On Mon, 2022-10-03 at 10:48 -0700, Kees Cook wrote:

quoted

The easiest way to modify supervisor xfeature data is to force
restore
the registers and write directly to the MSRs. Often times this is
just fine
anyway as the registers need to be restored before returning to
userspace.
Do this for now, leaving buffer writing optimizations for the
future.

Just for my own clarity, does this mean lock/load _needs_ to happen
before MSR access, or is it just a convenient place to do it? From
later
patches it seems it's a requirement during MSR access, which might be
a
good idea to detail here. It answers the question "when is this
function
needed?"

The CET state is xsaves managed. It gets lazily restored before
returning to userspace with the rest of the fpu stuff. This function
will force restore all the fpu state to the registers early and lock
them from being automatically saved/restored. Then the tasks CET state
can be modified in the MSRs, before unlocking the fpregs. Last time I
tried to modify the state directly in the xsave buffer when it was
efficient, but it had issues and Thomas suggested this.

quoted

Add a new function fpregs_lock_and_load() that can simultaneously
call
fpregs_lock() and do this restore. Also perform some extra sanity
checks in this function since this will be used in non-fpu focused
code.

Nit: this is called "fpu_lock_and_load" in the patch itself.

Oops, thanks.