Re: [PATCH 03/35] x86/cpufeatures: Add CET CPU feature flags for Control-flow Enforcement Technology (CET)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/30/22 13:18, Rick Edgecombe wrote:
> --- a/arch/x86/kernel/cpu/cpuid-deps.c
> +++ b/arch/x86/kernel/cpu/cpuid-deps.c
> @@ -78,6 +78,7 @@ static const struct cpuid_dep cpuid_deps[] = {
>  	{ X86_FEATURE_XFD,			X86_FEATURE_XSAVES    },
>  	{ X86_FEATURE_XFD,			X86_FEATURE_XGETBV1   },
>  	{ X86_FEATURE_AMX_TILE,			X86_FEATURE_XFD       },
> +	{ X86_FEATURE_SHSTK,			X86_FEATURE_XSAVES    },
>  	{}
>  };

Please add a chunk to the changelog that explains the dependency.  This
would suffice:

	To protect shadow stack state from malicious modification, the
	registers are only accessible in supervisor mode.  This
	implementation context-switches the registers with XSAVES.  Make
	X86_FEATURE_SHSTK depend on XSAVES.

The XSAVES dependency is touched on in the documentation, but it's a bit
buried in there.



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux