On 1/11/2021 9:56 AM, Borislav Petkov wrote:
On Tue, Dec 29, 2020 at 01:30:31PM -0800, Yu-cheng Yu wrote:
@@ -895,6 +903,12 @@ static void init_speculation_control(struct cpuinfo_x86 *c)
}
}
+static void init_cet_features(struct cpuinfo_x86 *c)
+{
+ if (cpu_has(c, X86_FEATURE_SHSTK) || cpu_has(c, X86_FEATURE_IBT))
+ set_cpu_cap(c, X86_FEATURE_CET);
+}
No need for that function - just add this two-liner to bsp_init_intel()
and not in get_cpu_cap().
I will move these to bsp_init_intel(), and change to:
if (cpu_has(c, X86_FEATURE_SHSTK) || cpu_has(c, X86_FEATURE_IBT))
setup_force_cpu_cap(X86_FEATURE_CET);
+static void adjust_combined_cpu_features(void)
+{
+#ifdef CONFIG_X86_CET_USER
+ if (test_bit(X86_FEATURE_SHSTK, (unsigned long *)cpu_caps_cleared) &&
+ test_bit(X86_FEATURE_IBT, (unsigned long *)cpu_caps_cleared))
+ setup_clear_cpu_cap(X86_FEATURE_CET);
+#endif
There's no need for this function...
+}
+
/*
* We parse cpu parameters early because fpu__init_system() is executed
* before parse_early_param().
@@ -1252,9 +1276,19 @@ static void __init cpu_parse_early_param(void)
if (cmdline_find_option_bool(boot_command_line, "noxsaves"))
setup_clear_cpu_cap(X86_FEATURE_XSAVES);
+ /*
+ * CET states are XSAVES states and options must be parsed early.
+ */
+#ifdef CONFIG_X86_CET_USER
+ if (cmdline_find_option_bool(boot_command_line, "no_user_shstk"))
+ setup_clear_cpu_cap(X86_FEATURE_SHSTK);
... when you can do
setup_clear_cpu_cap(X86_FEATURE_CET);
here and...
+ if (cmdline_find_option_bool(boot_command_line, "no_user_ibt"))
+ setup_clear_cpu_cap(X86_FEATURE_IBT);
... here.
Two problems here. X86_FEATURE_CET indicates either CET features is
enabled, not both. Also, "clearcpuid" can has CET features. However,
since X86_FEATURE_CET is now set in bsp_init_intel() (after
cpu_parse_early_params()), I think, adjust_combined_cpu_features() can
be removed. I will test it.
--
Thanks,
Yu-cheng
