Re: Enabling branch protection on amd64 and arm64
Hi!
On Tue, 2023-06-27 at 16:09:40 +0100, Wookey wrote:
> On 2023-06-27 16:58 +0200, Moritz Mühlenhoff wrote:
> > Am Wed, Jun 21, 2023 at 05:41:36PM +0200 schrieb Emanuele Rocca:
> > > On 2022-10-26 08:20, Moritz Mühlenhoff wrote:
> > > > I think this should rather be applied early after the Bookworm
> > > > release (and ideally we can also finish off the necessary testing
> > > > and add -fstack-clash-protection at least for amd64 and other archs
> > > > which are ready for it (#918914)).
> > > 
> > > Can we go ahead with the dpkg patch now, any specific tests you had in
> > > mind before applying it?
> > 
> > Note that I'm not the one driving this change (I'll start a separate
> > thread for -fstack-clash-protection in the next days), but the original
> > request was from Wookey.
> 
> > Personally I think now at the beginning of the new development cycle
> > is the ideal time to start this.
> 
> OK. We're all agreed on that then. Guillem can stick it in the next
> dpkg upload.
Right, I've queued the patch for 1.22.0, which I'm planning to upload
around today/tomorrow.
> I've not yet grokked James' comments above either which maybe imply
> adjustments to the patch? That's x86 stuff which is not my area of
> expertise. 
From a quick skim this seems most relevant for code that controls the
CPU state such as the kernel. I think we can go as is, and can amend
the flags if needed.
Thanks,
Guillem
Reply to: