From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 14 Oct 2019 19:41:44 -0000 Received: from p5b06da22.dip0.t-ipconnect.de ([91.6.218.34] helo=nanos) by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iK6Dv-0006Ab-NK for speck@linutronix.de; Mon, 14 Oct 2019 21:41:43 +0200 Date: Mon, 14 Oct 2019 21:41:32 +0200 (CEST) From: Thomas Gleixner Subject: Re: [PATCH v5 08/11] TAAv5 8 In-Reply-To: <20191009131251.GD6616@dhcp22.suse.cz> Message-ID: References: <20191009131251.GD6616@dhcp22.suse.cz> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII To: speck@linutronix.de List-ID: Michal, On Wed, 9 Oct 2019, speck for Michal Hocko wrote: > On Fri 04-10-19 23:33:31, speck for Pawan Gupta wrote: > > Platforms which are not affected by X86_BUG_TAA may want the TSX feature > > enabled. Add "auto" option to the TSX cmdline parameter. When tsx=auto, > > disable TSX when X86_BUG_TAA is present, otherwise enable TSX. > > > > More details on X86_BUG_TAA can be found here: > > https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html > > This patch is still keeping the default for tsx=off unless I got lost in > the enable/disable logic, right? > The earlier arguments for going this way was that there are no real > users of TSX in production. This is not really the case though. At least > SAP HANA seems to benefit from TSX - publicly available information can > be found [1][2][3]. We have talked to SAP guys today and this is still the > case. > > I do understand that there are likely not that many other production > users of the feature but I believe that we should keep the default > update friendly and sticking with the auto semantic by default is both > in line with other mitigations and also reduces the risk of regressions. While definitely I agree in general with the 'no regression' rule, making TSX by default disabled would be a really good move. Outside of the SAP/HANA use case the only known useful effect of TSX is to hide and accelerate attacks of all sorts. The real question is whether machines on which SAP/HANA runs are just random boxes/VMs which would be affected by the 'update and reboot world' treatment or whether SAP/HANA runs on dedicated systems which are carefully administrated by sysadmins with brains turned on. If it's the random box affected by 'update and reboot world' then disabling TSX by default is obviously going to be a source of regressions and we have to bite the bullet. If not, then the sysadmins will anyway do some very careful evaluation and checking, read documentation and add 'WE_REALLY_WANT_TSX' on the kernel command line. In that case I rather disgruntle a few sysadmins and gain a useful setup for everyone else. Thanks, tglx