Re: [PATCH -v2] x86/CPU/AMD: Make sure EFER[AIBRSE] is set

From: Dave Hansen
Date: Mon Mar 13 2023 - 11:42:21 EST

Next message: Joel Selvaraj: "[PATCH v2] arm64: dts: qcom: sdm845-xiaomi-beryllium: add notification LED"
Previous message: Zheng Wang: "[PATCH v3] media: hantro: fix use after free bug in hantro_remove due to race condition"
In reply to: Borislav Petkov: "[PATCH -v2] x86/CPU/AMD: Make sure EFER[AIBRSE] is set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/10/23 08:22, Borislav Petkov wrote:
> The AutoIBRS bit gets set only on the BSP as part of determining which
> mitigation to enable on AMD. Setting on the APs relies on the
> circumstance that the APs get booted through the trampoline and EFER
> - the MSR which contains that bit - gets replicated on every AP from the
> BSP.
>
> However, this can change in the future and considering the security
> implications of this bit not being set on every CPU, make sure it is set
> by verifying EFER later in the boot process and on every AP.
>
> Reported-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx>
> Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx>
> Link: https://lore.kernel.org/r/20230224185257.o3mcmloei5zqu7wa@treble

Looks sane, thanks for adding the warning:

Acked-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>

Next message: Joel Selvaraj: "[PATCH v2] arm64: dts: qcom: sdm845-xiaomi-beryllium: add notification LED"
Previous message: Zheng Wang: "[PATCH v3] media: hantro: fix use after free bug in hantro_remove due to race condition"
In reply to: Borislav Petkov: "[PATCH -v2] x86/CPU/AMD: Make sure EFER[AIBRSE] is set"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]