Control-flow Enforcement Technology (CET) provides protection against Return/Jump-Oriented Programming (ROP/JOP). It includes two features: Shadow Stack(SHSTK) and Indirect Branch Tracking(IBT). This patch series is to enable CET related CPUID report, XSAVES/XRSTORS support and MSR access etc. for guest. Change in v8: - Extended xsave_area_size() to accommodate compacted format size calculation. - Added CPUID(0xD,1).EBX assigment per maintain's feedback. - Changed XSS field check and added more comments to make things clearer. - Other ajustment per maintainer's review feedback. - Rebased to 6.0.0. v7 patch: https://lore.kernel.org/kvm/20210226022058.24562-1-weijiang.yang@xxxxxxxxx CET KVM patches: https://git.kernel.org/pub/scm/virt/kvm/kvm.git/log/?h=intel CET kernel patches: https://lkml.kernel.org/r/20210427204315.24153-1-yu-cheng.yu@xxxxxxxxx Yang Weijiang (6): target/i386: Change XSAVE related feature-word names target/i386: Enable XSS feature CPUID enumeration target/i386: Enable XSAVES support for CET states target/i386: Add user-space MSR access interface for CET target/i386: Add CET state support for guest migration target/i386: Advise CET bits in CPU/MSR feature words target/i386/cpu.c | 138 +++++++++++++++++++++++++++++------- target/i386/cpu.h | 52 +++++++++++++- target/i386/kvm/kvm.c | 72 +++++++++++++++++++ target/i386/machine.c | 161 ++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 395 insertions(+), 28 deletions(-) -- 2.26.2
