Re: [PATCH v14 00/13] Introduce support for guest CET feature

From: Paolo Bonzini
Date: Thu Jan 28 2021 - 13:12:11 EST

Next message: Will Deacon: "Re: [next] mm/nommu.c:1671:6: error: conflicting types for 'filemap_map_pages'"
Previous message: Sean Christopherson: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
In reply to: Sean Christopherson: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
Next in thread: Sean Christopherson: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 28/01/21 19:04, Sean Christopherson wrote:

On Thu, Jan 28, 2021, Paolo Bonzini wrote:

On 06/11/20 02:16, Yang Weijiang wrote:

Control-flow Enforcement Technology (CET) provides protection against
Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET
sub-features: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT).
SHSTK is to prevent ROP programming and IBT is to prevent JOP programming.

...

I reviewed the patch and it is mostly okay. However, if I understand it
correctly, it will not do anything until host support materializes, because
otherwise XSS will be 0.

IIRC, it won't even compile due to the X86_FEATURE_SHSTK and X86_FEATURE_IBT
dependencies.

Of course, but if that was the only issue I would sort it out with Boris as usual. OTOH if it is dead code I won't push it to Linus.

Paolo

If this is the case, I plan to apply locally v15 and hold on it until the
host code is committed.

Paolo

Next message: Will Deacon: "Re: [next] mm/nommu.c:1671:6: error: conflicting types for 'filemap_map_pages'"
Previous message: Sean Christopherson: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
In reply to: Sean Christopherson: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
Next in thread: Sean Christopherson: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]