Re: [PATCH v2 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks

"Edgecombe, Rick P" <rick.p.edgecombe@xxxxxxxxx> · Fri, 14 Oct 2022 19:35:41 +0000

On Fri, 2022-10-14 at 18:20 +0200, Borislav Petkov wrote:
> On Thu, Sep 29, 2022 at 03:29:00PM -0700, Rick Edgecombe wrote:
> > From: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
> > 
> > The Control-Flow Enforcement Technology contains two related
> > features,
> > one of which is Shadow Stacks. Future patches will utilize this
> > feature
> > for shadow stack support in KVM, so add a CPU feature flags for
> > Shadow
> > Stacks (CPUID.(EAX=7,ECX=0):ECX[bit 7]).
> > 
> > To protect shadow stack state from malicious modification, the
> > registers
> > are only accessible in supervisor mode. This implementation
> > context-switches the registers with XSAVES. Make X86_FEATURE_SHSTK
> > depend
> > on XSAVES.
> > 
> > Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
> > Co-developed-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
> > Signed-off-by: Rick Edgecombe <rick.p.edgecombe@xxxxxxxxx>
> > Cc: Kees Cook <keescook@xxxxxxxxxxxx>
> 
> Reviewed-by: Borislav Petkov <bp@xxxxxxx>

Thanks!