From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pawan.kumar.gupta@linux.intel.com>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 23 Oct
  2019 13:35:18 -0000
Received: from mga02.intel.com ([134.134.136.20])
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <pawan.kumar.gupta@linux.intel.com>)
	id 1iNGnE-0002ah-1m
	for speck@linutronix.de; Wed, 23 Oct 2019 15:35:17 +0200
Date: Wed, 23 Oct 2019 06:28:59 -0700
From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Subject: [MODERATED] Re: [PATCH v7 04/10] TAAv7 4
Message-ID: <20191023132859.GA32452@guptapadev.amr>
References: <cover.1571688957.git.pawan.kumar.gupta@linux.intel.com>
 <20191022165112.GK31458@zn.tnic>
 <20191022174452.GE29216@guptapadev.amr>
 <20191022190434.GR31458@zn.tnic>
 <20191022212902.GA30440@guptapadev.amr>
 <20191022215321.GY31458@zn.tnic>
 <20191022220555.GZ31458@zn.tnic>
 <20191023002756.GB30440@guptapadev.amr>
 <20191023052527.GA26602@guptapadev.amr>
 <20191023064653.GA12272@zn.tnic>
MIME-Version: 1.0
In-Reply-To: <20191023064653.GA12272@zn.tnic>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Wed, Oct 23, 2019 at 08:46:54AM +0200, speck for Borislav Petkov wrote:
> On Tue, Oct 22, 2019 at 10:25:27PM -0700, speck for Pawan Gupta wrote:
> > I think we first need to agree on whether disabling TSX is the
> > mitigation for X86_BUG_TAA or the lack of bug. Your clearing the bug bit
> > here makes me think that you are treating it as lack of bug. This series
> > treats it as a mitigation when the hardware has the bug. Let me know
> > your thoughts on this.
> 
> Ok, I see your point. And yes, let's do what you're suggesting because
> that mirrors reality optimally:
> 
> static void __init taa_select_mitigation(void)
> { 
>         u64 ia32_cap;
> 
>         if (!boot_cpu_has_bug(X86_BUG_TAA) || cpu_mitigations_off()) {
>                 taa_mitigation = TAA_MITIGATION_OFF;
>                 return;
>         }

There is a small issue with cpu_mitigations_off() check before X86_FEATURE_RTM.

If the user provides cmdline "tsx=off mitigations=off" then sysfs will
show "Vulnerable", when it is actually mitigated because of "tsx=off".

> 
> 	if (!boot_cpu_has(X86_FEATURE_RTM)) {
>                 taa_mitigation = TAA_MITIGATION_TSX_DISABLE;
>                 goto out;
>         }

cpu_mitigations_off() check after X86_FEATURE_RTM check will fix this.

Thanks,
Pawan