On Thu, 2025-01-02 at 15:02 +0100, Jürgen Groß wrote: > > Are you suggesting that you're able to enable the CPU-specific CFI > > protections before you even know whether it's an Intel or AMD CPU? > > Not before that, but maybe rather soon afterwards. And the hypercall page > needs to be decommissioned before the next hypercall is happening. The > question > is whether we have a hook in place to do that switch between cpu > identification > and CFI enabling.
Not sure that's how I'd phrase it. Even if we have to add a hook at the right time to switch from the Xen-populated hypercall page to the one filled in by Linux, the question is whether adding that hook is simpler than all this early static_call stuff that's been thrown together, and the open questions about the 64-bit latching.
smime.p7s
Description: S/MIME cryptographic signature
