On Mon, Oct 03, 2022 at 08:05:13PM +0000, Edgecombe, Rick P wrote: > On Mon, 2022-10-03 at 10:48 -0700, Kees Cook wrote: > > > The easiest way to modify supervisor xfeature data is to force > > > restore > > > the registers and write directly to the MSRs. Often times this is > > > just fine > > > anyway as the registers need to be restored before returning to > > > userspace. > > > Do this for now, leaving buffer writing optimizations for the > > > future. > > > > Just for my own clarity, does this mean lock/load _needs_ to happen > > before MSR access, or is it just a convenient place to do it? From > > later > > patches it seems it's a requirement during MSR access, which might be > > a > > good idea to detail here. It answers the question "when is this > > function > > needed?" > > The CET state is xsaves managed. It gets lazily restored before > returning to userspace with the rest of the fpu stuff. This function > will force restore all the fpu state to the registers early and lock > them from being automatically saved/restored. Then the tasks CET state > can be modified in the MSRs, before unlocking the fpregs. Last time I > tried to modify the state directly in the xsave buffer when it was > efficient, but it had issues and Thomas suggested this. Okay, gotcha. Thanks! -- Kees Cook
