Re: [PATCH v14 00/13] Introduce support for guest CET feature

From: Sean Christopherson
Date: Thu Jan 28 2021 - 13:12:09 EST

Next message: Paolo Bonzini: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
Previous message: Lee Jones: "[PATCH 18/20] ata: sata_mv: Fix worthy headers and demote others"
In reply to: Paolo Bonzini: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
Next in thread: Paolo Bonzini: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Jan 28, 2021, Paolo Bonzini wrote:
> On 06/11/20 02:16, Yang Weijiang wrote:
> > Control-flow Enforcement Technology (CET) provides protection against
> > Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET
> > sub-features: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT).
> > SHSTK is to prevent ROP programming and IBT is to prevent JOP programming.

...

> I reviewed the patch and it is mostly okay. However, if I understand it
> correctly, it will not do anything until host support materializes, because
> otherwise XSS will be 0.

IIRC, it won't even compile due to the X86_FEATURE_SHSTK and X86_FEATURE_IBT
dependencies.

> If this is the case, I plan to apply locally v15 and hold on it until the
> host code is committed.
>
> Paolo
>

Next message: Paolo Bonzini: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
Previous message: Lee Jones: "[PATCH 18/20] ata: sata_mv: Fix worthy headers and demote others"
In reply to: Paolo Bonzini: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
Next in thread: Paolo Bonzini: "Re: [PATCH v14 00/13] Introduce support for guest CET feature"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]