Control-flow Enforcement Technology (CET) provides protection against return/jump-oriented programming (ROP) attacks. To make kvm Guest OS own the capability, this patch-set is required. It enables CET related CPUID report and xsaves/xrstors support etc in qemu.
Changelog: v2: - In CPUID.(EAX=d, ECX=1), set return ECX[n] = 0 if bit n corresponds to a bit in MSR_IA32_XSS. - In CPUID.(EAX=d, ECX=n), set return ECX = 1 if bit n corresponds to a bit in MSR_IA32_XSS. - Skip Supervisor mode xsave component when calculate User mode xave component size in xsave_area_size() and x86_cpu_reset(). Yang Weijiang (4): Add CET xsaves/xrstors related macros and structures. Add CET SHSTK and IBT CPUID feature-word definitions. Add hepler functions for CPUID xsave area size calculation. Report CPUID xsave area support for CET. target/i386/cpu.c | 73 +++++++++++++++++++++++++++++++++++++++++++++-- target/i386/cpu.h | 36 ++++++++++++++++++++++- 2 files changed, 105 insertions(+), 4 deletions(-) -- 2.17.1