From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ak@linux.intel.com>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 15 Dec
  2018 00:30:31 -0000
Received: from mga01.intel.com ([192.55.52.88])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <ak@linux.intel.com>)
	id 1gXxqg-00065h-6f
	for speck@linutronix.de; Sat, 15 Dec 2018 01:30:30 +0100
Date: Fri, 14 Dec 2018 16:30:27 -0800
From: Andi Kleen <ak@linux.intel.com>
Subject: [MODERATED] Re: [PATCH v2 3/8] MDSv2 5
Message-ID: <20181215003027.GN25620@tassilo.jf.intel.com>
References: <20181211000303.GB16024@tassilo.jf.intel.com>
 <CAHk-=wh-Kxi6PHzy8bU2zjApv9njzkNzjnY74vf62TTNbcXxZA@mail.gmail.com>
 <CAHk-=wgQB8Et-mGmNXbdVH084f1jd8GcNiK9iYG+309gHpp4BA@mail.gmail.com>
 <CAHk-=whn9zNZG8bWi1HkYtNxuzi9Ry5O2STGsS1zJ4Q=EoncKg@mail.gmail.com>
 <20181211032503.GB25620@tassilo.jf.intel.com>
 <f25be739-0d13-50a5-0b60-682e16eb7eab@redhat.com>
 <20181212175803.GF25620@tassilo.jf.intel.com>
 <CAHk-=whiyhRXGrX9xh1nUeWCmPbistyVh9jmzfx6TMhR+qKPQQ@mail.gmail.com>
 <CAHk-=wjBe-FxaEe7HVaa-6kXLL1ApPd7yn9BtEwQX2bz6243zQ@mail.gmail.com>
 <20181213204828.GM25620@tassilo.jf.intel.com>
MIME-Version: 1.0
In-Reply-To: <20181213204828.GM25620@tassilo.jf.intel.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Thu, Dec 13, 2018 at 12:48:28PM -0800, speck for Andi Kleen wrote:
> > This is actually fairly ok, because if the verw *really* doesn't do
> > anything, it also isn't very expensive (ie on the order of just 40
> > cycles instead of 400 cycles).  So I'd actually be inclined to say
> > "let's do that for the *initial* patches and back-ports" just to give
> > any vmware users the protection.
> 
> I think that's fine
> 
> 40 cycles will be hard to measure even in the most extreme 
> syscall micro benchmarks, and is unlikely to impact
> anything real.

I looked into this.

One problem that if we ignore MB_CLEAR there is no way to tell the user
whether they are mitigated or not in 

/sys/devices/system/cpu/vulnerabilities/mds

I fear while it would cause a lot of confusion.

So even if VMWare users were fixed this way there would be no
way for them to find out in Linux. And for other non VMWare
users there would be also no way to find out, which would
be quite bad.

Based on that I think we should use MB_CLEAR as in the original
patches.

Potentially have some kind of VMWare specific quirk to override 
it, but it still seems fairly bogus.

-Andi