On Tue, Dec 10, 2019 at 01:00:44PM -0800, Sean Christopherson wrote: > On Fri, Nov 01, 2019 at 04:52:17PM +0800, Yang Weijiang wrote: > > CET(Control-flow Enforcement Technology) is an upcoming Intel(R) > > processor feature that blocks Return/Jump-Oriented Programming(ROP) > > attacks. It provides the following capabilities to defend > > against ROP/JOP style control-flow subversion attacks: > > > > return (1U << vector) & exception_has_error_code; > > } > > @@ -298,7 +298,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, unsigned long cr2, > > * Right now, no XSS states are used on x86 platform, > > * expand the macro for new features. > > I assume this comment needs to be updated? > I'm not sure which features in upstream code are using xsaves bits, should I go like this: In future, other XSS state bits can be added here to make them available to guest? > > */ > > -#define KVM_SUPPORTED_XSS 0 > > +#define KVM_SUPPORTED_XSS (XFEATURE_MASK_CET_USER \ > > + | XFEATURE_MASK_CET_KERNEL) > > > > extern u64 host_xcr0; > > > > -- > > 2.17.2 > >
