From: Yang Weijiang <weijiang.yang@intel.com>
To: qemu-devel@nongnu.org, pbonzini@redhat.com
Cc: Yang Weijiang <weijiang.yang@intel.com>
Subject: [Qemu-devel][PATCH v5 0/4] Enable CET support for guest
Date: Sun, 10 May 2020 09:42:46 +0800 [thread overview]
Message-ID: <20200510014250.28111-1-weijiang.yang@intel.com> (raw)
Control-flow Enforcement Technology (CET) provides protection against
return/jump-oriented programming (ROP/JOP). It includes two
sub-features: Shadow Stack(SHSTK) and Indirect Branch Tracking(IBT).
This patchset is to enable CET related CPUID report, XSAVES/XRSTORS
support and MSR access etc. for guest.
CET KVM patches:
https://lkml.kernel.org/r/20200506082110.25441-1-weijiang.yang@intel.com
CET kernel patches:
https://lkml.kernel.org/r/20200429220732.31602-1-yu-cheng.yu@intel.com
v5:
- Checked CET states before access related MSRs.
- Added new MSR MSR_KVM_GUEST_SSP for live-migration.
- Refactored patches to make them more structured.
v4:
- Added MSR read/write interface for PL1_SSP/PL2_SSP.
- Removed CET structures from X86XSaveArea.
- Cleared ebx in return of CPUID.(EAX=d, ECX=1).
v3:
- Add CET MSR save/restore support for live-migration.
v2:
- In CPUID.(EAX=d, ECX=1), set return ECX[n] = 0 if bit n corresponds
to a bit in MSR_IA32_XSS.
- In CPUID.(EAX=d, ECX=n), set return ECX = 1 if bit n corresponds
to a bit in MSR_IA32_XSS.
- Skip Supervisor mode xsave component when calculate User mode
xave component size in xsave_area_size() and x86_cpu_reset().
Yang Weijiang (4):
x86/cpu: Add CET CPUID/XSAVES flags and data structures
x86/cpuid: Add XSAVES feature words and CET related state bits
x86/cpuid: Add support for XSAVES dependent feature enumeration
x86/cpu: Add user space access interface for CET MSRs
target/i386/cpu.c | 57 ++++++++++++++-
target/i386/cpu.h | 53 ++++++++++++++
target/i386/kvm.c | 73 +++++++++++++++++++
target/i386/machine.c | 161 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 341 insertions(+), 3 deletions(-)
--
2.17.2
next reply other threads:[~2020-05-10 1:42 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-10 1:42 Yang Weijiang [this message]
2020-05-10 1:42 ` [Qemu-devel][PATCH v5 1/4] x86/cpu: Add CET CPUID/XSAVES flags and data structures Yang Weijiang
2020-07-15 7:10 ` Xiaoyao Li
2020-05-10 1:42 ` [Qemu-devel][PATCH v5 2/4] x86/cpuid: Add XSAVES feature words and CET related state bits Yang Weijiang
2020-07-15 7:22 ` Xiaoyao Li
2020-05-10 1:42 ` [Qemu-devel][PATCH v5 3/4] x86/cpuid: Add support for XSAVES dependent feature enumeration Yang Weijiang
2020-05-10 1:42 ` [Qemu-devel][PATCH v5 4/4] x86/cpu: Add user space access interface for CET MSRs Yang Weijiang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200510014250.28111-1-weijiang.yang@intel.com \
--to=weijiang.yang@intel.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.