Re: [PATCH 14/14] x86/fineibt: Add FineIBT+BHI mitigation
From: Josh Poimboeuf
Date: Fri Sep 27 2024 - 21:50:18 EST
On Fri, Sep 27, 2024 at 09:49:10PM +0200, Peter Zijlstra wrote:
> @@ -1190,6 +1214,8 @@ static __init int cfi_parse_cmdline(char
> cfi_mode = CFI_KCFI;
> } else if (!strcmp(str, "fineibt")) {
> cfi_mode = CFI_FINEIBT;
> + } else if (IS_ENABLED(CONFIG_X86_KERNEL_IBT_PLUS) && !strcmp(str, "fineibt+bhi")) {
> + cfi_mode = CFI_FINEIBT_BHI;
> } else if (!strcmp(str, "norand")) {
> cfi_rand = false;
> } else {
Do we need to hook this in with bugs.c somehow so it skips the other BHI
mitigations?
--
Josh