projects / xen.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d37a8a0) | patch
x86: Enable CET Indirect Branch Tracking
authorAndrew Cooper <andrew.cooper3@citrix.com>
Mon, 1 Nov 2021 15:17:20 +0000 (15:17 +0000)
committerAndrew Cooper <andrew.cooper3@citrix.com>
Wed, 23 Feb 2022 15:33:43 +0000 (15:33 +0000)
commitcdbe2b0a1aecae946639ee080f14831429b184b6
treef22dba13b4aa34a4f4585c32904f46efcc4909a5tree | snapshot
parentd37a8a067e62e3b6709d224c22f740fdda9d0078commit | diff
x86: Enable CET Indirect Branch Tracking

With all the pieces now in place, turn CET-IBT on when available.

MSR_S_CET, like SMEP/SMAP, controls Ring1 meaning that ENDBR_EN can't be
enabled for Xen independently of PV32 kernels.  As we already disable PV32 for
CET-SS, extend this to all CET, adjusting the documentation/comments as
appropriate.

Introduce a cet=no-ibt command line option to allow the admin to disable IBT
even when everything else is configured correctly.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Jan Beulich <jbeulich@suse.com>
docs/misc/xen-command-line.pandoc diff | blob | history
xen/arch/x86/cpu/common.c diff | blob | history
xen/arch/x86/setup.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.