From: Thomas Gleixner <tglx@linutronix.de>
To: speck@linutronix.de
Subject: Re: Encrypted Message
Date: Tue, 5 Mar 2019 17:04:00 +0100 (CET) [thread overview]
Message-ID: <alpine.DEB.2.21.1903051650570.1646@nanos.tec.linutronix.de> (raw)
In-Reply-To: <ee8152b1-ce41-5a4b-dd8e-c256b688e096@redhat.com>
On Mon, 4 Mar 2019, speck for Jon Masters wrote:
> > That said: Virtual Machines Will Eventually Receive Vaccine
>
> The effect of this patch, currently, is that a (bare metal) machine
> without updated ucode will print the following:
>
> [ 1.576602] MDS: Vulnerable: Clear CPU buffers attempted, no microcode
>
> The intention of the patch is to say "hey, you might be on a VM, so
> we'll try anyway in case we didn't get told you had MD_CLEAR". But the
> effect on bare metal might be ambiguous. It's reasonable (for someone
> else) to assume we might be using a software sequence to try flushing.
>
> Perhaps the wording should convey something like:
>
> "MDS: Vulnerable: Clear CPU buffers may not work, no microcode"
Yeah, we also could do something like the delta patch below:
Thanks,
tglx
8<------------------
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -228,18 +228,28 @@ static const char * const mds_strings[]
[MDS_MITIGATION_VMWERV] = "Vulnerable: Clear CPU buffers attempted, no microcode",
};
-static void mds_select_mitigation(void)
+static void __init mds_check_md_clear(void)
+{
+ if (!boot_cpu_has(X86_FEATURE_MD_CLEAR)) {
+ if (hypervisor_is_type(X86_HYPER_NATIVE)) {
+ mds_mitigation = MDS_MITIGATION_OFF;
+ return;
+ }
+ mds_mitigation = MDS_MITIGATION_VMWERV;
+ }
+ static_branch_enable(&mds_user_clear);
+}
+
+static void __init mds_select_mitigation(void)
{
if (!boot_cpu_has_bug(X86_BUG_MDS)) {
mds_mitigation = MDS_MITIGATION_OFF;
return;
}
- if (mds_mitigation == MDS_MITIGATION_FULL) {
- if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
- mds_mitigation = MDS_MITIGATION_VMWERV;
- static_branch_enable(&mds_user_clear);
- }
+ if (mds_mitigation == MDS_MITIGATION_FULL)
+ mds_check_md_clear();
+
pr_info("%s\n", mds_strings[mds_mitigation]);
}
next prev parent reply other threads:[~2019-03-05 16:04 UTC|newest]
Thread overview: 61+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-01 21:47 [patch V6 00/14] MDS basics 0 Thomas Gleixner
2019-03-01 21:47 ` [patch V6 01/14] MDS basics 1 Thomas Gleixner
2019-03-02 0:06 ` [MODERATED] " Frederic Weisbecker
2019-03-01 21:47 ` [patch V6 02/14] MDS basics 2 Thomas Gleixner
2019-03-02 0:34 ` [MODERATED] " Frederic Weisbecker
2019-03-02 8:34 ` Greg KH
2019-03-05 17:54 ` Borislav Petkov
2019-03-01 21:47 ` [patch V6 03/14] MDS basics 3 Thomas Gleixner
2019-03-02 1:12 ` [MODERATED] " Frederic Weisbecker
2019-03-01 21:47 ` [patch V6 04/14] MDS basics 4 Thomas Gleixner
2019-03-02 1:28 ` [MODERATED] " Frederic Weisbecker
2019-03-05 14:52 ` Thomas Gleixner
2019-03-06 20:00 ` [MODERATED] " Andrew Cooper
2019-03-06 20:32 ` Thomas Gleixner
2019-03-07 23:56 ` [MODERATED] " Andi Kleen
2019-03-08 0:36 ` Linus Torvalds
