From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 14 Apr 2020 21:03:12 -0000 Received: from mga06.intel.com ([134.134.136.31]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1jOSi6-0003wb-S6 for speck@linutronix.de; Tue, 14 Apr 2020 23:03:11 +0200 Received: from localhost (mtg-dev.jf.intel.com [10.54.74.10]) by smtp.ostc.intel.com (Postfix) with ESMTP id EF0E96363 for ; Tue, 14 Apr 2020 21:03:02 +0000 (UTC) Date: Tue, 14 Apr 2020 14:03:02 -0700 From: mark gross Subject: [MODERATED] Re: [PATCH 3/4] V7 more sampling fun 3 Message-ID: <20200414210302.GC29751@mtg-dev.jf.intel.com> Reply-To: mgross@linux.intel.com References: <20200414200237.useaxfticfc4skqm@treble> MIME-Version: 1.0 In-Reply-To: <20200414200237.useaxfticfc4skqm@treble> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Tue, Apr 14, 2020 at 03:02:37PM -0500, speck for Josh Poimboeuf wrote: > On Thu, Jan 16, 2020 at 02:16:07PM -0800, speck for mark gross wrote: > > +enum srbds_mitigations { > > + SRBDS_MITIGATION_OFF, > > + SRBDS_MITIGATION_UCODE_NEEDED, > > + SRBDS_MITIGATION_FULL, > > + SRBDS_MITIGATION_NOT_AFFECTED_TSX_OFF, > > + SRBDS_MITIGATION_HYPERVISOR, > > +}; > > + > > +static enum srbds_mitigations srbds_mitigation __ro_after_init = SRBDS_MITIGATION_FULL; > > +static const char * const srbds_strings[] = { > > + [SRBDS_MITIGATION_OFF] = "Vulnerable", > > + [SRBDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode", > > + [SRBDS_MITIGATION_FULL] = "Mitigated: Microcode", > > s/Mitigated/Mitigation/ for consistency with other issues ok > > + [SRBDS_MITIGATION_NOT_AFFECTED_TSX_OFF] = "Not affected (TSX disabled)", > > The CPU *is* affected, it just happens to be mitigated, right? This depends on perspective. The only mitigation to SRBS is for the uCode to serialize access to the off core hwRNG and to do a ghost transfer of a through away random number such that if it leaks you don't get the right random number. I think there may be some buffer clearing in there too. Disabling TSX from that point of view is not mitigating the issue so much as hiding exposure to it. I can see it either way. Not sure which is better. After reading my logic do you still think it would make more sence to change "Not affected (TSX disabled)" to "Mitigated: TSX disabled"? > Shouldn't it be SRBDS_MITIGATION_TSX_OFF and "Mitigation: TSX disabled"? You tell me. I think they are boot good enough although I do look at txs disabling as a special case for vulnerability. > > > > @@ -1142,6 +1166,34 @@ static void __init cpu_set_bug_bits(struct cpuinfo_x86 *c) > > (ia32_cap & ARCH_CAP_TSX_CTRL_MSR))) > > setup_force_cpu_bug(X86_BUG_TAA); > > > > + if (cpu_matches(SRBDS|SRBDS_IF_TSX, cpu_vuln_blacklist)) { > > + /* > > + * Some parts on the list don't have RDRAND or RDSEED. Make sure > > + * they show as "Not affected". > > + */ > > + if (!cpu_has(c, X86_FEATURE_RDRAND) && > > + !cpu_has(c, X86_FEATURE_RDSEED)) > > + goto srbds_not_affected; > > + /* > > + * Parts in the blacklist that enumerate MDS_NO are only > > + * vulneralbe if TSX can be used. To handle cases where TSX > > "vulnerable" ok > > > + * gets fused off check to see if TSX is fused off and thus not > > + * affected. > > + * > > + * When running with up to day microcode TSX_CTRL is only > > "up-to-date" ok > > + * enumerated on parts where TSX fused on. > > where TSX *is* fused on. ok > > + * When running with microcode not supporting TSX_CTRL we check > > + * for RTM > > Missing period ok > > + */ > > + if ((ia32_cap & ARCH_CAP_MDS_NO) && > > + !((ia32_cap & ARCH_CAP_TSX_CTRL_MSR) || > > + cpu_has(c, X86_FEATURE_RTM))) > > + goto srbds_not_affected; > > + > > + setup_force_cpu_bug(X86_BUG_SRBDS); > > + } > > +srbds_not_affected: > > + > > if (cpu_matches(NO_MELTDOWN, cpu_vuln_whitelist)) > > return; > > I'm thinking it would be more readable to have the newline between the > bracket and the 'if', instead of between the label and the 'if'. so, lose the newline between the label and the if? --mark