On 3/10/23 08:22, Borislav Petkov wrote: > The AutoIBRS bit gets set only on the BSP as part of determining which > mitigation to enable on AMD. Setting on the APs relies on the > circumstance that the APs get booted through the trampoline and EFER > - the MSR which contains that bit - gets replicated on every AP from the > BSP. > > However, this can change in the future and considering the security > implications of this bit not being set on every CPU, make sure it is set > by verifying EFER later in the boot process and on every AP. > > Reported-by: Josh Poimboeuf <jpoimboe@xxxxxxxxxx> > Signed-off-by: Borislav Petkov (AMD) <bp@xxxxxxxxx> > Link: https://lore.kernel.org/r/20230224185257.o3mcmloei5zqu7wa@treble Looks sane, thanks for adding the warning: Acked-by: Dave Hansen <dave.hansen@xxxxxxxxxxxxxxx>