On 5/2/2024 7:24 AM, Sean Christopherson wrote:
On Sun, Feb 18, 2024, Yang Weijiang wrote:
Don't emulate the branch instructions, e.g., CALL/RET/JMP etc., when CET
is active in guest, return KVM_INTERNAL_ERROR_EMULATION to userspace to
handle it.
KVM doesn't emulate CPU behaviors to check CET protected stuffs while
emulating guest instructions, instead it stops emulation on detecting
the instructions in process are CET protected. By doing so, it can avoid
generating bogus #CP in guest and preventing CET protected execution flow
subversion from guest side.
Suggested-by: Chao Gao <chao.gao@xxxxxxxxx>
Signed-off-by: Yang Weijiang <weijiang.yang@xxxxxxxxx>
---
This should be ordered before CET is exposed to userspace, e.g. so that KVM's
ABI is well defined when CET support because usable.
Sure, thanks!
