Commit f879d781b4 for qemu.org
commit f879d781b4d8e29ab81db71db6723083c2fe5482
Author: Magnus Kulke <magnuskulke@linux.microsoft.com>
Date: Fri Apr 17 12:56:07 2026 +0200
target/i386/mshv: migrate CET/SS MSRs
This change migrates the MSRs required for CET shadow stack and indirect
branch tracking. They are gated behind cet_ss_support || cet_ibt_support
mshv processor feature flags.
Signed-off-by: Magnus Kulke <magnuskulke@linux.microsoft.com>
Link: https://lore.kernel.org/r/20260417105618.3621-24-magnuskulke@linux.microsoft.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
diff --git a/include/hw/hyperv/hvgdk_mini.h b/include/hw/hyperv/hvgdk_mini.h
index b00ec8a636..c6749a9525 100644
--- a/include/hw/hyperv/hvgdk_mini.h
+++ b/include/hw/hyperv/hvgdk_mini.h
@@ -170,6 +170,17 @@ typedef enum hv_register_name {
HV_X64_REGISTER_SPEC_CTRL = 0x00080084,
HV_X64_REGISTER_TSC_ADJUST = 0x00080096,
+ /* CET / Shadow Stack */
+ HV_X64_REGISTER_U_XSS = 0x0008008B,
+ HV_X64_REGISTER_U_CET = 0x0008008C,
+ HV_X64_REGISTER_S_CET = 0x0008008D,
+ HV_X64_REGISTER_SSP = 0x0008008E,
+ HV_X64_REGISTER_PL0_SSP = 0x0008008F,
+ HV_X64_REGISTER_PL1_SSP = 0x00080090,
+ HV_X64_REGISTER_PL2_SSP = 0x00080091,
+ HV_X64_REGISTER_PL3_SSP = 0x00080092,
+ HV_X64_REGISTER_INTERRUPT_SSP_TABLE_ADDR = 0x00080093,
+
/* Other MSRs */
HV_X64_REGISTER_MSR_IA32_MISC_ENABLE = 0x000800A0,
diff --git a/target/i386/mshv/msr.c b/target/i386/mshv/msr.c
index 76b593060a..8c220a9942 100644
--- a/target/i386/mshv/msr.c
+++ b/target/i386/mshv/msr.c
@@ -81,6 +81,26 @@ static const MshvMsrEnvMap msr_env_map[] = {
{ IA32_MSR_MTRR_DEF_TYPE, HV_X64_REGISTER_MSR_MTRR_DEF_TYPE,
offsetof(CPUX86State, mtrr_deftype) },
+ /* CET / Shadow Stack */
+ { MSR_IA32_U_CET, HV_X64_REGISTER_U_CET,
+ offsetof(CPUX86State, u_cet) },
+ { MSR_IA32_S_CET, HV_X64_REGISTER_S_CET,
+ offsetof(CPUX86State, s_cet) },
+ { MSR_IA32_PL0_SSP, HV_X64_REGISTER_PL0_SSP,
+ offsetof(CPUX86State, pl0_ssp) },
+ { MSR_IA32_PL1_SSP, HV_X64_REGISTER_PL1_SSP,
+ offsetof(CPUX86State, pl1_ssp) },
+ { MSR_IA32_PL2_SSP, HV_X64_REGISTER_PL2_SSP,
+ offsetof(CPUX86State, pl2_ssp) },
+ { MSR_IA32_PL3_SSP, HV_X64_REGISTER_PL3_SSP,
+ offsetof(CPUX86State, pl3_ssp) },
+ { MSR_IA32_INT_SSP_TAB, HV_X64_REGISTER_INTERRUPT_SSP_TABLE_ADDR,
+ offsetof(CPUX86State, int_ssp_table) },
+
+ /* XSAVE Supervisor State */
+ { MSR_IA32_XSS, HV_X64_REGISTER_U_XSS,
+ offsetof(CPUX86State, xss) },
+
/* Other */
/* TODO: find out processor features that correlate to unsupported MSRs. */
@@ -287,6 +307,16 @@ static bool msr_supported(uint32_t name)
return mshv_state->processor_features.ibrs_support;
case HV_X64_REGISTER_TSC_ADJUST:
return mshv_state->processor_features.tsc_adjust_support;
+ case HV_X64_REGISTER_U_CET:
+ case HV_X64_REGISTER_S_CET:
+ case HV_X64_REGISTER_PL0_SSP:
+ case HV_X64_REGISTER_PL1_SSP:
+ case HV_X64_REGISTER_PL2_SSP:
+ case HV_X64_REGISTER_PL3_SSP:
+ case HV_X64_REGISTER_INTERRUPT_SSP_TABLE_ADDR:
+ case HV_X64_REGISTER_U_XSS:
+ return mshv_state->processor_features.cet_ss_support ||
+ mshv_state->processor_features.cet_ibt_support;
}
return true;