On 1/29/2021 1:00 PM, Dave Hansen wrote:
On 1/27/21 1:25 PM, Yu-cheng Yu wrote:@@ -135,6 +135,8 @@ enum xfeature { #define XFEATURE_MASK_PT (1 << XFEATURE_PT_UNIMPLEMENTED_SO_FAR) #define XFEATURE_MASK_PKRU (1 << XFEATURE_PKRU) #define XFEATURE_MASK_PASID (1 << XFEATURE_PASID) +#define XFEATURE_MASK_CET_USER (1 << XFEATURE_CET_USER) +#define XFEATURE_MASK_CET_KERNEL (1 << XFEATURE_CET_KERNEL) #define XFEATURE_MASK_LBR (1 << XFEATURE_LBR)#define XFEATURE_MASK_FPSSE (XFEATURE_MASK_FP | XFEATURE_MASK_SSE)@@ -237,6 +239,23 @@ struct pkru_state { u32 pad; } __packed;+/*+ * State component 11 is Control-flow Enforcement user states + */ +struct cet_user_state { + u64 user_cet; /* user control-flow settings */ + u64 user_ssp; /* user shadow stack pointer */ +};Andy Cooper just mentioned on IRC about this nugget in the spec: XRSTORS on CET state will do reserved bit and canonicality checks on the state in similar manner as done by the WRMSR to these state elements. We're using copy_kernel_to_xregs_err(), so the #GP *should* be OK. Could we prove this out in practice, please?
Do we want to verify that setting reserved bits in CET XSAVES states triggers GP? Then, yes, I just verified it again. Thanks for reminding. Do we have any particular case relating to this?
-- Yu-cheng
