On Thu, Jan 28, 2021, Paolo Bonzini wrote: > On 06/11/20 02:16, Yang Weijiang wrote: > > Control-flow Enforcement Technology (CET) provides protection against > > Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET > > sub-features: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT). > > SHSTK is to prevent ROP programming and IBT is to prevent JOP programming. ... > I reviewed the patch and it is mostly okay. However, if I understand it > correctly, it will not do anything until host support materializes, because > otherwise XSS will be 0. IIRC, it won't even compile due to the X86_FEATURE_SHSTK and X86_FEATURE_IBT dependencies. > If this is the case, I plan to apply locally v15 and hold on it until the > host code is committed. > > Paolo >
