From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
To: speck@linutronix.de
Subject: [MODERATED] [PATCH v5 07/11] TAAv5 7
Date: Fri, 4 Oct 2019 23:32:31 -0700 [thread overview]
Message-ID: <=?utf-8?q?=3C82d87fe4cd9d1db4b915028757720e3dee0891ca=2E157025?= =?utf-8?q?5065=2Egit=2Epawan=2Ekumar=2Egupta=40linux=2Eintel=2Ecom=3E?=> (raw)
In-Reply-To: <cover.1570255065.git.pawan.kumar.gupta@linux.intel.com>
Export IA32_ARCH_CAPABILITIES MSR bit MDS_NO=0 to guests on TSX Async
Abort(TAA) affected hosts that have TSX enabled and updated microcode.
This is required so that the guests don't complain,
"Vulnerable: Clear CPU buffers attempted, no microcode"
when the host has the updated microcode to clear CPU buffers.
Microcode update also adds support for MSR_IA32_TSX_CTRL which is
enumerated by the ARCH_CAP_TSX_CTRL bit in IA32_ARCH_CAPABILITIES MSR.
Guests can't do this check themselves when the ARCH_CAP_TSX_CTRL bit is
not exported to the guests.
In this case export MDS_NO=0 to the guests. When guests have
CPUID.MD_CLEAR=1 guests deploy MDS mitigation which also mitigates TAA.
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Reviewed-by: Tony Luck <tony.luck@intel.com>
Tested-by: Neelima Krishnan <neelima.krishnan@intel.com>
---
arch/x86/kvm/x86.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/arch/x86/kvm/x86.c b/arch/x86/kvm/x86.c
index 91602d310a3f..282b909b9394 100644
--- a/arch/x86/kvm/x86.c
+++ b/arch/x86/kvm/x86.c
@@ -1254,6 +1254,25 @@ static u64 kvm_get_arch_capabilities(void)
if (l1tf_vmx_mitigation != VMENTER_L1D_FLUSH_NEVER)
data |= ARCH_CAP_SKIP_VMENTRY_L1DFLUSH;
+ /*
+ * On TAA affected systems, export MDS_NO=0 when:
+ * - TSX is enabled on host, i.e. X86_FEATURE_RTM=1.
+ * - Updated microcode is present. This is detected by
+ * the presence of ARCH_CAP_TSX_CTRL_MSR. This ensures
+ * VERW clears CPU buffers.
+ *
+ * When MDS_NO=0 is exported, guests deploy clear CPU buffer
+ * mitigation and don't complain:
+ *
+ * "Vulnerable: Clear CPU buffers attempted, no microcode"
+ *
+ * If TSX is disabled on the system, guests are also mitigated against
+ * TAA and clear CPU buffer mitigation is not required for guests.
+ */
+ if (boot_cpu_has_bug(X86_BUG_TAA) && boot_cpu_has(X86_FEATURE_RTM) &&
+ (data & ARCH_CAP_TSX_CTRL_MSR))
+ data &= ~ARCH_CAP_MDS_NO;
+
return data;
}
--
2.20.1
next prev parent reply other threads:[~2019-10-05 6:38 UTC|newest]
Thread overview: 75+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-05 6:17 [MODERATED] [PATCH v5 00/11] TAAv5 0 Pawan Gupta
2019-10-05 6:26 ` [MODERATED] [PATCH v5 01/11] TAAv5 1 Pawan Gupta
2019-10-05 6:27 ` [MODERATED] [PATCH v5 02/11] TAAv5 2 Pawan Gupta
2019-10-05 6:28 ` [MODERATED] [PATCH v5 03/11] TAAv5 3 Pawan Gupta
2019-10-05 6:29 ` [MODERATED] [PATCH v5 04/11] TAAv5 4 Pawan Gupta
2019-10-05 6:30 ` [MODERATED] [PATCH v5 05/11] TAAv5 5 Pawan Gupta
2019-10-05 6:31 ` [MODERATED] [PATCH v5 06/11] TAAv5 6 Pawan Gupta
2019-10-05 6:32 ` Pawan Gupta [this message]
2019-10-05 6:33 ` [MODERATED] [PATCH v5 08/11] TAAv5 8 Pawan Gupta
2019-10-05 6:34 ` [MODERATED] [PATCH v5 09/11] TAAv5 9 Pawan Gupta
2019-10-05 6:35 ` [MODERATED] [PATCH v5 10/11] TAAv5 10 Pawan Gupta
2019-10-05 6:36 ` [MODERATED] [PATCH v5 11/11] TAAv5 11 Pawan Gupta
2019-10-05 10:54 ` [MODERATED] Re: [PATCH v5 02/11] TAAv5 2 Borislav Petkov
2019-10-07 17:48 ` Pawan Gupta
