Re: [PATCH 15/14] x86/gds: Lock GDS mitigation when keylocker feature is present

From: Chang S. Bae
Date: Mon Apr 22 2024 - 18:13:22 EST

Next message: Mauro Carvalho Chehab: "Re: Please create the email alias do-not-apply-to-stable@xxxxxxxxxx -> /dev/null"
Previous message: Judith Mendez: "Re: [PATCH 5/7] dt-bindings: counter: Update TI eQEP binding"
In reply to: Pawan Gupta: "Re: [PATCH 15/14] x86/gds: Lock GDS mitigation when keylocker feature is present"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/22/2024 2:32 PM, Pawan Gupta wrote:

To enable Key Locker feature, "proper mitigation" is microcode mitigation
enabled and the GDS_MITG_LOCK bit set in MSR_IA32_MCU_OPT_CTRL. Do you
agree?
> If not via this patch, how is GDS_MITG_LOCK going to be set?

The lock bit seems to be set by microcode when SGX is available. However, if the lock bit is not set for Key Locker, it does seem odd. Introducing kernel code to override this situation might be seen as a workaround rather than a proper solution, potentially leading to more confusion.

I'd rather investigate the behavior of the microcode further, verify its consistency, and gain a clearer understanding of the requirement for this lock bit.

Thanks,
Chang

Next message: Mauro Carvalho Chehab: "Re: Please create the email alias do-not-apply-to-stable@xxxxxxxxxx -> /dev/null"
Previous message: Judith Mendez: "Re: [PATCH 5/7] dt-bindings: counter: Update TI eQEP binding"
In reply to: Pawan Gupta: "Re: [PATCH 15/14] x86/gds: Lock GDS mitigation when keylocker feature is present"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]