Re: [PATCH v2 04/39] x86/cpufeatures: Enable CET CR4 bit for shadow stack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2022-10-14 at 19:12 +0200, Borislav Petkov wrote:
> On Thu, Sep 29, 2022 at 03:29:01PM -0700, Rick Edgecombe wrote:
> >   static __always_inline void setup_cet(struct cpuinfo_x86 *c)
> >   {
> > -     u64 msr = CET_ENDBR_EN;
> > +     bool kernel_ibt = HAS_KERNEL_IBT &&
> > cpu_feature_enabled(X86_FEATURE_IBT);
> 
> So I'd love it if we can get rid of that HAS_KERNEL_IBT thing and use
> the usual ifdeffery with Kconfig symbols. I wouldn't like for yet
> another HAS_XXX feature checking method to proliferate as this is the
> only one:

Andrew Cooper has suggested to create some software cpu features to
differentiate user/supervisor CET feature use. It could replace
HAS_KERNEL_IBT. Any objections to that versus Kconfig symbols?

[snip]

> cpu_feature_enabled(X86_FEATURE_IBT))
> 
> >   __noendbr void cet_disable(void)
> >   {
> > -     if (cpu_feature_enabled(X86_FEATURE_IBT))
> > -             wrmsrl(MSR_IA32_S_CET, 0);
> > +     if (!(cpu_feature_enabled(X86_FEATURE_IBT) ||
> > +           cpu_feature_enabled(X86_FEATURE_SHSTK)))
> > +             return;
> > +
> > +     wrmsrl(MSR_IA32_S_CET, 0);
> > +     wrmsrl(MSR_IA32_U_CET, 0);
> >   }
> >   
> > +
> 
> Stray newline.

Oops, will clean that up. Thanks.




[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux