From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jkosina@suse.cz>
Received: from mail.linutronix.de (193.142.43.55:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 15 Oct
  2019 15:32:19 -0000
Received: from mx2.suse.de ([195.135.220.15] helo=mx1.suse.de)
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <jkosina@suse.cz>)
	id 1iKOo5-0002Ld-FM
	for speck@linutronix.de; Tue, 15 Oct 2019 17:32:18 +0200
Received: from relay2.suse.de (unknown [195.135.220.254])
	by mx1.suse.de (Postfix) with ESMTP id 44135B244
	for <speck@linutronix.de>; Tue, 15 Oct 2019 15:32:10 +0000 (UTC)
Date: Tue, 15 Oct 2019 17:32:08 +0200 (CEST)
From: Jiri Kosina <jkosina@suse.cz>
Subject: [MODERATED] Re: ***UNCHECKED*** Re: [PATCH v5 08/11] TAAv5 8
In-Reply-To: <20191015152649.yim4krwuttrh6xgi@treble>
Message-ID: <nycvar.YFH.7.76.1910151728110.13160@cbobk.fhfr.pm>
References: <cover.1570255065.git.pawan.kumar.gupta@linux.intel.com>
 <20191009131251.GD6616@dhcp22.suse.cz>
 <alpine.DEB.2.21.1910142122210.1880@nanos.tec.linutronix.de>
 <nycvar.YFH.7.76.1910142143380.13160@cbobk.fhfr.pm>
 <20191014210458.GF4957@zn.tnic>
 <nycvar.YFH.7.76.1910142327350.13160@cbobk.fhfr.pm>
 <alpine.DEB.2.21.1910151000480.1880@nanos.tec.linutronix.de>
 <20191015103454.GW317@dhcp22.suse.cz>
 <20191015130627.7jkhqy2zrtm35ool@treble>
 <nycvar.YFH.7.76.1910151509040.13160@cbobk.fhfr.pm>
 <20191015152649.yim4krwuttrh6xgi@treble>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Tue, 15 Oct 2019, speck for Josh Poimboeuf wrote:

> > > Since all (or most?) modern Intel CPUs are vulnerable to TAA, 
> > > defaulting to tsx=auto would effectively be the same as defaulting 
> > > to tsx=off, right?  How does this help with regressions?
> > 
> > The mitigation is only needed on CPUs where verw doesn't have the buffer 
> > clearing semantics.
> 
> Can you elaborate?  I have no idea what you're trying to say and how it
> relates to my question :-)

Only those CPUs with TSX *and* with MDS_NO need TSX disabled in order to 
protect from this issues.

The CPUs that don't enumarate MDS_NO (and therefore got ucode update with 
verw buffer-clearing semantics) are fully mitigated against TAA by MDS 
mitigations already.

Therefore the set of CPUs where we *really* need to turn of TSX in order 
to protect from TAA is currently rather minimal (CascadeLake-B, 
WhiskeyLake-V, CommitLake, CoffeeLake-R), so force-disabling on all CPUs 
covers way bigger set of platforms than actually needed.

-- 
Jiri Kosina
SUSE Labs