From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 23 Oct 2019 17:11:25 -0000 Received: from us-smtp-1.mimecast.com ([207.211.31.81] helo=us-smtp-delivery-1.mimecast.com) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iNKAO-00061F-HO for speck@linutronix.de; Wed, 23 Oct 2019 19:11:25 +0200 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 24974107AD33 for ; Wed, 23 Oct 2019 17:11:13 +0000 (UTC) Received: from treble (ovpn-121-225.rdu2.redhat.com [10.10.121.225]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 928955DC18 for ; Wed, 23 Oct 2019 17:11:12 +0000 (UTC) Date: Wed, 23 Oct 2019 12:11:09 -0500 From: Josh Poimboeuf Subject: [MODERATED] Re: [PATCH v7 00/10] TAAv7 0 Message-ID: <20191023171109.v2zuencuodj3fvku@treble> References: <20191023154604.GO12272@zn.tnic> MIME-Version: 1.0 In-Reply-To: <20191023154604.GO12272@zn.tnic> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Wed, Oct 23, 2019 at 05:46:04PM +0200, speck for Borislav Petkov wrote: > On Mon, Oct 21, 2019 at 01:22:01PM -0700, speck for Pawan Gupta wrote: > > From: Pawan Gupta > > Subject: [PATCH v7 00/10] TAAv7 > > Ok, I ran the pile on a box here: > > vendor_id : GenuineIntel > cpu family : 6 > model : 158 > model name : Intel(R) Core(TM) i5-9600K CPU @ 3.70GHz > stepping : 12 > > There is some microcode for it: > > [ 0.000000] microcode: microcode updated early to revision 0xc6, date = 2019-08-14 > [ 1.005808] microcode: sig=0x906ec, pf=0x2, revision=0xc6 > > And booting it says: > > [ 0.197056] tsx_init: enter > [ 0.197207] tsx_ctrl_is_supported: CAP MSR: 0x9 > > This is added by me and it shows that the box is a pre MDS_NO=1 one, > i.e., MD_CLEAR mitigates TAA too AFAIU. > > Which means, there's no TSX_CTRL_MSR and I cannot disable TSX there. > > Which means, boxes like this one don't need the microcode as long as > they have MD_CLEAR microcode. > > [ 0.197363] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization > [ 0.197540] Spectre V2 : Mitigation: Full generic retpoline > [ 0.197696] Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch > [ 0.197871] Spectre V2 : Enabling Restricted Speculation for firmware calls > [ 0.198032] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier > [ 0.198208] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl and seccomp > [ 0.198386] MDS: Mitigation: Clear CPU buffers > [ 0.198540] TAA: Mitigation: Clear CPU buffers > > Makes sense? FWIW, makes sense to me. It will be especially interesting to see tests on an MDS_NO=1 box with the new microcode. -- Josh