Control-flow Enforcement Technology (CET) provides protection against return/jump-oriented programming (ROP/JOP). It includes two sub-features: Shadow Stack(SHSTK) and Indirect Branch Tracking(IBT). This patchset is to enable CET related CPUID report, XSAVES/XRSTORS support and MSR access etc. for guest.
CET KVM patches: https://lkml.kernel.org/r/20200506082110.25441-1-weijiang.y...@intel.com CET kernel patches: https://lkml.kernel.org/r/20200429220732.31602-1-yu-cheng...@intel.com v5: - Checked CET states before access related MSRs. - Added new MSR MSR_KVM_GUEST_SSP for live-migration. - Refactored patches to make them more structured. v4: - Added MSR read/write interface for PL1_SSP/PL2_SSP. - Removed CET structures from X86XSaveArea. - Cleared ebx in return of CPUID.(EAX=d, ECX=1). v3: - Add CET MSR save/restore support for live-migration. v2: - In CPUID.(EAX=d, ECX=1), set return ECX[n] = 0 if bit n corresponds to a bit in MSR_IA32_XSS. - In CPUID.(EAX=d, ECX=n), set return ECX = 1 if bit n corresponds to a bit in MSR_IA32_XSS. - Skip Supervisor mode xsave component when calculate User mode xave component size in xsave_area_size() and x86_cpu_reset(). Yang Weijiang (4): x86/cpu: Add CET CPUID/XSAVES flags and data structures x86/cpuid: Add XSAVES feature words and CET related state bits x86/cpuid: Add support for XSAVES dependent feature enumeration x86/cpu: Add user space access interface for CET MSRs target/i386/cpu.c | 57 ++++++++++++++- target/i386/cpu.h | 53 ++++++++++++++ target/i386/kvm.c | 73 +++++++++++++++++++ target/i386/machine.c | 161 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 341 insertions(+), 3 deletions(-) -- 2.17.2