| Message ID | 20220309123936.16991-2-andrew.cooper3@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | XSA-398 Followup | expand |
On 09.03.2022 13:39, Andrew Cooper wrote: > --- a/xen/arch/x86/Kconfig > +++ b/xen/arch/x86/Kconfig > @@ -117,8 +117,8 @@ config HVM > If unsure, say Y. > > config XEN_SHSTK > - bool "Supervisor Shadow Stacks (EXPERT)" > - depends on HAS_AS_CET_SS && EXPERT > + bool "Supervisor Shadow Stacks" > + depends on HAS_AS_CET_SS We'll need to settle on whether to use your or Jürgen's variant. As said there I'm in favor of his, but wouldn't mind this alternative one. Jan
On Wed, Mar 09, 2022 at 12:39:35PM +0000, Andrew Cooper wrote: > CET-SS hardware is now available from multiple vendors, and the feature has > downstream users. Enable it by default. > > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Roger Pau Monné <roger.pau@citrix.com> CET-IBT is already available out of EXPERT, so also having CET-SS seems natural. Thanks, Roger.
diff --git a/xen/arch/x86/Kconfig b/xen/arch/x86/Kconfig index 83d0f317ecf9..06d6fbc86478 100644 --- a/xen/arch/x86/Kconfig +++ b/xen/arch/x86/Kconfig @@ -117,8 +117,8 @@ config HVM If unsure, say Y. config XEN_SHSTK - bool "Supervisor Shadow Stacks (EXPERT)" - depends on HAS_AS_CET_SS && EXPERT + bool "Supervisor Shadow Stacks" + depends on HAS_AS_CET_SS default y ---help--- Control-flow Enforcement Technology (CET) is a set of features in
CET-SS hardware is now available from multiple vendors, and the feature has downstream users. Enable it by default. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> --- CC: Jan Beulich <JBeulich@suse.com> CC: Roger Pau Monné <roger.pau@citrix.com> CC: Wei Liu <wl@xen.org> --- xen/arch/x86/Kconfig | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)