[PATCH v1 0/8] This patch-set is to enable kvm Guest OS CET support.

[Yang Weijiang]

Control-flow Enforcement Technology (CET) provides protection against
return/jump-oriented programming (ROP) attacks. To make kvm Guest OS
own the capability, this patch-set is required. It enables CET related
CPUID report, xsaves/xrstors, vmx entry configuration etc for Guest OS.

PATCH 1/3/4: Enable CET support in VMCS.
PATCH 2    : Define CR4.CET master enable bit.
PATCH 5    : Enable xsave components for CET in XSS.
PATCH 6/7/8: Report CET feature support in CPUID.
 
Yang Weijiang (8):
  kvm:vmx  Introduce CET related VMCS field definitions.
  kvm:  Define CR4.CET[bit 23] (master enable bit) for guest OS.
  kvm:vmx  Enable loading CET state bit while guest CR4.CET is being
    set.
  kvm:vmx  Pass through host CET related MSRs to Guest.
  kvm:x86  Enable MSR_IA32_XSS bit 11 and 12 for CET xsaves/xrstors.
  kvm:cpuid  Add CPUID support for CET xsaves component query.
  kvm:cpuid  Fix xsaves area size calculation for CPUID.(EAX=0xD,ECX=1).
  kvm:cpuid  Report CET SHSTK and IBT support in CPUID.(EAX=0x7,ECX=0).

 arch/x86/include/asm/kvm_host.h |  3 ++-
 arch/x86/include/asm/vmx.h      |  8 +++++++
 arch/x86/kvm/cpuid.c            | 23 +++++++++++++-------
 arch/x86/kvm/vmx.c              | 37 ++++++++++++++++++++++++++++++---
 4 files changed, 60 insertions(+), 11 deletions(-)

-- 
2.17.1