From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jpoimboe@redhat.com>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 15 Oct
  2019 20:00:35 -0000
Received: from mx1.redhat.com ([209.132.183.28])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <jpoimboe@redhat.com>)
	id 1iKSzh-0007Do-Iq
	for speck@linutronix.de; Tue, 15 Oct 2019 22:00:34 +0200
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com
 [10.5.11.16])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No
 client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id
 6B8DC9D1DD	for <speck@linutronix.de>; Tue, 15 Oct 2019 20:00:26 +0000 (UTC)
Received: from treble (ovpn-123-150.rdu2.redhat.com [10.10.123.150])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 1E17D5C1D4
	for <speck@linutronix.de>; Tue, 15 Oct 2019 20:00:26 +0000 (UTC)
Date: Tue, 15 Oct 2019 15:00:24 -0500
From: Josh Poimboeuf <jpoimboe@redhat.com>
Subject: [MODERATED] Re: ***UNCHECKED*** Re: [PATCH v5 08/11] TAAv5 8
Message-ID: <20191015200024.hxs4brxi7gbvmcdy@treble>
References: <alpine.DEB.2.21.1910142122210.1880@nanos.tec.linutronix.de>
 <nycvar.YFH.7.76.1910142143380.13160@cbobk.fhfr.pm>
 <20191014210458.GF4957@zn.tnic>
 <nycvar.YFH.7.76.1910142327350.13160@cbobk.fhfr.pm>
 <alpine.DEB.2.21.1910151000480.1880@nanos.tec.linutronix.de>
 <20191015103454.GW317@dhcp22.suse.cz>
 <20191015130627.7jkhqy2zrtm35ool@treble>
 <nycvar.YFH.7.76.1910151509040.13160@cbobk.fhfr.pm>
 <20191015152649.yim4krwuttrh6xgi@treble>
 <nycvar.YFH.7.76.1910151728110.13160@cbobk.fhfr.pm>
MIME-Version: 1.0
In-Reply-To: <nycvar.YFH.7.76.1910151728110.13160@cbobk.fhfr.pm>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Tue, Oct 15, 2019 at 05:32:08PM +0200, speck for Jiri Kosina wrote:
> On Tue, 15 Oct 2019, speck for Josh Poimboeuf wrote:
> 
> > > > Since all (or most?) modern Intel CPUs are vulnerable to TAA, 
> > > > defaulting to tsx=auto would effectively be the same as defaulting 
> > > > to tsx=off, right?  How does this help with regressions?
> > > 
> > > The mitigation is only needed on CPUs where verw doesn't have the buffer 
> > > clearing semantics.
> > 
> > Can you elaborate?  I have no idea what you're trying to say and how it
> > relates to my question :-)
> 
> Only those CPUs with TSX *and* with MDS_NO need TSX disabled in order to 
> protect from this issues.
> 
> The CPUs that don't enumarate MDS_NO (and therefore got ucode update with 
> verw buffer-clearing semantics) are fully mitigated against TAA by MDS 
> mitigations already.
> 
> Therefore the set of CPUs where we *really* need to turn of TSX in order 
> to protect from TAA is currently rather minimal (CascadeLake-B, 
> WhiskeyLake-V, CommitLake, CoffeeLake-R), so force-disabling on all CPUs 
> covers way bigger set of platforms than actually needed.

Maybe I'm missing something.  Isn't there going to be a ucode update for
MDS_NO parts, which does the verw buffer clearing?  In that case there's
no need to disable TSX, and instead the verw mitigation could be used,
if desired.

AFAICT, the patch allows to set the default to tsx=auto, which disables
TSX on *all* vulnerable parts, not just the MDS_NO ones.  I don't see
how that would prevent user regressions.

It sounds like maybe you're suggesting something else, that TSX should
only be disabled on vulnerable MDS_NO parts?

-- 
Josh