From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 24 Oct 2019 20:55:17 -0000 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120] helo=us-smtp-1.mimecast.com) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iNk6l-0001KO-Rc for speck@linutronix.de; Thu, 24 Oct 2019 22:53:24 +0200 Received: by mail-wr1-f69.google.com with SMTP id z9so4313496wrq.11 for ; Thu, 24 Oct 2019 13:53:19 -0700 (PDT) Received: from ?IPv6:2001:b07:6468:f312:6887:47f9:72a7:24e6? ([2001:b07:6468:f312:6887:47f9:72a7:24e6]) by smtp.gmail.com with ESMTPSA id k8sm48524323wrg.15.2019.10.24.13.53.17 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 24 Oct 2019 13:53:17 -0700 (PDT) Subject: [MODERATED] Re: [PATCH v7 06/10] TAAv7 6 References: <5dae165e.1c69fb81.4beee.e271SMTPIN_ADDED_BROKEN@mx.google.com> From: Paolo Bonzini Message-ID: <8a5f0e97-e258-b58b-2fb5-63f37d2d3abc@redhat.com> Date: Thu, 24 Oct 2019 22:53:16 +0200 MIME-Version: 1.0 In-Reply-To: <5dae165e.1c69fb81.4beee.e271SMTPIN_ADDED_BROKEN@mx.google.com> Content-Type: multipart/mixed; boundary="W3ocUG9jZhq71scKCD1GeqoYVOHKsckuF"; protected-headers="v1" To: speck@linutronix.de List-ID: This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156) --W3ocUG9jZhq71scKCD1GeqoYVOHKsckuF Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 21/10/19 22:28, speck for Pawan Gupta wrote: > From: Pawan Gupta > Subject: [PATCH v7 06/10] KVM: x86/speculation/taa: Export MDS_NO=3D0 t= o guests > when TSX is enabled >=20 > Export IA32_ARCH_CAPABILITIES MSR bit MDS_NO=3D0 to guests on TSX Async= > Abort(TAA) affected hosts that have TSX enabled and updated microcode. > This is required so that the guests don't complain, >=20 > "Vulnerable: Clear CPU buffers attempted, no microcode" >=20 > when the host has the updated microcode to clear CPU buffers. On one hand, the issue is bigger than that: if TSX is hidden from the guest's CPUID, then the guest may show that it's not vulnerable, but it actually is if the guest just tries executing TSX instructions. On the other hand, removing bits from CPUID or MSRs can cause issues even if TSX is not enabled in VMs. Since most VMs won't have MDS_NO set, I think we should drop this patch for now. After the embargo lifts we can add code to pass TSX_CTRL to the VM just like we do for SPEC_CTRL, including disabling TSX on vmentry/vmexit depending on guest CPUID. Paolo >=20 > Microcode update also adds support for MSR_IA32_TSX_CTRL which is > enumerated by the ARCH_CAP_TSX_CTRL bit in IA32_ARCH_CAPABILITIES MSR. > Guests can't do this check themselves when the ARCH_CAP_TSX_CTRL bit is= > not exported to the guests. >=20 > In this case export MDS_NO=3D0 to the guests. When guests have > CPUID.MD_CLEAR=3D1 guests deploy MDS mitigation which also mitigates TA= A. >=20 > Signed-off-by: Pawan Gupta > Reviewed-by: Tony Luck > Tested-by: Neelima Krishnan > --- > arch/x86/kvm/x86.c | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) >=20 > diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c > index 661e2bf38526..797113fa665d 100644 > --- a/arch/x86/kvm/x86.c > +++ b/arch/x86/kvm/x86.c > @@ -1299,6 +1299,25 @@ static u64 kvm_get_arch_capabilities(void) > if (!boot_cpu_has_bug(X86_BUG_MDS)) > data |=3D ARCH_CAP_MDS_NO; > =20 > + /* > + * On TAA affected systems, export MDS_NO=3D0 when: > + * - TSX is enabled on host, i.e. X86_FEATURE_RTM=3D1. > + * - Updated microcode is present. This is detected by > + * the presence of ARCH_CAP_TSX_CTRL_MSR. This ensures > + * VERW clears CPU buffers. > + * > + * When MDS_NO=3D0 is exported, guests deploy clear CPU buffer > + * mitigation and don't complain: > + * > + * "Vulnerable: Clear CPU buffers attempted, no microcode" > + * > + * If TSX is disabled on the system, guests are also mitigated agains= t > + * TAA and clear CPU buffer mitigation is not required for guests. > + */ > + if (boot_cpu_has_bug(X86_BUG_TAA) && boot_cpu_has(X86_FEATURE_RTM) &&= > + (data & ARCH_CAP_TSX_CTRL_MSR)) > + data &=3D ~ARCH_CAP_MDS_NO; > + > return data; > } > =20 >=20 --W3ocUG9jZhq71scKCD1GeqoYVOHKsckuF--