Received: by 2002:ab2:b82:0:b0:1f3:401:3cfb with SMTP id 2csp904553lqh; Thu, 28 Mar 2024 23:57:56 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXhcnzbvkD1vClOqkWBJELAtlfLDyozQnGvC4c9hrD+CuBH2Omcf1zIyUdjtW3iX3SCqIpIW17b9LMnMq7xLhjVHl4h8cUA8jPkDqDfgQ== X-Google-Smtp-Source: AGHT+IGx8sAD6BesWzigAAi++9Jxht8oNiU9yFdiMNdlkcK4A3kV10Dgq2Ng+7G5zs3VbjlGQRFA X-Received: by 2002:a25:af03:0:b0:dbd:be40:2191 with SMTP id a3-20020a25af03000000b00dbdbe402191mr1553191ybh.42.1711695476129; Thu, 28 Mar 2024 23:57:56 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711695476; cv=pass; d=google.com; s=arc-20160816; b=YZCIPlBPZpPuUmNTD0H0qEn3tgeHRpXG9T+LCiyN+ioG+XFOYHUTKAJZzsIL6po5wx tP5XGCEAVd4c/Ma7INkAKd8cO9W80hsm/1E8ZAmveV7sZuxl4GJAavN7aG9+/gar9Qxo ZodxexVbsiRQZL41DYUCn4uT2GOuqfQJMSXRxYzVqBFDhVKMemM1kkdOQm0u9KuGoYdO VxvFYCX7XiXsexyjaA2SMpfGSIXr7Edn11bUS+9CWoncnVOvRnPDMf6TS3ECxZix9fST SJKtKllfBWDhsi8WM7mua93lHu0sQ/zHLKUOzJ+1IYrLOyaUJtYmqpEX6Zx5mhh+pmV7 APaA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:content-disposition:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:message-id:subject:cc :to:from:date:dkim-signature; bh=S03lgh5vJ5SsuDZO0iZmFS0X106Zo892EW93mGRk8sU=; fh=nhbGY5htpDLtfCpJ5ZnnQM+C4RdwDqzcPnntbXpvbss=; b=ISpOeK9tpwOG56U11U8pS6uarQE2IZB3J0zjQgoAxCr/aOl8ap8KvKUXt8aJRoLrhs EX1bLxvB/MLBYNMzSL6a6XmFllqg3q1gOGDH5Cga+p7APFQiaA7lN8IALrzcEh3lt+sd LfHleIoxPA6Imhk2SyM8BIE+cxHby5YsfOUcJOB+XDxuFn9rtoQjBamfd09yyELQudKe vT9eQHCBtkxOtqE1aS26U7A9lW/pOwcDkDYWNCkj9sh6ipSJF/W+TQlq3Di4yhpO7lok poRGHl0Uhe6P8obnq7SYRKjl4ypEGbPYAtHLgcSIEhq2ZEN8sgQ3/tM7FbSTCJAAT/2O xFug==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RPeog6it; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-crypto+bounces-3057-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3057-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id d12-20020a05622a05cc00b00432b583054esi2802023qtb.156.2024.03.28.23.57.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 28 Mar 2024 23:57:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-3057-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=RPeog6it; arc=pass (i=1 dkim=pass dkdomain=intel.com dmarc=pass fromdomain=linux.intel.com); spf=pass (google.com: domain of linux-crypto+bounces-3057-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-crypto+bounces-3057-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id C58C71C2230B for ; Fri, 29 Mar 2024 06:57:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id EC0983FBB3; Fri, 29 Mar 2024 06:57:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b="RPeog6it" X-Original-To: linux-crypto@vger.kernel.org Received: from mgamail.intel.com (mgamail.intel.com [198.175.65.13]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 43F293FB8C; Fri, 29 Mar 2024 06:57:49 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=198.175.65.13 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711695471; cv=none; b=P44/vE3hjlBgAUKwqwCsCYC6kmX55WBd3RtvwgNhCe/lwVIovBSOVWqVVSNZqbz+lYrvxM0o/wB1pzbSRKKeKW0+454reCzv2ra+7U4Uq1GP2a4B38iTslF53WSn9JZ7q8uQDfn6xX4VZzDHatm55/dk0vz+Rom+U5eBvRjKCyI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711695471; c=relaxed/simple; bh=3tp0OjNh8FoNAxu2MnETSB9plHBlxQ/kYzlSx8y1UpU=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=QyteSu2uykixX1DVdkIx/2rBSWRwB62rtmQzPSXSnEefnfcBJOnmMG1dKfz6xiomo2rGPp3LUPymIwoJ8U8WJoXsf5BJPNz4ofACp4hYnY38i2QbRyxvqAeyJVdPC5d6mP7foeAhflCZlu0GvjANLDrswb7+3GRfVlLaCtE6lHc= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com; spf=none smtp.mailfrom=linux.intel.com; dkim=pass (2048-bit key) header.d=intel.com header.i=@intel.com header.b=RPeog6it; arc=none smtp.client-ip=198.175.65.13 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=linux.intel.com Authentication-Results: smtp.subspace.kernel.org; spf=none smtp.mailfrom=linux.intel.