From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 24 Oct 2019 18:20:51 -0000 Received: from mx2.suse.de ([195.135.220.15] helo=mx1.suse.de) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iNhj7-00066d-F1 for speck@linutronix.de; Thu, 24 Oct 2019 20:20:50 +0200 Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id 97C6EB2F3 for ; Thu, 24 Oct 2019 18:20:43 +0000 (UTC) Date: Thu, 24 Oct 2019 20:20:42 +0200 (CEST) From: Jiri Kosina Subject: [MODERATED] Re: [PATCH 7/9] TAA 7 In-Reply-To: <20191024164226.GD14115@zn.tnic> Message-ID: References: <137b3a048af221bc7d9ea9a921359942b944204e.1571905227.git.bp@suse.de> <20191024153517.ysko4ni3dadqdzn5@treble> <20191024164226.GD14115@zn.tnic> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Thu, 24 Oct 2019, speck for Borislav Petkov wrote: > "Disable TSX if the CPU is affected by the TSX Async Abort (TAA) > vulnerability and microcode provides a special MSR - TSX_CTRL_MSR - > which provides the required TSX control knobs. On MDS-affected parts > where VERW takes care of the TAA vulnerability, that controlling MSR is > not present and thus TSX cannot be disabled there." This is true if you ignore hyperthreading. On SMT systems, TSX disable is 100% complete mitigation, while VERW clearing is not. Thanks, -- Jiri Kosina SUSE Labs