On Mon, Apr 27, 2020 at 04:04:28PM +0200, Paolo Bonzini wrote: > On 26/04/20 17:23, Yang Weijiang wrote: > > What's the purpose of the selftest? Is it just for Shadow Stack SSP > > state transitions in various cases? e.g., L0 SSP<--->L3 SSP, > > L0 SSP1<--->L0 SSP2? > > No, it checks that the whole state can be extracted and restored from a > running VM. For example, it would have caught immediately that the > current SSP could not be saved and restored. > > > We now have the KVM unit-test for CET functionalities, > > i.e., Shadow Stack and Indirect Branch Tracking for user-mode, I can put the > > state test app into the todo list as current patchset is mainly for user-mode > > protection, the supervisor-mode CET protection is the next step. > > What are the limitations? Or are you referring to the unit test? > I'm referring to the unit test, I enabled basic CET function test to verify if SHSTK/IBT is supported with current platform and KVM, but didn't cover what you mentioned above. OK, I put the state self-test to my todo list. Thank you for the reminder. > Paolo