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1711695470; x=1743231470; h=date:from:to:cc:subject:message-id:references: mime-version:in-reply-to; bh=3tp0OjNh8FoNAxu2MnETSB9plHBlxQ/kYzlSx8y1UpU=; b=RPeog6itdr8XcKWKrmQNUQYPfkYt/pQ0yJ5HsnRnfRWG+72H7uAXjtBy 7dPHRIvrEg2u3pS9+J8aImXKCwXoeF8JXSzv+kSDCudzj47gxdsSxWasa bq/mWvG3UIkYJmFm7EoPQIfNrOj0LMnhYLPzAEeb+u0y47XI4adcq6EKL Kxoc6FXctL/kGVxb+JxUhMITgXzxGJeN/kZlUdsm7J0COYofjWQy08Vzb 65IcXd7WhXZYgye2gwUyk0qC2EmCPmD6bDsr4lIfR/Z2IDHe0WyivA84+ MWXuUqJzROS34qTYqiv/ntsIO4VHtQTEVvJfuhnivg34Fta5Jw5jZKOqQ Q==; X-CSE-ConnectionGUID: Vr6mqM4oQ1aS2gFIn90QCw== X-CSE-MsgGUID: eK9qESqfTnWfuHLKAK91ag== X-IronPort-AV: E=McAfee;i="6600,9927,11027"; a="18027410" X-IronPort-AV: E=Sophos;i="6.07,164,1708416000"; d="scan'208";a="18027410" Received: from orviesa001.jf.intel.com ([10.64.159.141]) by orvoesa105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Mar 2024 23:57:49 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="6.07,164,1708416000"; d="scan'208";a="54351691" Received: from atanneer-mobl.amr.corp.intel.com (HELO desk) ([10.209.84.81]) by smtpauth.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 28 Mar 2024 23:57:49 -0700 Date: Thu, 28 Mar 2024 23:57:42 -0700 From: Pawan Gupta To: "Chang S. Bae" Cc: linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, dm-devel@redhat.com, ebiggers@kernel.org, luto@kernel.org, dave.hansen@linux.intel.com, tglx@linutronix.de, bp@alien8.de, mingo@kernel.org, x86@kernel.org, herbert@gondor.apana.org.au, ardb@kernel.org, elliott@hpe.com, dan.j.williams@intel.com, bernie.keany@intel.com, charishma1.gairuboyina@intel.com, Dave Hansen Subject: Re: [PATCH v9 10/14] x86/cpu/keylocker: Check Gather Data Sampling mitigation Message-ID: <20240329065742.fc5of75e776y2g4b@desk> References: <20230603152227.12335-1-chang.seok.bae@intel.com> <20240329015346.635933-1-chang.seok.bae@intel.com> <20240329015346.635933-11-chang.seok.bae@intel.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20240329015346.635933-11-chang.seok.bae@intel.com> On Thu, Mar 28, 2024 at 06:53:42PM -0700, Chang S. Bae wrote: > +/* > + * The mitigation is implemented at a microcode level. Ensure that the > + * microcode update is applied and the mitigation is locked. > + */ > +static bool __init have_gds_mitigation(void) > +{ > + u64 mcu_ctrl; > + > + /* GDS_CTRL is set if new microcode is loaded. */ > + if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) > + goto vulnerable; > + > + /* If GDS_MITG_LOCKED is set, GDS_MITG_DIS is forced to 0. */ > + rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); > + if (mcu_ctrl & GDS_MITG_LOCKED) > + return true; Similar to RFDS, above checks can be simplified to: if (gds_mitigation == GDS_MITIGATION_FULL_LOCKED) return true; > + > +vulnerable: > + pr_warn("x86/keylocker: Susceptible to the GDS vulnerability.\n"); > + return false; > +}