[MODERATED] Re: [PATCH 3/4] V7 more sampling fun 3

From: mark gross <mgross@linux.intel.com>
To: speck@linutronix.de
Subject: [MODERATED] Re: [PATCH 3/4] V7 more sampling fun 3
Date: Tue, 14 Apr 2020 14:03:02 -0700	[thread overview]
Message-ID: <20200414210302.GC29751@mtg-dev.jf.intel.com> (raw)
In-Reply-To: <20200414200237.useaxfticfc4skqm@treble>

On Tue, Apr 14, 2020 at 03:02:37PM -0500, speck for Josh Poimboeuf wrote:
> On Thu, Jan 16, 2020 at 02:16:07PM -0800, speck for mark gross wrote:
> > +enum srbds_mitigations {
> > +	SRBDS_MITIGATION_OFF,
> > +	SRBDS_MITIGATION_UCODE_NEEDED,
> > +	SRBDS_MITIGATION_FULL,
> > +	SRBDS_MITIGATION_NOT_AFFECTED_TSX_OFF,
> > +	SRBDS_MITIGATION_HYPERVISOR,
> > +};
> > +
> > +static enum srbds_mitigations srbds_mitigation __ro_after_init = SRBDS_MITIGATION_FULL;
> > +static const char * const srbds_strings[] = {
> > +	[SRBDS_MITIGATION_OFF]			= "Vulnerable",
> > +	[SRBDS_MITIGATION_UCODE_NEEDED]		= "Vulnerable: No microcode",
> > +	[SRBDS_MITIGATION_FULL]			= "Mitigated: Microcode",
> 
> s/Mitigated/Mitigation/ for consistency with other issues
ok

> > +	[SRBDS_MITIGATION_NOT_AFFECTED_TSX_OFF]	= "Not affected (TSX disabled)",
> 
> The CPU *is* affected, it just happens to be mitigated, right?
This depends on perspective.
The only mitigation to SRBS is for the uCode to serialize access to the off
core hwRNG and to do a ghost transfer of a through away random number such that
if it leaks you don't get the right random number.  I think there may be some
buffer clearing in there too.

Disabling TSX from that point of view is not mitigating the issue so much as
hiding exposure to it.

I can see it either way.  Not sure which is better.  After reading my logic do
you still think it would make more sence to change "Not affected (TSX
disabled)" to "Mitigated: TSX disabled"?

> Shouldn't it be SRBDS_MITIGATION_TSX_OFF and "Mitigation: TSX disabled"?
You tell me.  I think they are boot good enough although I do look at txs
disabling as a special case for vulnerability.

> 
> 
> > @@ -1142,6 +1166,34 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c)
> >  	     (ia32_cap & ARCH_CAP_TSX_CTRL_MSR)))
> >  		setup_force_cpu_bug(X86_BUG_TAA);
> >  
> > +	if (cpu_matches(SRBDS|SRBDS_IF_TSX, cpu_vuln_blacklist)) {
> > +		/*
> > +		 * Some parts on the list don't have RDRAND or RDSEED. Make sure
> > +		 * they show as "Not affected".
> > +		 */
> > +		if (!cpu_has(c, X86_FEATURE_RDRAND) &&
> > +		    !cpu_has(c, X86_FEATURE_RDSEED))
> > +			goto srbds_not_affected;
> > +		/*
> > +		 * Parts in the blacklist that enumerate MDS_NO are only
> > +		 * vulneralbe if TSX can be used.  To handle cases where TSX
> 
> "vulnerable"
ok
> 
> > +		 * gets fused off check to see if TSX is fused off and thus not
> > +		 * affected.
> > +		 *
> > +		 * When running with up to day microcode TSX_CTRL is only
> 
> "up-to-date"
ok

> > +		 * enumerated on parts where TSX fused on.
> 
> where TSX *is* fused on.
ok

> > +		 * When running with microcode not supporting TSX_CTRL we check
> > +		 * for RTM
> 
> Missing period
ok

> > +		 */
> > +		if ((ia32_cap & ARCH_CAP_MDS_NO) &&
> > +		    !((ia32_cap & ARCH_CAP_TSX_CTRL_MSR) ||
> > +		      cpu_has(c, X86_FEATURE_RTM)))
> > +			goto srbds_not_affected;
> > +
> > +		setup_force_cpu_bug(X86_BUG_SRBDS);
> > +	}
> > +srbds_not_affected:
> > +
> >  	if (cpu_matches(NO_MELTDOWN, cpu_vuln_whitelist))
> >  		return;
> 
> I'm thinking it would be more readable to have the newline between the
> bracket and the 'if', instead of between the label and the 'if'.
so, lose the newline between the label and the if?

--mark