Re: [PATCH v2] qemu-cpu-models: Document -noTSX, mds-no, taa-no, and tsx-ctrl

[Kashyap Chamarthy <kchamart@redhat.com>]

On Wed, Jan 22, 2020 at 06:20:51PM +0100, Paolo Bonzini wrote:
> On 21/01/20 19:49, Kashyap Chamarthy wrote:
> > Question: How can a user validate that TSX is indeed disabled for the
> >           guest?
> 
> Look for rtm in /proc/cpuinfo, or look at the TAA entry in the sysfs
> vulnerabilities directory.

Noted.

[...]

> > +@item @code{taa-no}
> > +
> > +Recommended to inform that the guest that the host is @i{not} vulnerable
> > +to CVE-2019-11135, TSX Asyncrnous Abort (TAA).
> 
> Asynchronous

Will fix.

[...]

> > +@item @code{tsx-ctrl}
> > +
> > +Recommended to inform the guest to @i{disable} the Intel TSX
> > +(Transactional Synchronization Extensions) feature.
> 
> Not "to disable" but rather:
> 
> Recommended to inform the guest that it can disable the Intel TSX
> feature or (if vulnerable) use the VERW instruction as a mitigation for
> the TAA vulnerability.

Thanks.  I'll make that last bit to:

    ... use the Intel 'VERW' instruction (a processor-level instruction
    that performs checks on memory access) as a mitigation for the
    TAA vulnerability.

Hope that's accurate-but-vague-enough description of 'VERW'.  (I
realize, as Dave Gilbert said on IRC, the actual description of VERW is
besides the point, as Intel reused that to do something else in addition
to its original purpose).

I just wanted to note a small, high-level blurb on _what_ VERW is,
because I feel awkward leaving such words like that in the air in a
user-facing doc.

[...]

-- 
/kashyap