From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jkosina@suse.cz>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 15 Oct
  2019 20:35:13 -0000
Received: from mx2.suse.de ([195.135.220.15] helo=mx1.suse.de)
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <jkosina@suse.cz>)
	id 1iKTXE-00084V-3N
	for speck@linutronix.de; Tue, 15 Oct 2019 22:35:13 +0200
Received: from relay2.suse.de (unknown [195.135.220.254])
	by mx1.suse.de (Postfix) with ESMTP id CCBA9ACA5
	for <speck@linutronix.de>; Tue, 15 Oct 2019 20:35:05 +0000 (UTC)
Date: Tue, 15 Oct 2019 22:35:04 +0200 (CEST)
From: Jiri Kosina <jkosina@suse.cz>
Subject: [MODERATED] Re: ***UNCHECKED*** Re: [PATCH v5 08/11] TAAv5 8
In-Reply-To: <nycvar.YFH.7.76.1910152204070.13160@cbobk.fhfr.pm>
Message-ID: <nycvar.YFH.7.76.1910152228520.13160@cbobk.fhfr.pm>
References: <alpine.DEB.2.21.1910142122210.1880@nanos.tec.linutronix.de>
 <nycvar.YFH.7.76.1910142143380.13160@cbobk.fhfr.pm>
 <20191014210458.GF4957@zn.tnic>
 <nycvar.YFH.7.76.1910142327350.13160@cbobk.fhfr.pm>
 <alpine.DEB.2.21.1910151000480.1880@nanos.tec.linutronix.de>
 <20191015103454.GW317@dhcp22.suse.cz>
 <20191015130627.7jkhqy2zrtm35ool@treble>
 <nycvar.YFH.7.76.1910151509040.13160@cbobk.fhfr.pm>
 <20191015152649.yim4krwuttrh6xgi@treble>
 <nycvar.YFH.7.76.1910151728110.13160@cbobk.fhfr.pm>
 <20191015200024.hxs4brxi7gbvmcdy@treble>
 <nycvar.YFH.7.76.1910152204070.13160@cbobk.fhfr.pm>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Tue, 15 Oct 2019, speck for Jiri Kosina wrote:

> > Maybe I'm missing something.  Isn't there going to be a ucode update for
> > MDS_NO parts, which does the verw buffer clearing?  In that case there's
> > no need to disable TSX, and instead the verw mitigation could be used,
> > if desired.
> 
> My understanding was that MDS_NO CPUs will only get ucode update that 
> exposes TSX control MSR, and nothing else.
> 
> > AFAICT, the patch allows to set the default to tsx=auto, which disables 
> > TSX on *all* vulnerable parts, not just the MDS_NO ones.  I don't see 
> > how that would prevent user regressions.
> > 
> > It sounds like maybe you're suggesting something else, that TSX should
> > only be disabled on vulnerable MDS_NO parts?
> 
> OK, let me take a look at the code again. I definitely thought that's what 
> 'auto' indeed does.

OK, so you are right and I misunderstood the logic in the code, sorry. 

Then the only purpose of 'auto' really is getting TSX enabled on future 
CPUs which would eventually have ARCH_CAP_TAA_NO=1; so pretty useless for 
preventing regressions.

So yeah, I agree, 'auto' is actually useless to prevent regressions, and I 
believe we want some other 'auto' (*), which would actually disable TSX 
only if (X86_BUG_TAA && !MD_CLEAR), agreed?

(*) I'd actually prefer to convert the current 'auto' to this new 
    semantics; it'll keep TSX enabled on future CPUs without X86_BUG_TAA,
    and it'll prevent regressions in unnecessary cases.

Thanks,

-- 
Jiri Kosina
SUSE Labs