Re: [PATCH v17 04/26] x86/cpufeatures: Introduce X86_FEATURE_CET and setup functions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 1/11/2021 9:56 AM, Borislav Petkov wrote:
On Tue, Dec 29, 2020 at 01:30:31PM -0800, Yu-cheng Yu wrote:
@@ -895,6 +903,12 @@ static void init_speculation_control(struct cpuinfo_x86 *c)
  	}
  }
+static void init_cet_features(struct cpuinfo_x86 *c)
+{
+	if (cpu_has(c, X86_FEATURE_SHSTK) || cpu_has(c, X86_FEATURE_IBT))
+		set_cpu_cap(c, X86_FEATURE_CET);
+}

No need for that function - just add this two-liner to bsp_init_intel()
and not in get_cpu_cap().


I will move these to bsp_init_intel(), and change to:

if (cpu_has(c, X86_FEATURE_SHSTK) || cpu_has(c, X86_FEATURE_IBT))
	setup_force_cpu_cap(X86_FEATURE_CET);

+static void adjust_combined_cpu_features(void)
+{
+#ifdef CONFIG_X86_CET_USER
+	if (test_bit(X86_FEATURE_SHSTK, (unsigned long *)cpu_caps_cleared) &&
+	    test_bit(X86_FEATURE_IBT, (unsigned long *)cpu_caps_cleared))
+		setup_clear_cpu_cap(X86_FEATURE_CET);
+#endif

There's no need for this function...

+}
+
  /*
   * We parse cpu parameters early because fpu__init_system() is executed
   * before parse_early_param().
@@ -1252,9 +1276,19 @@ static void __init cpu_parse_early_param(void)
  	if (cmdline_find_option_bool(boot_command_line, "noxsaves"))
  		setup_clear_cpu_cap(X86_FEATURE_XSAVES);
+ /*
+	 * CET states are XSAVES states and options must be parsed early.
+	 */
+#ifdef CONFIG_X86_CET_USER
+	if (cmdline_find_option_bool(boot_command_line, "no_user_shstk"))
+		setup_clear_cpu_cap(X86_FEATURE_SHSTK);

... when you can do

	setup_clear_cpu_cap(X86_FEATURE_CET);

here and...

+	if (cmdline_find_option_bool(boot_command_line, "no_user_ibt"))
+		setup_clear_cpu_cap(X86_FEATURE_IBT);

... here.


Two problems here. X86_FEATURE_CET indicates either CET features is enabled, not both. Also, "clearcpuid" can has CET features. However, since X86_FEATURE_CET is now set in bsp_init_intel() (after cpu_parse_early_params()), I think, adjust_combined_cpu_features() can be removed. I will test it.

--
Thanks,
Yu-cheng



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux