projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d457f1e) | patch
x86: Enable CET Indirect Branch Tracking
authorAndrew Cooper <andrew.cooper3@citrix.com>
Mon, 1 Nov 2021 15:17:20 +0000 (15:17 +0000)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Fri, 25 Mar 2022 17:06:38 +0000 (17:06 +0000)
commit04d65ced04b263519d58dc3bd499ee61d7232054
treee957cc6f42d8889b29e01a273f5a2af2b59089f8tree | snapshot
parentd457f1ee88602e784644e0bcc562ff17f2d1af34commit | diff
x86: Enable CET Indirect Branch Tracking

With all the pieces now in place, turn CET-IBT on when available.

MSR_S_CET, like SMEP/SMAP, controls Ring1 meaning that ENDBR_EN can't be
enabled for Xen independently of PV32 kernels.  As we already disable PV32 for
CET-SS, extend this to all CET, adjusting the documentation/comments as
appropriate.

Introduce a cet=no-ibt command line option to allow the admin to disable IBT
even when everything else is configured correctly.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
(cherry picked from commit cdbe2b0a1aecae946639ee080f14831429b184b6)
docs/misc/xen-command-line.pandoc diff | blob | history
xen/arch/x86/cpu/common.c diff | blob | history
xen/arch/x86/setup.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.