Re: Bug#1113864: Replace -fcf-protection=full with -fcf-protection=return

2025-09-16 Thread Florian Weimer
* Emanuele Rocca: > Hi, > > On 2025-09-06 06:50, Guillem Jover wrote: >> Someone would need to check which shared objects are still not marked, >> in a similar way as what Emanuele Rocca has been doing for arm64 (with >> its PAC and BTI counterparts). > > On arm64, ELF files supporting what in Deb

Re: Bug#1113864: Replace -fcf-protection=full with -fcf-protection=return

2025-09-16 Thread Guillem Jover
Hi! On Tue, 2025-09-16 at 10:20:43 -0700, H.J. Lu wrote: > On Tue, Sep 16, 2025 at 9:26 AM Edgecombe, Rick P wrote: > > On Tue, 2025-09-16 at 09:50 +0200, Guillem Jover wrote: > > > > I'm not aware of any current public activities to enable userspace > > > > IBT. I haven't see any recent attempt

Re: kdbus

2025-09-16 Thread Bjørn Mork
Russell Coker writes: > https://www.freedesktop.org/wiki/Software/systemd/kdbus/ > > The systemd people say that kdbus will give extra features that the Unix > domain sockets can't provide. There is no such thing, is there? Do you have the kdbus.ko module that document refers to? Did you try

Re: Bug#1113864: Replace -fcf-protection=full with -fcf-protection=return

2025-09-16 Thread Edgecombe, Rick P
On Tue, 2025-09-16 at 09:50 +0200, Guillem Jover wrote: > > I'm not aware of any current public activities to enable userspace > > IBT.  I haven't see any recent attempt to define a userspace/kernel ABI, > > or to test (and port where necessary) userspace. > > Thanks. So, do any of you (Florian, R

Re: Looking for guidance on Qualcomm Hexagon DSP binaries

2025-09-16 Thread Robie Basak
Hi! I'm a DD intending to sponsor hexagon-dsp-binaries for Dmitry once we've settled on the outstanding issues. On Sat, Aug 23, 2025 at 12:09:57AM +0300, Dmitry Baryshkov wrote: > The binaries for the DSP must exactly match the version of DSP > firmware (provided by the firmware-qcom-soc package)

Re: abigail-tools instead of dpkg-gensymbols ?

2025-09-16 Thread Guillem Jover
Hi! On Tue, 2025-09-16 at 14:26:46 +0200, Guillem Jover wrote: > On Tue, 2025-09-16 at 13:39:53 +0200, Jérémy Lal wrote: > > Le mar. 16 sept. 2025 à 09:28, Guillem Jover a écrit : > > > I think using abigail for ABI tracking would be great, yes, but I don't > > > think it looks like a good fit fo

Re: kdbus

2025-09-16 Thread Michael Biebl
Am 16.09.25 um 13:58 schrieb Russell Coker: https://www.freedesktop.org/wiki/Software/systemd/kdbus/ The systemd people say that kdbus will give extra features that the Unix domain sockets can't provide. https://blogs.gnome.org/alexl/2015/02/17/first-fully-sandboxed-linux-desktop-app/ People a

Re: kdbus

2025-09-16 Thread Andrey Rakhmatullin
On Tue, Sep 16, 2025 at 09:58:18PM +1000, Russell Coker wrote: https://www.freedesktop.org/wiki/Software/systemd/kdbus/ https://blogs.gnome.org/alexl/2015/02/17/first-fully-sandboxed-linux-desktop-app/ These links and kdbus itself are all from 2015. In 2017 on https://github.com/systemd/system

Re: kdbus

2025-09-16 Thread Philipp Kern
On 2025-09-16 13:58, Russell Coker wrote: https://www.freedesktop.org/wiki/Software/systemd/kdbus/ The systemd people say that kdbus will give extra features that the Unix domain sockets can't provide. https://blogs.gnome.org/alexl/2015/02/17/first-fully-sandboxed-linux-desktop-app/ People a

Re: abigail-tools instead of dpkg-gensymbols ?

2025-09-16 Thread Jérémy Lal
Le mar. 16 sept. 2025 à 09:28, Guillem Jover a écrit : > Hi! > > On Mon, 2025-09-15 at 17:45:15 +0200, Simon Chopin wrote: > > On lun. 15 sept. 2025 17:35:26, Jérémy Lal wrote: > > > following a remark done by someone during t64 transition, > > > I wonder if abigail-tools could be a better way to

Re: Bug#1113864: Replace -fcf-protection=full with -fcf-protection=return

2025-09-16 Thread Bastian Blank
On Tue, Sep 16, 2025 at 10:41:50AM +0200, Emanuele Rocca wrote: > On arm64, ELF files supporting what in Debian we call the "branch" > hardening features (PAC, BTI, GCS) are marked with a special ELF note. > > $ readelf -n a.out | grep Properties > Properties: AArch64 feature: BTI, PAC, GCS

Re: abigail-tools instead of dpkg-gensymbols ?

2025-09-16 Thread Guillem Jover
Hi! On Mon, 2025-09-15 at 17:45:15 +0200, Simon Chopin wrote: > On lun. 15 sept. 2025 17:35:26, Jérémy Lal wrote: > > following a remark done by someone during t64 transition, > > I wonder if abigail-tools could be a better way to track symbols changes ? Matthias Klose during DebConf25 suggested

Re: Bug#1113864: Replace -fcf-protection=full with -fcf-protection=return

2025-09-16 Thread Emanuele Rocca
Hi, On 2025-09-06 06:50, Guillem Jover wrote: > Someone would need to check which shared objects are still not marked, > in a similar way as what Emanuele Rocca has been doing for arm64 (with > its PAC and BTI counterparts). On arm64, ELF files supporting what in Debian we call the "branch" harde

Re: Bug#1113864: Replace -fcf-protection=full with -fcf-protection=return

2025-09-16 Thread Guillem Jover
Hi! [ For context, in Debian we have been building userland on amd64/x86_64 with -fcf-protection, where there does not seem to be userland support for IBT at all from the Linux kernel side. So we were wondering whether it makes sense to keep doing that or not. See start of thread at