Re: [PATCH v14 00/13] Introduce support for guest CET feature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 28/01/21 19:04, Sean Christopherson wrote:
On Thu, Jan 28, 2021, Paolo Bonzini wrote:
On 06/11/20 02:16, Yang Weijiang wrote:
Control-flow Enforcement Technology (CET) provides protection against
Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET
sub-features: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT).
SHSTK is to prevent ROP programming and IBT is to prevent JOP programming.

...

I reviewed the patch and it is mostly okay.  However, if I understand it
correctly, it will not do anything until host support materializes, because
otherwise XSS will be 0.

IIRC, it won't even compile due to the X86_FEATURE_SHSTK and X86_FEATURE_IBT
dependencies.

Of course, but if that was the only issue I would sort it out with Boris as usual. OTOH if it is dead code I won't push it to Linus.

Paolo

If this is the case, I plan to apply locally v15 and hold on it until the
host code is committed.

Paolo






[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux