>> @@ -4941,6 +4947,24 @@ int x86_decode_insn(struct x86_emulate_ctxt *ctxt, void *insn, int insn_len, int
>> if (ctxt->d == 0)
>> return EMULATION_FAILED;
>> + if (ctxt->ops->get_cr(ctxt, 4) & X86_CR4_CET) {
>> + u64 u_cet, s_cet;
>> + bool stop_em;
>> +
>> + if (ctxt->ops->get_msr(ctxt, MSR_IA32_U_CET, &u_cet) ||
>> + ctxt->ops->get_msr(ctxt, MSR_IA32_S_CET, &s_cet))
>> + return EMULATION_FAILED;
>> +
>> + stop_em = ((u_cet & CET_SHSTK_EN) || (s_cet & CET_SHSTK_EN)) &&
>> + (opcode.flags & ShadowStack);
>> +
>> + stop_em |= ((u_cet & CET_ENDBR_EN) || (s_cet & CET_ENDBR_EN)) &&
>> + (opcode.flags & IndirBrnTrk);
>
>Why don't check CPL here? Just for simplicity?
I think so. This is a corner case and we don't want to make it very precise
(and thus complex). The reason is that no one had a strong opinion on whether
to do the CPL check or not. I asked the same question before [*], but I don't
have a strong opinion on this either.
[*]: https://lore.kernel.org/kvm/ZaSQn7RCRTaBK1bc@chao-email/
