Re: [PATCH 15/14] x86/gds: Lock GDS mitigation when keylocker feature is present

From: Chang S. Bae
Date: Mon Apr 22 2024 - 03:36:01 EST


On 4/19/2024 10:47 AM, Pawan Gupta wrote:
/*
@@ -840,6 +843,11 @@ static void __init gds_select_mitigation(void)
gds_mitigation = GDS_MITIGATION_FULL_LOCKED;
}
+ /* Keylocker can only be enabled when GDS mitigation is locked */
+ if (boot_cpu_has(X86_FEATURE_KEYLOCKER) &&
+ gds_mitigation == GDS_MITIGATION_FULL)
+ gds_mitigation = GDS_MITIGATION_FULL_LOCKED;
+

I'm having trouble understanding this change:

gds_select_mitigation()
{
...
if (gds_mitigation == GDS_MITIGATION_FORCE)
gds_mitigation = GDS_MITIGATION_FULL;

rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
if (mcu_ctrl & GDS_MITG_LOCKED) {
...
gds_mitigation = GDS_MITIGATION_FULL_LOCKED;
}

if (boot_cpu_has(X86_FEATURE_KEYLOCKER) &&
gds_mitigation == GDS_MITIGATION_FULL)
gds_mitigation = GDS_MITIGATION_FULL_LOCKED;

As I understand it, gds_mitigation is set to GDS_MITIGATION_FULL only if the gds force option is enabled but IA32_MCU_OPT_CTRL[GDS_MITG_LOCK] is not set.

Then, if the CPU has Key Locker, this code sets gds_mitigation to GDS_MITIGATION_FULL_LOCKED, which seems contradictory. I'm not sure why this change is necessary.

I'm also not convinced that the Key Locker series needs to modify this function. The Key Locker setup code should simply check the current mitigation status and enable the feature only if proper mitigation is in place. Am I missing something here?

Thanks,
Chang