Re: [PATCH v2 03/39] x86/cpufeatures: Add CPU feature flags for shadow stacks

From: Kees Cook
Date: Mon Oct 03 2022 - 13:27:09 EST

Next message: Krzysztof Kozlowski: "Re: [PATCH v2] dt-bindings: net: marvell,pp2: convert to json-schema"
Previous message: Jann Horn: "Re: [PATCH v2 00/39] Shadowstacks for userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Sep 29, 2022 at 03:29:00PM -0700, Rick Edgecombe wrote:
> From: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>
>
> The Control-Flow Enforcement Technology contains two related features,
> one of which is Shadow Stacks. Future patches will utilize this feature
> for shadow stack support in KVM, so add a CPU feature flags for Shadow
> Stacks (CPUID.(EAX=7,ECX=0):ECX[bit 7]).
>
> To protect shadow stack state from malicious modification, the registers
> are only accessible in supervisor mode. This implementation
> context-switches the registers with XSAVES. Make X86_FEATURE_SHSTK depend
> on XSAVES.
>
> Signed-off-by: Yu-cheng Yu <yu-cheng.yu@xxxxxxxxx>

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

--
Kees Cook

Next message: Krzysztof Kozlowski: "Re: [PATCH v2] dt-bindings: net: marvell,pp2: convert to json-schema"
Previous message: Jann Horn: "Re: [PATCH v2 00/39] Shadowstacks for userspace"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]