From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <tglx@linutronix.de>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 21 Oct
  2019 08:09:43 -0000
Received: from [5.158.153.52] (helo=nanos.tec.linutronix.de)
	by Galois.linutronix.de with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <tglx@linutronix.de>)
	id 1iMSl4-0003v1-65
	for speck@linutronix.de; Mon, 21 Oct 2019 10:09:42 +0200
Date: Mon, 21 Oct 2019 10:09:41 +0200 (CEST)
From: Thomas Gleixner <tglx@linutronix.de>
Subject: Re: [PATCH v5 08/11] TAAv5 8
In-Reply-To: <20191018001407.GA28905@guptapadev.amr>
Message-ID: <alpine.DEB.2.21.1910211002450.1904@nanos.tec.linutronix.de>
References: <alpine.DEB.2.21.1910142122210.1880@nanos.tec.linutronix.de>
 <nycvar.YFH.7.76.1910142143380.13160@cbobk.fhfr.pm>
 <20191014210458.GF4957@zn.tnic>
 <nycvar.YFH.7.76.1910142327350.13160@cbobk.fhfr.pm>
 <alpine.DEB.2.21.1910151000480.1880@nanos.tec.linutronix.de>
 <20191015103454.GW317@dhcp22.suse.cz>
 <nycvar.YFH.7.76.1910160924330.13160@cbobk.fhfr.pm>
 <20191016075434.GL317@dhcp22.suse.cz> <20191016092333.GQ317@dhcp22.suse.cz>
 <alpine.DEB.2.21.1910161355340.2046@nanos.tec.linutronix.de>
 <20191018001407.GA28905@guptapadev.amr>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Thu, 17 Oct 2019, speck for Pawan Gupta wrote:
> On Wed, Oct 16, 2019 at 02:15:08PM +0200, speck for Thomas Gleixner wrote:
> Below is the matrix for the impact of tsx=<on|off|auto> cmdline options
> on state of TAA mitigation, VERW behavior and TSX feature for various
> combinations of MSR_IA32_ARCH_CAPABILITIES bits.
> 
> 1. tsx=auto
> +----------+----------+----------------+---------------+--------------+-------------------+
> |  MSR_IA32_ARCH_CAPABILITIES bits     |           Result with cmdline tsx=auto           |
> +----------+----------+----------------+---------------+--------------+-------------------+
> |  TAA_NO  |  MDS_NO  |  TSX_CTRL_MSR  |  VERW clears  |  TSX state   |  TAA mitigation   |
> |          |          |                |  CPU buffers  | after bootup |                   |
> +==========+==========+================+===============+==============+===================+
> |    0     |    0     |       0        |      Yes      |  HW default  |    Same as MDS    |
> +----------+----------+----------------+---------------+--------------+-------------------+
> |    0     |    0     |       1        | Invalid case  | Invalid case |   Invalid case    |
> +----------+----------+----------------+---------------+--------------+-------------------+

So you're saying that if TSX_CTRL_MSR is available VERW clears CPU buffers
independent of MDS_NO being set, right? So:

  MDS_NO	MD_CLEAR	TSX_CTRL_MSR
    0		  0		    0		Vulnerable (needs ucode)
    0		  1		    0		MDS and TAA mitigated via VERW
    1		  1		    0		MDS fixed, TAA vulnerable if TSX enabled
    		  		    		because MD_CLEAR has no meaning and
						VERW is not guaranteed to clear buffers
    1		  x		    1		MDS fixed, TAA can be mitigated by
    		  		    		    	   VERW or TSX_CTRL_MSR

If so, please document all of that proper and fixup the other comments
people had on this series.

Thanks,

	tglx