claiming they are incompatible.
>>
>
> GCC needs to be told that external thunk is CET compatible.
If I write:
void foo(void);
...
foo();
And I compile this with CET enabled, GCC is perfectly willing to assume that
foo is CET-compatible. If I compile with stack alignment set unusually high,
GCC is fine with assuming that foo will preserve the high alignment. If I
compile with unusually low alignment, GCC is fine with assuming that foo will
not crash as a result. If I use -mregparm, gcc will happily use it.
So why is GCC unwilling to trust that, if I explicitly ask it to call an asm
helper that I supply, that I supplied a valid helper?
What’s special about CRT? Do we need -fi-know-what-im-doing? Do you have any
actual reason to believe that there is even a single user of thunk-extent that
might mess up?
>
> --
> H.J.
