On 5/21/2024 1:15 AM, Dave Hansen wrote:
On 5/20/24 10:09, Sean Christopherson wrote:
IIUC, this series tries to tie IBT to SHSTK feature, i.e., IBT cannot be
exposed as an independent feature to guest without exposing SHSTK at the same
time. If it is, then below patch is not needed anymore:
https://lore.kernel.org/all/20240219074733.122080-3-weijiang.yang@xxxxxxxxx/
That's a question for the x86 maintainers. Specifically, do they want to allow
enabling XFEATURE_CET_USER even if userspace shadow stack support is disabled.
I like the sound of "below patch is not needed anymore".
Unless removing the patch causes permanent issues or results in
something that's not functional, I say: jettison it with glee. If it's
that important, it can be considered on its own merits separately.
I guess the existing dependency there is due to the fact that only user SHSTK is landed and there's
possibly no such kind of odd bare metal platform.
Side topic: would it be reasonable to enforce IBT dependency on XFEATURE_CET_USER when *user* IBT
enabling patches are landing in kernel? Then guest kernel can play with user IBT alone if VMM
userspace just wants to enable IBT for guest. Or when SHSTK is disabled for whatever reason.