2019-03-01 21:47 ` [patch V6 05/14] MDS basics 5 Thomas Gleixner
2019-03-02 1:37 ` [MODERATED] " Frederic Weisbecker
2019-03-07 23:59 ` Andi Kleen
2019-03-08 6:37 ` Thomas Gleixner
2019-03-01 21:47 ` [patch V6 06/14] MDS basics 6 Thomas Gleixner
2019-03-04 6:28 ` [MODERATED] Encrypted Message Jon Masters
2019-03-05 14:55 ` Thomas Gleixner
2019-03-01 21:47 ` [patch V6 07/14] MDS basics 7 Thomas Gleixner
2019-03-02 2:22 ` [MODERATED] " Frederic Weisbecker
2019-03-05 15:30 ` Thomas Gleixner
2019-03-06 15:49 ` [MODERATED] " Frederic Weisbecker
2019-03-06 5:21 ` Borislav Petkov
2019-03-01 21:47 ` [patch V6 08/14] MDS basics 8 Thomas Gleixner
2019-03-03 2:54 ` [MODERATED] " Frederic Weisbecker
2019-03-04 6:57 ` [MODERATED] Encrypted Message Jon Masters
2019-03-04 7:06 ` Jon Masters
2019-03-04 8:12 ` Jon Masters
2019-03-05 15:34 ` Thomas Gleixner
2019-03-06 16:21 ` [MODERATED] " Jon Masters
2019-03-06 14:11 ` [MODERATED] Re: [patch V6 08/14] MDS basics 8 Borislav Petkov
2019-03-01 21:47 ` [patch V6 09/14] MDS basics 9 Thomas Gleixner
2019-03-06 16:14 ` [MODERATED] " Frederic Weisbecker
2019-03-01 21:47 ` [patch V6 10/14] MDS basics 10 Thomas Gleixner
2019-03-04 6:45 ` [MODERATED] Encrypted Message Jon Masters
2019-03-05 18:42 ` [MODERATED] Re: [patch V6 10/14] MDS basics 10 Andrea Arcangeli
2019-03-06 19:15 ` Thomas Gleixner
2019-03-06 14:31 ` [MODERATED] " Borislav Petkov
2019-03-06 15:30 ` Thomas Gleixner
2019-03-06 18:35 ` Thomas Gleixner
2019-03-06 19:34 ` [MODERATED] Re: " Borislav Petkov
2019-03-01 21:47 ` [patch V6 11/14] MDS basics 11 Thomas Gleixner
2019-03-01 21:47 ` [patch V6 12/14] MDS basics 12 Thomas Gleixner
2019-03-04 5:47 ` [MODERATED] Encrypted Message Jon Masters
2019-03-05 16:04 ` Thomas Gleixner [this message]
2019-03-05 16:40 ` [MODERATED] Re: [patch V6 12/14] MDS basics 12 mark gross
2019-03-06 14:42 ` Borislav Petkov
2019-03-01 21:47 ` [patch V6 13/14] MDS basics 13 Thomas Gleixner
2019-03-03 4:01 ` [MODERATED] " Josh Poimboeuf
2019-03-05 16:04 ` Thomas Gleixner
2019-03-05 16:43 ` [MODERATED] " mark gross
2019-03-01 21:47 ` [patch V6 14/14] MDS basics 14 Thomas Gleixner
2019-03-01 23:48 ` [patch V6 00/14] MDS basics 0 Thomas Gleixner
2019-03-04 5:30 ` [MODERATED] Encrypted Message Jon Masters
-- strict thread matches above, loose matches on Subject: below --
2019-02-21 23:44 [patch V3 0/9] MDS basics 0 Thomas Gleixner
2019-02-21 23:44 ` [patch V3 4/9] MDS basics 4 Thomas Gleixner
2019-02-22 7:45 ` [MODERATED] Encrypted Message Jon Masters
2019-02-22 17:16 ` [MODERATED] " Linus Torvalds
2019-02-22 17:40 ` Thomas Gleixner
2019-02-20 15:07 [patch V2 00/10] MDS basics+ 0 Thomas Gleixner
2019-02-20 15:07 ` [patch V2 04/10] MDS basics+ 4 Thomas Gleixner
2019-02-20 17:10 ` [MODERATED] " mark gross
2019-02-21 19:26 ` [MODERATED] Encrypted Message Tim Chen
2019-02-21 20:32 ` Thomas Gleixner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.1903051650570.1646@nanos.tec.linutronix.de \
--to=tglx@linutronix.de \
--cc=speck@linutronix.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).