Control-flow Enforcement Technology (CET) provides protection against
Return/Jump-Oriented Programming (ROP/JOP). It includes two features:
Shadow Stack(SHSTK) and Indirect Branch Tracking(IBT).
This patch series is to enable CET related CPUID report, XSAVES/XRSTORS
support and MSR access etc. for guest.
Change in v8:
- Extended xsave_area_size() to accommodate compacted format size calculation.
- Added CPUID(0xD,1).EBX assigment per maintain's feedback.
- Changed XSS field check and added more comments to make things clearer.
- Other ajustment per maintainer's review feedback.
- Rebased to 6.0.0.
v7 patch:
https://lore.kernel.org/kvm/20210226022058.24562-1-weijiang.yang@intel.com
CET KVM patches:
https://git.kernel.org/pub/scm/virt/kvm/kvm.git/log/?h=intel
CET kernel patches:
https://lkml.kernel.org/r/20210427204315.24153-1-yu-cheng.yu@intel.com
Yang Weijiang (6):
target/i386: Change XSAVE related feature-word names
target/i386: Enable XSS feature CPUID enumeration
target/i386: Enable XSAVES support for CET states
target/i386: Add user-space MSR access interface for CET
target/i386: Add CET state support for guest migration
target/i386: Advise CET bits in CPU/MSR feature words
target/i386/cpu.c | 138 +++++++++++++++++++++++++++++-------
target/i386/cpu.h | 52 +++++++++++++-
target/i386/kvm/kvm.c | 72 +++++++++++++++++++
target/i386/machine.c | 161 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 395 insertions(+), 28 deletions(-)
--
2.26.2