From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pawan.kumar.gupta@linux.intel.com>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 18 Oct
  2019 04:10:15 -0000
Received: from mga04.intel.com ([192.55.52.120])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <pawan.kumar.gupta@linux.intel.com>)
	id 1iLJaf-0004aK-SN
	for speck@linutronix.de; Fri, 18 Oct 2019 06:10:14 +0200
Date: Thu, 17 Oct 2019 21:04:09 -0700
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Subject: [MODERATED] Re: [PATCH v5 08/11] TAAv5 8
Message-ID: <20191018040409.GA23205@guptapadev.amr>
References: <nycvar.YFH.7.76.1910151509040.13160@cbobk.fhfr.pm>
 <20191015152649.yim4krwuttrh6xgi@treble>
 <nycvar.YFH.7.76.1910151728110.13160@cbobk.fhfr.pm>
 <20191015200024.hxs4brxi7gbvmcdy@treble>
 <nycvar.YFH.7.76.1910152204070.13160@cbobk.fhfr.pm>
 <nycvar.YFH.7.76.1910152228520.13160@cbobk.fhfr.pm>
 <20191015205631.GF30412@guptapadev.amr>
 <nycvar.YFH.7.76.1910152311430.13160@cbobk.fhfr.pm>
 <20191015231252.kggxh6ffrciz2dfy@treble>
 <072bc1d9d17f1ecf13ebb0e7a509f175c7e3c2f3.camel@decadent.org.uk>
MIME-Version: 1.0
In-Reply-To: <072bc1d9d17f1ecf13ebb0e7a509f175c7e3c2f3.camel@decadent.org.uk>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Fri, Oct 18, 2019 at 02:17:12AM +0100, speck for Ben Hutchings wrote:
> On Tue, 2019-10-15 at 18:12 -0500, speck for Josh Poimboeuf wrote:
> > On Tue, Oct 15, 2019 at 11:14:03PM +0200, speck for Jiri Kosina wrote:
> [...]
> > > OK, that piece of information finally made it to make sense again :)
> > > 
> > > So I believe distros still want the option (Michal's patch) to default to 
> > > 'auto', so that actual heavy users of TSX will get the right thing once 
> > > they update their CPUs to !TAA_BUG ones, but it's less urgent that I 
> > > originally thought.
> > 
> > So if I understand correctly, you're postulating that distros want:
> > 
> > a) TAA_BUG && MDS_NO=0 => TSX on
> > b) TAA_BUG && MDS_NO=1 => TSX off
> > c) !TAA_BUG            => TSX on
> [...]
> 
> I think this should be:
> 
> a) TAA_BUG && MD_CLEAR=1 => TSX on
> b) TAA_BUG && MD_CLEAR=0 => TSX off
> c) !TAA_BUG              => TSX on
> 
> As I understand it, with currently released microcode, no CPUs have
> both MDS_NO and MD_CLEAR set.  But with the pending microcode updates,
> CPUs with MDS_NO=1 will also get MD_CLEAR=1 and we can use VERW to
> mitigate against TAA.

Both with current and pending microcode update MDS_NO and MD_CLEAR could
be set at the same time. We should not rely on MD_CLEAR. There are other
means of finding out if VERW clears the CPU buffers, better described in
the matrix I shared in the other email.

In summary TSX_CTRL bit in ARCH_CAP_MSR is the true indicator if VERW
clears CPU buffers on MDS_NO=1 CPUs.

Thanks,
Pawan