On 26.11.2021 13:34, Andrew Cooper wrote: > Each IDT vector needs to land on an endbr64 instruction. This is especially > important for the #CP handler, which will escalate to #DF if the endbr64 is > missing.
One question here: How does this work? I don't recall there being any "CET shadow" along the lines of "STI shadow" and "SS shadow", yet there's clearly an insn boundary here that gets "skipped" if the 2nd #CP gets converted to #DF. And fetching of the first handler insn also isn't part of exception delivery (and could cause other exceptions first, like #PF). Jan
