Control-flow Enforcement Technology (CET) provides protection against
return/jump-oriented programming (ROP) attacks. To make kvm Guest OS own
the capability, this patch-set is required. It enables CET related CPUID
report, xsaves/xrstors and live-migration etc. in Qemu.
Changelog:
v4:
- Added MSR read/write interface for PL1_SSP/PL2_SSP.
- Removed CET structures from X86XSaveArea.
- Cleared ebx in return of CPUID.(EAX=d, ECX=1).
v3:
- Add CET MSR save/restore support for live-migration.
v2:
- In CPUID.(EAX=d, ECX=1), set return ECX[n] = 0 if bit n corresponds
to a bit in MSR_IA32_XSS.
- In CPUID.(EAX=d, ECX=n), set return ECX = 1 if bit n corresponds
to a bit in MSR_IA32_XSS.
- Skip Supervisor mode xsave component when calculate User mode
xave component size in xsave_area_size() and x86_cpu_reset().
Yang Weijiang (5):
Add CET xsaves/xrstors related macros and structures.
Add CET SHSTK and IBT CPUID feature-word definitions.
Add hepler functions for CPUID xsave area size calculation.
Report CPUID xsave area support for CET.
Add CET MSR save/restore support for migration
target/i386/cpu.c | 56 ++++++++++++++++-
target/i386/cpu.h | 49 ++++++++++++++-
target/i386/kvm.c | 53 ++++++++++++++++
target/i386/machine.c | 141 ++++++++++++++++++++++++++++++++++++++++++
4 files changed, 295 insertions(+), 4 deletions(-)
--
2.17.1