Control-flow Enforcement Technology (CET) provides protection against Return/Jump-Oriented Programming (ROP/JOP). It includes two features: Shadow Stack(SHSTK) and Indirect Branch Tracking(IBT). This patch series is to enable CET related CPUID report, XSAVES/XRSTORS support and MSR access etc. for guest. Change in v7: - Reverted part of XSAVE feature-word naming change per review feedback. - Fixed an issue blocking SHSTK and IBT used as two independent features if OS just enables either of them. - Other minor changes during testing and review. - Rebased to 5.2.0 base. CET KVM patches: https://lkml.kernel.org/r/20210203113421.5759-1-weijiang.yang@xxxxxxxxx CET kernel patches: https://lkml.kernel.org/r/20210217222730.15819-1-yu-cheng.yu@xxxxxxxxx Yang Weijiang (6): target/i386: Change XSAVE related feature-word names target/i386: Enable XSS feature enumeration for CPUID target/i386: Enable CET components support for XSAVES target/i386: Add user-space MSR access interface for CET target/i386: Add CET state support for guest migration target/i386: Advise CET bits in CPU/MSR feature words target/i386/cpu.c | 113 +++++++++++++++++++++++------ target/i386/cpu.h | 55 ++++++++++++++- target/i386/kvm.c | 72 +++++++++++++++++++ target/i386/machine.c | 161 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 379 insertions(+), 22 deletions(-) -- 2.26.2
