Re: [PATCH v8 2/7] KVM: VMX: Define CET VMCS fields and #CP flag

From: Yang Weijiang
Date: Tue Dec 10 2019 - 20:44:18 EST


On Tue, Dec 10, 2019 at 01:00:44PM -0800, Sean Christopherson wrote:
> On Fri, Nov 01, 2019 at 04:52:17PM +0800, Yang Weijiang wrote:
> > CET(Control-flow Enforcement Technology) is an upcoming Intel(R)
> > processor feature that blocks Return/Jump-Oriented Programming(ROP)
> > attacks. It provides the following capabilities to defend
> > against ROP/JOP style control-flow subversion attacks:
> >
> > return (1U << vector) & exception_has_error_code;
> > }
> > @@ -298,7 +298,8 @@ int x86_emulate_instruction(struct kvm_vcpu *vcpu, unsigned long cr2,
> > * Right now, no XSS states are used on x86 platform,
> > * expand the macro for new features.
>
> I assume this comment needs to be updated?
>
I'm not sure which features in upstream code are using xsaves bits,
should I go like this:
In future, other XSS state bits can be added here to make them available
to guest?
> > */
> > -#define KVM_SUPPORTED_XSS 0
> > +#define KVM_SUPPORTED_XSS (XFEATURE_MASK_CET_USER \
> > + | XFEATURE_MASK_CET_KERNEL)
> >
> > extern u64 host_xcr0;
> >
> > --
> > 2.17.2
> >