From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bp@suse.de>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 23 Oct
  2019 15:46:21 -0000
Received: from mx2.suse.de ([195.135.220.15] helo=mx1.suse.de)
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <bp@suse.de>)
	id 1iNIq3-0004kJ-Cj
	for speck@linutronix.de; Wed, 23 Oct 2019 17:46:20 +0200
Received: from relay2.suse.de (unknown [195.135.220.254])
	by mx1.suse.de (Postfix) with ESMTP id 3A456B2F3
	for <speck@linutronix.de>; Wed, 23 Oct 2019 15:46:12 +0000 (UTC)
Date: Wed, 23 Oct 2019 17:46:04 +0200
From: Borislav Petkov <bp@suse.de>
Subject: [MODERATED] Re: [PATCH v7 00/10] TAAv7 0
Message-ID: <20191023154604.GO12272@zn.tnic>
References: <cover.1571688957.git.pawan.kumar.gupta@linux.intel.com>
MIME-Version: 1.0
In-Reply-To: <cover.1571688957.git.pawan.kumar.gupta@linux.intel.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Mon, Oct 21, 2019 at 01:22:01PM -0700, speck for Pawan Gupta wrote:
> From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
> Subject: [PATCH v7 00/10] TAAv7

Ok, I ran the pile on a box here:

vendor_id       : GenuineIntel
cpu family      : 6
model           : 158
model name      : Intel(R) Core(TM) i5-9600K CPU @ 3.70GHz
stepping        : 12

There is some microcode for it:

[    0.000000] microcode: microcode updated early to revision 0xc6, date =3D =
2019-08-14
[    1.005808] microcode: sig=3D0x906ec, pf=3D0x2, revision=3D0xc6

And booting it says:

[    0.197056] tsx_init: enter
[    0.197207] tsx_ctrl_is_supported: CAP MSR: 0x9

This is added by me and it shows that the box is a pre MDS_NO=3D1 one,
i.e., MD_CLEAR mitigates TAA too AFAIU.

Which means, there's no TSX_CTRL_MSR and I cannot disable TSX there.

Which means, boxes like this one don't need the microcode as long as
they have MD_CLEAR microcode.

[    0.197363] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user p=
ointer sanitization
[    0.197540] Spectre V2 : Mitigation: Full generic retpoline
[    0.197696] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB o=
n context switch
[    0.197871] Spectre V2 : Enabling Restricted Speculation for firmware calls
[    0.198032] Spectre V2 : mitigation: Enabling conditional Indirect Branch =
Prediction Barrier
[    0.198208] Speculative Store Bypass: Mitigation: Speculative Store Bypass=
 disabled via prctl and seccomp
[    0.198386] MDS: Mitigation: Clear CPU buffers
[    0.198540] TAA: Mitigation: Clear CPU buffers

Makes sense?

In any case, I thought I should share some first testing attempts with
the group.

Thx.

--=20
Regards/Gruss,
    Boris.

SUSE Software Solutions Germany GmbH, GF: Felix Imend=C3=B6rffer, HRB 36809, =
AG N=C3=BCrnberg
--=20