From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 24 Oct 2019 16:43:34 -0000 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120] helo=us-smtp-1.mimecast.com) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iNgCy-0003wY-RW for speck@linutronix.de; Thu, 24 Oct 2019 18:43:33 +0200 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 65D495EC for ; Thu, 24 Oct 2019 16:43:26 +0000 (UTC) Received: from treble (ovpn-121-225.rdu2.redhat.com [10.10.121.225]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D36E660161 for ; Thu, 24 Oct 2019 16:43:25 +0000 (UTC) Date: Thu, 24 Oct 2019 11:43:23 -0500 From: Josh Poimboeuf Subject: [MODERATED] Re: [PATCH 3/9] TAA 3 Message-ID: <20191024164323.wcn54g3iiffjoiiq@treble> References: <580e02757c3e639bff00fcea830aa46eba46a92f.1571905227.git.bp@suse.de> <20191024153015.akowqjkf2wm52scv@treble> <20191024163336.GC14115@zn.tnic> MIME-Version: 1.0 In-Reply-To: <20191024163336.GC14115@zn.tnic> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Thu, Oct 24, 2019 at 06:33:36PM +0200, speck for Borislav Petkov wrote: > On Thu, Oct 24, 2019 at 10:30:15AM -0500, speck for Josh Poimboeuf wrote: > > This still needs details about when 'tsx=off' does and doesn't work. > > > > The above makes it sound like it's off for all CPUs, when in fact it's > > only off for newer MDS_NO CPUs. > > How does that sound (and that is being mentioned somewhere in all the > text but here it is important to have): > > off - Disable TSX on the system. (Note that this > option takes effect only on newer CPUs which are > not vulnerable to MDS, i.e., have > MSR_IA32_ARCH_CAPABILITIES.MDS_NO=1 and which get > the new IA32_TSX_CTRL MSR through a microcode > update. This new MSR allows for the reliable > deactivation of the TSX functionality.) > > > It should also perhaps describe the risks associated with tsx=on. While > > there are mitigations for all known issues (i.e., the tsx_async_abort= > > option), TSX has been known to be an accelerator for several previous > > speculation-related CVEs, and so there may be unknown security risks > > associated with leaving it enabled. > > You've basically said it nicely already: > > "Although there are mitigations for all known security vulnerabilities, > TSX has been known to be an accelerator for several previous > speculation-related CVEs, and so there may be unknown security risks > associated with leaving it enabled." > > ACK? ACK -- Josh