On Mon, Mar 18, 2019 at 11:03:43PM +0800, Yang Weijiang wrote: > Control-flow Enforcement Technology (CET) provides protection against > return/jump-oriented programming (ROP) attacks. To make kvm Guest OS own > the capability, this patch-set is required. It enables CET related CPUID > report, xsaves/xrstors, vmx entry configuration etc. for Guest OS. ... > Yang Weijiang (7): > KVM:VMX: Define CET VMCS fields and bits > KVM:CPUID: Add CET CPUID support for Guest > KVM:CPUID: Fix xsaves area size calculation for CPUID.(EAX=0xD,ECX=1). I like the earnestness of scoping to CPUID, but "KVM: x86:" is sufficient and more correct, e.g. ARM has CPUID as well and most architectures have an equivalent. > KVM:VMX: Pass through host CET related MSRs to Guest. > KVM:VMX: Load Guest CET via VMCS when CET is enabled in Guest > KVM:x86: Allow Guest to set supported bits in XSS > KVM:x86: Add user-space read/write interface for CET MSRs Please add spaces between KVM: and the more specific scope. > > arch/x86/include/asm/kvm_host.h | 5 +- > arch/x86/include/asm/msr-index.h | 2 + > arch/x86/include/asm/vmx.h | 8 +++ > arch/x86/kvm/cpuid.c | 53 ++++++++++++++------ > arch/x86/kvm/vmx.c | 86 ++++++++++++++++++++++++++++++-- Please rebase to the latest KVM for the next version, this is getting fairly stale. Thanks! > arch/x86/kvm/x86.c | 32 +++++++++++- > arch/x86/kvm/x86.h | 4 ++ > 7 files changed, 167 insertions(+), 23 deletions(-) > > -- > 2.17.1 >
