On Fri, 2022-10-14 at 19:12 +0200, Borislav Petkov wrote:
> On Thu, Sep 29, 2022 at 03:29:01PM -0700, Rick Edgecombe wrote:
> > static __always_inline void setup_cet(struct cpuinfo_x86 *c)
> > {
> > - u64 msr = CET_ENDBR_EN;
> > + bool kernel_ibt = HAS_KERNEL_IBT &&
> > cpu_feature_enabled(X86_FEATURE_IBT);
>
> So I'd love it if we can get rid of that HAS_KERNEL_IBT thing and use
> the usual ifdeffery with Kconfig symbols. I wouldn't like for yet
> another HAS_XXX feature checking method to proliferate as this is the
> only one:
Andrew Cooper has suggested to create some software cpu features to
differentiate user/supervisor CET feature use. It could replace
HAS_KERNEL_IBT. Any objections to that versus Kconfig symbols?
[snip]
> cpu_feature_enabled(X86_FEATURE_IBT))
>
> > __noendbr void cet_disable(void)
> > {
> > - if (cpu_feature_enabled(X86_FEATURE_IBT))
> > - wrmsrl(MSR_IA32_S_CET, 0);
> > + if (!(cpu_feature_enabled(X86_FEATURE_IBT) ||
> > + cpu_feature_enabled(X86_FEATURE_SHSTK)))
> > + return;
> > +
> > + wrmsrl(MSR_IA32_S_CET, 0);
> > + wrmsrl(MSR_IA32_U_CET, 0);
> > }
> >
> > +
>
> Stray newline.
Oops, will clean that up. Thanks.
