On 10/10/2019 00:53, speck for Luck, Tony wrote:
> On Thu, Oct 10, 2019 at 12:40:45AM +0100, speck for Andrew Cooper wrote:
>>> I don't know what the enabled status of HLE is on the MDS_NO, TAA parts,
>>> and whether it is statically disabled with the TSX_CTRL microcode, but
>>> if it isn't statically disabled then it needs to be dynamically disabled
>>> by bit 0, or a 'CLFLUSH; XBEGIN ...; MOV secret' can still be used to
>>> exploit TAA.
>> Apologies.  That is the RTM sequence.
>>
>> For HLE, I meant 'CLFLUSH; XAQUIRE ...; MOV secret'.
> Did we send out a review copy of the white paper for TAA yet?

Not as far as I am aware.  Have I missed something?

I'm still working from the ppdf from June 26th, which I seem to recall
was from just after the adjustment of bit 0's behaviour away from
causing #UD's.

> HLE is kind of buried, but we do say:
>
>    On processors that enumerate IA32_ARCH_CAPABILITIES[TSX_CTRL]
>    (bit 7)=1, HLE prefix hints are always ignored.
>
> Which is to say that HLE is unconditionally disabled by the
> new microcode for TAA.

Great.  I look forward to a paper to review.

Is that a firm decision on Ronak's suggestion that HLE is going to be
sunset?

~Andrew