On Mon, Jul 13, 2020 at 11:13:26AM -0700, Sean Christopherson wrote: > On Wed, Jul 01, 2020 at 04:04:00PM +0800, Yang Weijiang wrote: > > Control-flow Enforcement Technology (CET) provides protection against > > Return/Jump-Oriented Programming (ROP/JOP) attack. There're two CET > > sub-features: Shadow Stack (SHSTK) and Indirect Branch Tracking (IBT). > > SHSTK is to prevent ROP programming and IBT is to prevent JOP programming. > > > > Several parts in KVM have been updated to provide VM CET support, including: > > CPUID/XSAVES config, MSR pass-through, user space MSR access interface, > > vmentry/vmexit config, nested VM etc. These patches have dependency on CET > > kernel patches for xsaves support and CET definitions, e.g., MSR and related > > feature flags. > > > > CET kernel patches are here: > > https://lkml.kernel.org/r/20200429220732.31602-1-yu-cheng.yu@xxxxxxxxx > > > > v13: > > - Added CET definitions as a separate patch to facilitate KVM test. > > - Disabled CET support in KVM if unrestricted_guest is turned off since > > in this case CET related instructions/infrastructure cannot be emulated > > well. > > This needs to be rebased, I can't get it to apply on any kvm branch nor on > any 5.8 rc. And when you send series, especially large series that touch > lots of code, please explicitly state what commit the series is based on to > make it easy for reviewers to apply the patches, even if the series needs a > rebase. Sorry for the inconvenience, I'll rebase and resend this series.
