Re: [PATCH 00/29] x86: Kernel IBT

From: Peter Zijlstra
Date: Mon Feb 21 2022 - 05:08:01 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.16 209/227] arm64: dts: meson-g12: add ATF BL32 reserved-memory region"
Previous message: Greg Kroah-Hartman: "[PATCH 5.16 224/227] drm/amd/display: fix yellow carp wm clamping"
In reply to: Kees Cook: "Re: [PATCH 00/29] x86: Kernel IBT"
Next in thread: Kees Cook: "Re: [PATCH 00/29] x86: Kernel IBT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Feb 21, 2022 at 12:42:25AM -0800, Kees Cook wrote:

> >+void cet_disable(void)
> >+{
> >+ cr4_clear_bits(X86_CR4_CET);
>
> I'd rather keep the pinning...

Uff. is that still enforced at this point?

> >+ wrmsrl(MSR_IA32_S_CET, 0);
> >+}
>
> Eh, why not just require kexec to be IBT safe? That seems a reasonable
> exercise if we ever expect UEFI to enforce IBT when starting the
> kernel on a normal boot...

Well, it makes it impossible to kexec into an 'old' kernel. That might
not be very nice.

Next message: Greg Kroah-Hartman: "[PATCH 5.16 209/227] arm64: dts: meson-g12: add ATF BL32 reserved-memory region"
Previous message: Greg Kroah-Hartman: "[PATCH 5.16 224/227] drm/amd/display: fix yellow carp wm clamping"
In reply to: Kees Cook: "Re: [PATCH 00/29] x86: Kernel IBT"
Next in thread: Kees Cook: "Re: [PATCH 00/29] x86: Kernel IBT"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]