Re: [Qemu-devel] [PATCH 5/7] tcg/i386: add support for IBT

[Paolo Bonzini]

On 14/03/19 02:05, Richard Henderson wrote:
> On 3/13/19 5:40 AM, Paolo Bonzini wrote:
>> +static void tcg_out_endbr(TCGContext *s)
>> +{
>> +#if defined __CET__ && (__CET__ & 1)
>> +#ifdef __x86_64__
>> +    tcg_out32(s, 0xfa1e0ff3);
>> +#else
>> +    tcg_out32(s, 0xfb1e0ff3);
>> +#endif
>> +#endif
>> +}
> 
> Normally we'd use a runtime test for the feature.
> 
> Just because we compiled with CET does not mean we're running on CET-enabled
> hardware, since IIRC this is a nop otherwise.  I assume there's a cpuid/xgetbv
> bit that indicates when IBT is present and/or active?

No, there is a way to deduce whether shadow stack is active, but IBT is
only detectable by SIGSEGV'ing.  It is enabled through an MSR which of
course is not available from user space.

There is a prctl to query the state, ARCH_X86_CET_STATUS, but I'm a bit
wary of adding support for it before it hits the kernel; IBT only needs
compiler support because the instructions/prefixes are a nop if
disabled, unlike SHSTK which needs the "allocate shadow stack" prctl.
It's a small fixed cost per TB, it seemed not a big deal to me.

Paolo