On Thu, Apr 23, 2020 at 09:03:14AM -0700, Sean Christopherson wrote: > On Thu, Mar 26, 2020 at 04:18:37PM +0800, Yang Weijiang wrote: > > Control-flow Enforcement Technology (CET) provides protection against > > Return/Jump-Oriented Programming (ROP/JOP) attack. It includes two > > sub-features: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT). > > > > KVM needs to update to enable guest CET feature. > > This patchset implements CET related CPUID/XSAVES enumeration, MSRs > > and vmentry/vmexit configuration etc.so that guest kernel can setup CET > > runtime infrastructure based on them. Some CET MSRs and related feature > > flags used reference the definitions in kernel patchset. > > > > CET kernel patches are here: > > https://lkml.org/lkml/2020/2/5/593 > > https://lkml.org/lkml/2020/2/5/604 > > ... > > > - This patch serial is built on top of below branch and CET kernel patches > > for seeking xsaves support: > > https://git.kernel.org/pub/scm/virt/kvm/kvm.git/log/?h=cpu-caps > > Can you provide the full code in a branch/tag somewhere? The CET patches > are in turn dependent on XSAVES enabling[*], and those don't apply cleanly > on the cpu-caps branch. > > It might make sense to also rebase to kvm/queue? Though that's not a > requirement by any means, e.g. don't bother if the CET patches are going to > be respun soon. > I'll rebase the patches to 5.7-rc2, so things will be clear then. > https://lkml.kernel.org/r/20200328164307.17497-1-yu-cheng.yu@xxxxxxxxx
