Re: [PATCH 2/4] x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask

[Sohil Mehta]

On 3/20/2026 4:54 AM, Borislav Petkov wrote:

> So, instead, remove the FRED bit from the CR4 pinning mask, thus
> obviating the need to temporarily disable CR4 pinning.
> 
> If someone manages to disable FRED when poking at CR4, then
> idt_invalidate() would make sure the system would crash'n'burn on the
> first exception triggered, which is a much better outcome security-wise.
> 
> Fixes: ff45746fbf00 ("x86/cpu: Add X86_CR4_FRED macro")
> Suggested-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>
> Suggested-by: Peter Zijlstra <peterz@xxxxxxxxxxxxx>
> Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
> Cc: <stable@xxxxxxxxxx> # 6.12+
> Link: https://lore.kernel.org/r/177385987098.1647592.3381141860481415647.tip-bot2@tip-bot2
> ---
>  arch/x86/kernel/cpu/common.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 

Reviewed-by: Sohil Mehta <sohil.mehta@xxxxxxxxx>