Re: [PATCH 15/14] x86/gds: Lock GDS mitigation when keylocker feature is present

From: Pawan Gupta
Date: Fri Apr 19 2024 - 16:19:34 EST

Next message: Sergey Shtylyov: "Re: [net-next RFC v3 5/7] net: ravb: Enable SW IRQ Coalescing for GbEth"
Previous message: Kees Cook: "[GIT PULL] hardening fixes for v6.9-rc5"
In reply to: Daniel Sneddon: "Re: [PATCH 15/14] x86/gds: Lock GDS mitigation when keylocker feature is present"
Next in thread: Daniel Sneddon: "Re: [PATCH 15/14] x86/gds: Lock GDS mitigation when keylocker feature is present"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Apr 19, 2024 at 11:03:28AM -0700, Daniel Sneddon wrote:
> On 4/19/24 10:47, Pawan Gupta wrote:
> > + u64 gds_lock = 0;
> >
> > switch (gds_mitigation) {
> > case GDS_MITIGATION_OFF:
> > @@ -769,6 +769,8 @@ void update_gds_msr(void)
> > * the same state. Make sure the mitigation is enabled on all
> > * CPUs.
> > */
> > + gds_lock = GDS_MITG_LOCKED;
> Can't we just drop the new gds_lock var and set mcu_ctrl |= GDS_MITG_LOCKED here?

Unfortunately no, because ...

> > + fallthrough;
> > case GDS_MITIGATION_FULL:
> > rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);

.. mcu_ctrl is read here, it will overwrite any previous value.

> > mcu_ctrl &= ~GDS_MITG_DIS;
> > @@ -779,6 +781,7 @@ void update_gds_msr(void)
> > return;
> > }
> >
> > + mcu_ctrl |= gds_lock;
> > wrmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);

Next message: Sergey Shtylyov: "Re: [net-next RFC v3 5/7] net: ravb: Enable SW IRQ Coalescing for GbEth"
Previous message: Kees Cook: "[GIT PULL] hardening fixes for v6.9-rc5"
In reply to: Daniel Sneddon: "Re: [PATCH 15/14] x86/gds: Lock GDS mitigation when keylocker feature is present"
Next in thread: Daniel Sneddon: "Re: [PATCH 15/14] x86/gds: Lock GDS mitigation when keylocker feature is present"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]