On 28.02.2022 23:51, Andrew Cooper wrote: > CET-IBT depend on executing indirect branches for protections to apply. > Extend the clobber for CET-SS to all of CET. > > Signed-off-by: Andrew Cooper <[email protected]>
Reviewed-by: Jan Beulich <[email protected]> > I can't decide if this wants a fixes tag or not. If I'd remembered during the > CET series, it would have been its own patch. On this basis I'd say no Fixes: tag. > --- a/xen/arch/x86/spec_ctrl.c > +++ b/xen/arch/x86/spec_ctrl.c > @@ -944,10 +944,11 @@ void __init init_speculation_mitigations(void) > boot_cpu_has(X86_FEATURE_IBRS)); > > /* > - * First, disable the use of retpolines if Xen is using shadow stacks, as > - * they are incompatible. > + * First, disable the use of retpolines if Xen is using CET. Retpolines > + * are a ROP gadget so incompatbile with Shadow Stacks, while IBT depends > + * on executing indirect branches for the safety properties to apply. > */ > - if ( cpu_has_xen_shstk && > + if ( (read_cr4() & X86_CR4_CET) && > (opt_thunk == THUNK_DEFAULT || opt_thunk == THUNK_RETPOLINE) ) > thunk = THUNK_JMP; Just for my own understanding: Why unconditionally THUNK_JMP and not possibly THUNK_LFENCE? Jan
