Re: [PATCH 03/35] x86/cpufeatures: Add CET CPU feature flags for Control-flow Enforcement Technology (CET)

From: Dave Hansen
Date: Mon Feb 07 2022 - 17:45:34 EST

Next message: Leonardo Bras Soares Passos: "Re: [PATCH v1 1/2] x86/kvm/fpu: Mask guest fpstate->xfeatures with guest_supported_xcr0"
Previous message: James Morris: "[ANNOUNCE][CFP] Linux Security Summit North America 2022"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 1/30/22 13:18, Rick Edgecombe wrote:
> --- a/arch/x86/kernel/cpu/cpuid-deps.c
> +++ b/arch/x86/kernel/cpu/cpuid-deps.c
> @@ -78,6 +78,7 @@ static const struct cpuid_dep cpuid_deps[] = {
> { X86_FEATURE_XFD, X86_FEATURE_XSAVES },
> { X86_FEATURE_XFD, X86_FEATURE_XGETBV1 },
> { X86_FEATURE_AMX_TILE, X86_FEATURE_XFD },
> + { X86_FEATURE_SHSTK, X86_FEATURE_XSAVES },
> {}
> };

Please add a chunk to the changelog that explains the dependency. This
would suffice:

To protect shadow stack state from malicious modification, the
registers are only accessible in supervisor mode. This
implementation context-switches the registers with XSAVES. Make
X86_FEATURE_SHSTK depend on XSAVES.

The XSAVES dependency is touched on in the documentation, but it's a bit
buried in there.

Next message: Leonardo Bras Soares Passos: "Re: [PATCH v1 1/2] x86/kvm/fpu: Mask guest fpstate->xfeatures with guest_supported_xcr0"
Previous message: James Morris: "[ANNOUNCE][CFP] Linux Security Summit North America 2022"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]