Re: Save a WRMSR GS.base?

Next message: Sunil V L: "Re: [PATCH] acpi/riscv: use a dedicated insertion point in riscv_acpi_register_ext_intc()"
Previous message: Sunil V L: "Re: [PATCH] iommu/riscv: Add dependency between iommu and devices"
In reply to: Borislav Petkov: "Re: Save a WRMSR GS.base?"
Next in thread: Borislav Petkov: "Re: Save a WRMSR GS.base?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: H. Peter Anvin

Date: Mon Jun 08 2026 - 13:36:51 EST

On 2026-06-08 07:38, Borislav Petkov wrote:

On Sun, Jun 07, 2026 at 11:46:34PM -0700, H. Peter Anvin wrote:

WRxSBASE does a 64-bit write,

When REX.W.

The SDM text is confusing:

"If no REX.W prefix is used, the operand size is 32 bits; the upper 32 bits of
the source register are ignored and upper 32 bits of the base address (for FS
or GS) are cleared."

Does this last part that GS is cleared, refer to when WRGSBASE is used with no
REX.W or in general?

Without REX.W (e.g. wrgsbase %eax as opposed to wrgsbase %rax).

but for GS it would incorrectly address the kernel GS.base.

What does that mean?

It means that in kernel mode, it is the currently active GS.base that is written (or read with rdgsbase), that is, the one that belongs to kernel, not the user space one in what is confusingly enough called MSR_KERNEL_GS_BASE.

In other words, not the one we want to task switch, *unless* you are in IDT mode and can surround it with SWAPGS.

-hpa