[not found] ` <5d98396a.1c69fb81.6c7a8.23b1SMTPIN_ADDED_BROKEN@mx.google.com>
2019-10-05 21:43 ` [MODERATED] Re: [PATCH v5 03/11] TAAv5 3 Andy Lutomirski
2019-10-07 17:50 ` Pawan Gupta
[not found] ` <5d9839a4.1c69fb81.238e9.8312SMTPIN_ADDED_BROKEN@mx.google.com>
2019-10-05 21:45 ` [MODERATED] Re: [PATCH v5 04/11] TAAv5 4 Andy Lutomirski
[not found] ` <5d983ad2.1c69fb81.63edd.6575SMTPIN_ADDED_BROKEN@mx.google.com>
2019-10-05 21:49 ` [MODERATED] Re: [PATCH v5 09/11] TAAv5 9 Andy Lutomirski
2019-10-07 18:35 ` Pawan Gupta
[not found] ` <5d9838f1.1c69fb81.f1bab.d886SMTPIN_ADDED_BROKEN@mx.google.com>
2019-10-05 21:49 ` [MODERATED] Re: [PATCH v5 01/11] TAAv5 1 Andy Lutomirski
2019-10-06 17:40 ` Andrew Cooper
[not found] ` <5d983ad2.1c69fb81.e6640.8f51SMTPIN_ADDED_BROKEN@mx.google.com>
2019-10-06 17:06 ` [MODERATED] Re: [PATCH v5 09/11] TAAv5 9 Greg KH
2019-10-08 6:01 ` Pawan Gupta
2019-10-10 21:31 ` Pawan Gupta
2019-10-11 8:45 ` Greg KH
2019-10-21 8:00 ` Thomas Gleixner
2019-10-08 2:46 ` [MODERATED] Re: [PATCH v5 05/11] TAAv5 5 Josh Poimboeuf
2019-10-09 1:45 ` Pawan Gupta
2019-10-08 2:57 ` [MODERATED] Re: [PATCH v5 09/11] TAAv5 9 Josh Poimboeuf
2019-10-08 6:10 ` Pawan Gupta
2019-10-08 10:49 ` Jiri Kosina
2019-10-09 13:12 ` [MODERATED] Re: ***UNCHECKED*** [PATCH v5 08/11] TAAv5 8 Michal Hocko
2019-10-14 19:41 ` Thomas Gleixner
2019-10-14 19:51 ` [MODERATED] " Jiri Kosina
2019-10-14 21:04 ` [MODERATED] " Borislav Petkov
2019-10-14 21:31 ` Jiri Kosina
2019-10-15 8:01 ` Thomas Gleixner
2019-10-15 10:34 ` [MODERATED] Re: ***UNCHECKED*** " Michal Hocko
2019-10-15 13:06 ` Josh Poimboeuf
2019-10-15 13:10 ` Jiri Kosina
2019-10-15 15:26 ` Josh Poimboeuf
2019-10-15 15:32 ` Jiri Kosina
2019-10-15 19:34 ` Tyler Hicks
2019-10-15 20:00 ` Josh Poimboeuf
2019-10-15 20:15 ` Jiri Kosina
2019-10-15 20:35 ` Jiri Kosina
2019-10-15 20:54 ` Josh Poimboeuf
2019-10-15 20:56 ` [MODERATED] " Pawan Gupta
2019-10-15 21:14 ` Jiri Kosina
2019-10-15 23:12 ` Josh Poimboeuf
2019-10-15 23:13 ` [MODERATED] [AUTOREPLY] [MODERATED] [AUTOREPLY] Automatic reply: " James, Hengameh M
2019-10-16 4:52 ` [MODERATED] " Jiri Kosina
2019-10-16 5:05 ` Jiri Kosina
2019-10-21 21:15 ` Luck, Tony
2019-10-16 7:14 ` Josh Poimboeuf
2019-10-16 7:20 ` Jiri Kosina
2019-10-18 1:17 ` Ben Hutchings
2019-10-18 4:04 ` Pawan Gupta
2019-10-15 17:47 ` Borislav Petkov
2019-10-16 7:26 ` [MODERATED] Re: ***UNCHECKED*** " Jiri Kosina
2019-10-16 7:54 ` [MODERATED] Re: ***UNCHECKED*** " Michal Hocko
2019-10-16 9:23 ` [MODERATED] Re: ***UNCHECKED*** " Michal Hocko
2019-10-16 12:15 ` Thomas Gleixner
2019-10-16 18:34 ` [MODERATED] " Pawan Gupta
2019-10-18 0:14 ` Pawan Gupta
2019-10-21 8:09 ` Thomas Gleixner
2019-10-21 12:54 ` [MODERATED] Re: ***UNCHECKED*** " Michal Hocko
2019-10-21 20:01 ` [MODERATED] " Pawan Gupta
2019-10-21 20:33 ` Josh Poimboeuf
2019-10-21 20:34 ` Josh Poimboeuf
2019-10-21 20:33 ` Pawan Gupta
2019-10-21 23:01 ` Andrew Cooper
2019-10-21 23:37 ` Luck, Tony
2019-10-21 23:39 ` Andrew Cooper
2019-10-14 21:05 ` [MODERATED] Re: ***UNCHECKED*** " Michal Hocko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='=?utf-8?q?=3C82d87fe4cd9d1db4b915028757720e3dee0891ca=2E157025?= =?utf-8?q?5065=2Egit=2Epawan=2Ekumar=2Egupta=40linux=2Eintel=2Ecom=3E?=' \
--to=pawan.kumar.gupta@linux.intel.com \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.