Re: [PATCH -v2] x86/CPU/AMD: Make sure EFER[AIBRSE] is set
From: Dave Hansen
Date: Mon Mar 13 2023 - 11:42:21 EST
On 3/10/23 08:22, Borislav Petkov wrote:
> The AutoIBRS bit gets set only on the BSP as part of determining which
> mitigation to enable on AMD. Setting on the APs relies on the
> circumstance that the APs get booted through the trampoline and EFER
> - the MSR which contains that bit - gets replicated on every AP from the
> BSP.
>
> However, this can change in the future and considering the security
> implications of this bit not being set on every CPU, make sure it is set
> by verifying EFER later in the boot process and on every AP.
>
> Reported-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
> Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
> Link: https://lore.kernel.org/r/20230224185257.o3mcmloei5zqu7wa@treble
Looks sane, thanks for adding the warning:
Acked-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>