On 19/05/20 09:55, Sean Christopherson wrote: >> Running arbitrary code under the emulator is problematic anyway with >> CET, since you won't be checking ENDBR markers or updating the state >> machine. So perhaps in addition to what you say we should have a mode >> where, unless unrestricted guest is disabled, the emulator only accepts >> I/O, MOV and ALU instructions. > > Doh, I forgot all about those pesky ENDBR markers. I think a slimmed down > emulator makes sense? Or just slimmed down opcode tables. > Tangentially related, isn't the whole fastop thing doomed once CET kernel > support lands? Why? You do need to add endbr markers and some of the fastop handlers won't fit in 8 bytes, but that should be it. Paolo
