Re: [PATCHv8 11/17] x86/cpu: Set LASS CR4 bit as pinning sensitive
From: Sohil Mehta
Date: Tue Jul 01 2025 - 18:52:05 EST
On 7/1/2025 2:58 AM, Kirill A. Shutemov wrote:
> From: Yian Chen <yian.chen@xxxxxxxxx>
>
> Security features such as LASS are not expected to be disabled once
> initialized. Add LASS to the CR4 pinned mask.
>
> Signed-off-by: Yian Chen <yian.chen@xxxxxxxxx>
> Signed-off-by: Alexander Shishkin <alexander.shishkin@xxxxxxxxxxxxxxx>
> Reviewed-by: Tony Luck <tony.luck@xxxxxxxxx>
> Signed-off-by: Kirill A. Shutemov <kirill.shutemov@xxxxxxxxxxxxxxx>
> ---
> arch/x86/kernel/cpu/common.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
I think this CR4 pinning change can be merged with the other CR pinning
related patch (#4). At a minimum, this should be placed close to that
patch to make logical sense.
1) Add LASS to the CR4 pinned mask
2) Defer CR pinning since it would cause XYZ issue.
Or the other way around. Anyway,
Reviewed-by: Sohil Mehta <sohil.mehta@xxxxxxxxx>
> diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
> index 9918121e0adc..1552c7510380 100644
> --- a/arch/x86/kernel/cpu/common.c
> +++ b/arch/x86/kernel/cpu/common.c
> @@ -403,7 +403,8 @@ static __always_inline void setup_umip(struct cpuinfo_x86 *c)
>
> /* These bits should not change their value after CPU init is finished. */
> static const unsigned long cr4_pinned_mask = X86_CR4_SMEP | X86_CR4_SMAP | X86_CR4_UMIP |
> - X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_FRED;
> + X86_CR4_FSGSBASE | X86_CR4_CET | X86_CR4_FRED |
> + X86_CR4_LASS;
> static DEFINE_STATIC_KEY_FALSE_RO(cr_pinning);
> static unsigned long cr4_pinned_bits __ro_after_init;
>