From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 01 Mar 2019 18:39:24 -0000 Received: from mx1.redhat.com ([209.132.183.28]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gzn46-0001bk-TG for speck@linutronix.de; Fri, 01 Mar 2019 19:39:23 +0100 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com [10.5.11.22]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 989263018990 for ; Fri, 1 Mar 2019 18:39:16 +0000 (UTC) Received: from treble (ovpn-122-204.rdu2.redhat.com [10.10.122.204]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4631F1001E62 for ; Fri, 1 Mar 2019 18:39:16 +0000 (UTC) Date: Fri, 1 Mar 2019 12:39:14 -0600 From: Josh Poimboeuf Subject: [MODERATED] Re: [patch V5 09/14] MDS basics 9 Message-ID: <20190301183914.y3kvjyneyncgwki7@treble> References: <20190227150939.605235753@linutronix.de> <20190227152037.818666801@linutronix.de> <20190301140415.pjv7qjellvqrlbw5@treble> <20190301164022.uxpvtuzwlfdylqri@treble> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20190301164022.uxpvtuzwlfdylqri@treble> To: speck@linutronix.de List-ID: On Fri, Mar 01, 2019 at 10:40:22AM -0600, Josh Poimboeuf wrote: > On Fri, Mar 01, 2019 at 05:03:39PM +0100, speck for Thomas Gleixner wrote: > > On Fri, 1 Mar 2019, speck for Josh Poimboeuf wrote: > > > On Wed, Feb 27, 2019 at 04:09:48PM +0100, speck for Thomas Gleixner wrote: > > > > Subject: [patch V5 09/14] x86/speculation/mds: Conditionally clear CPU buffers on idle entry > > > > From: Thomas Gleixner > > > > > > > > Add a static key which controls the invocation of the CPU buffer clear > > > > mechanism on idle entry. This is independent of other MDS mitigations > > > > because the idle entry invocation to mitigate the potential leakage due to > > > > store buffer repartitioning is only necessary on SMT systems. > > > > > > > > Add the actual invocations to the different halt/mwait variants which > > > > covers all usage sites. mwaitx is not patched as it's not available on > > > > Intel CPUs. > > > > > > > > The buffer clear is only invoked before entering the C-State to prevent > > > > that stale data from the idling CPU is spilled to the Hyper-Thread sibling > > > > after the Store buffer got repartitioned and all entries are available to > > > > the non idle sibling. > > > > > > Andrea brought up a good question privately -- this patch mitigates > > > MSBDS for HT, but HT will still be susceptible to the other two MDS > > > issues. So what's the point? It seems this patch only protects people > > > who don't care about MDS in the first place. > > > > Indeed for most CPU models it's pointless. > > > > The ones which are only affected by MSBDS are Atom Silvermont/Airmont which > > are all single threaded and the XEON PHIs. > > > > For XEON PHI it actually makes sense because XEON PHI does not have L1TF > > either. > > > > But yes, for everything else it's just window dressing. > > Makes sense. I didn't realize that some CPUs were affected by MSBDS and > not other MDSes. > > Can you add that justification to the documentation and/or patch > description? Or even better, can we only do the idle clearing on XEON PHI? Also it sounds like the mds vulnerabilities file shouldn't ever show "SMT vulnerable" for XEON PHI. -- Josh