On Thu, Mar 26, 2020 at 04:18:37PM +0800, Yang Weijiang wrote: > Control-flow Enforcement Technology (CET) provides protection against > Return/Jump-Oriented Programming (ROP/JOP) attack. It includes two > sub-features: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT). > > KVM needs to update to enable guest CET feature. > This patchset implements CET related CPUID/XSAVES enumeration, MSRs > and vmentry/vmexit configuration etc.so that guest kernel can setup CET > runtime infrastructure based on them. Some CET MSRs and related feature > flags used reference the definitions in kernel patchset. > > CET kernel patches are here: > https://lkml.org/lkml/2020/2/5/593 > https://lkml.org/lkml/2020/2/5/604 ... > - This patch serial is built on top of below branch and CET kernel patches > for seeking xsaves support: > https://git.kernel.org/pub/scm/virt/kvm/kvm.git/log/?h=cpu-caps Can you provide the full code in a branch/tag somewhere? The CET patches are in turn dependent on XSAVES enabling[*], and those don't apply cleanly on the cpu-caps branch. It might make sense to also rebase to kvm/queue? Though that's not a requirement by any means, e.g. don't bother if the CET patches are going to be respun soon. https://lkml.kernel.org/r/20200328164307.17497-1-yu-cheng.yu@xxxxxxxxx
