From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bp@suse.de>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 24 Oct
  2019 19:53:24 -0000
Received: from mx2.suse.de ([195.135.220.15] helo=mx1.suse.de)
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <bp@suse.de>)
	id 1iNjAh-00083d-6Z
	for speck@linutronix.de; Thu, 24 Oct 2019 21:53:23 +0200
Received: from relay2.suse.de (unknown [195.135.220.254])
	by mx1.suse.de (Postfix) with ESMTP id E9993AEC4
	for <speck@linutronix.de>; Thu, 24 Oct 2019 19:53:17 +0000 (UTC)
Date: Thu, 24 Oct 2019 21:53:16 +0200
From: Borislav Petkov <bp@suse.de>
Subject: [MODERATED] Re: [PATCH 7/9] TAA 7
Message-ID: <20191024195316.GI14115@zn.tnic>
References: <cover.1571905227.git.bp@suse.de>
 <137b3a048af221bc7d9ea9a921359942b944204e.1571905227.git.bp@suse.de>
 <20191024153517.ysko4ni3dadqdzn5@treble>
 <20191024164226.GD14115@zn.tnic>
 <nycvar.YFH.7.76.1910242019140.13160@cbobk.fhfr.pm>
MIME-Version: 1.0
In-Reply-To: <nycvar.YFH.7.76.1910242019140.13160@cbobk.fhfr.pm>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Thu, Oct 24, 2019 at 08:20:42PM +0200, speck for Jiri Kosina wrote:
> On Thu, 24 Oct 2019, speck for Borislav Petkov wrote:
>=20
> > "Disable TSX if the CPU is affected by the TSX Async Abort (TAA)
> > vulnerability and microcode provides a special MSR - TSX_CTRL_MSR -
> > which provides the required TSX control knobs. On MDS-affected parts
> > where VERW takes care of the TAA vulnerability, that controlling MSR is
> > not present and thus TSX cannot be disabled there."
>=20
> This is true if you ignore hyperthreading.
>=20
> On SMT systems, TSX disable is 100% complete mitigation, while VERW
> clearing is not.

So why is our default this then?

static enum taa_mitigations taa_mitigation __ro_after_init =3D TAA_MITIGATION=
_VERW;

and we only do the TAA_MITIGATION_TSX_DISABLED thing only if TSX has
been disabled earlier?

Because of those MDS_NO=3D0 machines which don't get the TSX_CTRL MSR so
that TSX cannot be disabled there?

Are some of those machines SMT?

Because if so, we *must* disable SMT unconditionally to mitigate TAA
completely there... methinks.

--=20
Regards/Gruss,
    Boris.

SUSE Software Solutions Germany GmbH, GF: Felix Imend=C3=B6rffer, HRB 36809, =
AG N=C3=BCrnberg