On Sun, Feb 18, 2024, Yang Weijiang wrote: > Don't emulate the branch instructions, e.g., CALL/RET/JMP etc., when CET > is active in guest, return KVM_INTERNAL_ERROR_EMULATION to userspace to > handle it. > > KVM doesn't emulate CPU behaviors to check CET protected stuffs while > emulating guest instructions, instead it stops emulation on detecting > the instructions in process are CET protected. By doing so, it can avoid > generating bogus #CP in guest and preventing CET protected execution flow > subversion from guest side. > > Suggested-by: Chao Gao <chao.gao@xxxxxxxxx> > Signed-off-by: Yang Weijiang <weijiang.yang@xxxxxxxxx> > --- This should be ordered before CET is exposed to userspace, e.g. so that KVM's ABI is well defined when CET support because usable.
