[PATCH v8 0/6] Enable CET support for guest

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Control-flow Enforcement Technology (CET) provides protection against
Return/Jump-Oriented Programming (ROP/JOP). It includes two features:
Shadow Stack(SHSTK) and Indirect Branch Tracking(IBT).
This patch series is to enable CET related CPUID report, XSAVES/XRSTORS
support and MSR access etc. for guest.

Change in v8:
- Extended xsave_area_size() to accommodate compacted format size calculation.
- Added CPUID(0xD,1).EBX assigment per maintain's feedback.
- Changed XSS field check and added more comments to make things clearer.
- Other ajustment per maintainer's review feedback.
- Rebased to 6.0.0.

v7 patch:
https://lore.kernel.org/kvm/20210226022058.24562-1-weijiang.yang@xxxxxxxxx

CET KVM patches:
https://git.kernel.org/pub/scm/virt/kvm/kvm.git/log/?h=intel

CET kernel patches:
https://lkml.kernel.org/r/20210427204315.24153-1-yu-cheng.yu@xxxxxxxxx


Yang Weijiang (6):
  target/i386: Change XSAVE related feature-word names
  target/i386: Enable XSS feature CPUID enumeration
  target/i386: Enable XSAVES support for CET states
  target/i386: Add user-space MSR access interface for CET
  target/i386: Add CET state support for guest migration
  target/i386: Advise CET bits in CPU/MSR feature words

 target/i386/cpu.c     | 138 +++++++++++++++++++++++++++++-------
 target/i386/cpu.h     |  52 +++++++++++++-
 target/i386/kvm/kvm.c |  72 +++++++++++++++++++
 target/i386/machine.c | 161 ++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 395 insertions(+), 28 deletions(-)

-- 
2.26.2




[Index of Archives]     [KVM ARM]     [KVM ia64]     [KVM ppc]     [Virtualization Tools]     [Spice Development]     [Libvirt]     [Libvirt Users]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite Questions]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux