Re: [PATCH 00/29] x86: Kernel IBT
From: Peter Zijlstra
Date: Mon Feb 21 2022 - 05:08:01 EST
On Mon, Feb 21, 2022 at 12:42:25AM -0800, Kees Cook wrote:
> >+void cet_disable(void)
> >+{
> >+ cr4_clear_bits(X86_CR4_CET);
>
> I'd rather keep the pinning...
Uff. is that still enforced at this point?
> >+ wrmsrl(MSR_IA32_S_CET, 0);
> >+}
>
> Eh, why not just require kexec to be IBT safe? That seems a reasonable
> exercise if we ever expect UEFI to enforce IBT when starting the
> kernel on a normal boot...
Well, it makes it impossible to kexec into an 'old' kernel. That might
not be very nice.