On 03/12/2021 13:32, Jan Beulich wrote: > On 26.11.2021 13:34, Andrew Cooper wrote: >> Each IDT vector needs to land on an endbr64 instruction. This is especially >> important for the #CP handler, which will escalate to #DF if the endbr64 is >> missing. > One question here: How does this work?
Honestly, I'm not sure. > I don't recall there being any "CET > shadow" along the lines of "STI shadow" and "SS shadow", yet there's > clearly an insn boundary here that gets "skipped" if the 2nd #CP gets > converted to #DF. And fetching of the first handler insn also isn't part > of exception delivery (and could cause other exceptions first, like #PF). I can't make my observations of real hardware behaviour match the description in the spec. Given what a mess it all is, I wouldn't be surprised if the exception delivery microcode has a special case to escalate this to #DF. If it didn't escalate to #DF, then you'd end up with an infinite stream of #CP's, which will most likely cause a stack overflow because #CP needs to be not-IST for shadow stack reasons. ~Andrew
