Received: by 2002:a05:6902:102b:0:0:0:0 with SMTP id x11csp1566841ybt; Mon, 15 Jun 2020 03:49:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyTu4mPFD99B5o54pkU8TlzX82DNkIHelyd0fwTuaJHKYgdN0H46OX4lhKYtRI28njvbwL4 X-Received: by 2002:a50:f087:: with SMTP id v7mr22603673edl.225.1592218180547; Mon, 15 Jun 2020 03:49:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1592218180; cv=none; d=google.com; s=arc-20160816; b=sbpw+nfi0PX1lBSFOTGkGkrfVc3wiiLPrLGmyPQJgGdIdZY98oF8YQkY6EKHS3tRI8 7EZNUbYKYLXjZNxHSen6ofXbAxt4i7DhOIKMLtpfJHuN+B5J8v0ITO5um0Do18G0vy+O RD0CYCUNo9+lUgfSkQ/jald/siUfgHD5LnXqk0BxtnY2D2UKfl+4apjdwPWqwoyGq0Dq TBmnC1wF5GZaWUOj/02rLthOa3MxIyGDTVcI2V/1MEe3wkCyHHFxo4sdW18c0zf3RNPW hmeETglrjeCXLEYHyg0wOtEYNWjJ4JG6R/tonR6hoFidbMesfgfD6O/mXaB6XHYbGy1x o9Hg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=MHpggwvr0BvKUJlLLSPpdNMqETzjB0UWRAJLzGCSE/s=; b=i/rJqdMpHrUZgfjppMJfTuE8gAy//fEDuRbAVbJ35NjRjpbvG8gmx3e2ogwq3yMU7u JNrmu1OcN0yMIVXVfew5aEA/jR7QHtKp+8lMUpu3eGdGJ48SspKilaeQxWkaAlT0ZzG1 89nhDw7p66pWlnV8T9yoSy2aYYbRltLkE9QE3mbPGJtpynf2rJP27QDU/KoH1R8rcFeO K3bEhuikGA11eRddPwfMhJMRNVDPr6A2UVKhrxassvDtWvPjY42twM4OHHVz4OdXkXi7 FXc9ooVY5p6AHfFfsybt1VSRzY/BUnHp6e3EfLG9FzCu8ZRxAX6AN9DJh2xYkqSARXiL TssQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="iL/tiCXi"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m10si8271810edv.322.2020.06.15.03.49.18; Mon, 15 Jun 2020 03:49:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@alien8.de header.s=dkim header.b="iL/tiCXi"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=alien8.de Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729280AbgFOKrW (ORCPT + 99 others); Mon, 15 Jun 2020 06:47:22 -0400 Received: from mail.skyhub.de ([5.9.137.197]:33814 "EHLO mail.skyhub.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728815AbgFOKrV (ORCPT ); Mon, 15 Jun 2020 06:47:21 -0400 Received: from zn.tnic (p200300ec2f063c00a9ba54d750d72537.dip0.t-ipconnect.de [IPv6:2003:ec:2f06:3c00:a9ba:54d7:50d7:2537]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.skyhub.de (SuperMail on ZX Spectrum 128k) with ESMTPSA id 3ADD41EC035B; Mon, 15 Jun 2020 12:47:20 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alien8.de; s=dkim; t=1592218040; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:in-reply-to:in-reply-to: references:references; bh=MHpggwvr0BvKUJlLLSPpdNMqETzjB0UWRAJLzGCSE/s=; b=iL/tiCXidPNan8giRcIyigGQx5uElNnFHtoi8CPJqgTD1GDpCflOrn0nAU3x/BFR1MKsr9 /FbVAxLKXMjzZ9eB8hrm/0c/bc8xDsoB5bbHqdA5bOB1ooC7cz3ft3Luc/KTbs/VQQOdaw 5J1XrRalyY763xRL08Jx9Q9rnTD72K4= Date: Mon, 15 Jun 2020 12:47:13 +0200 From: Borislav Petkov To: Thadeu Lima de Souza Cascardo , Mark Gross Cc: linux-kernel@vger.kernel.org, Mark Gross , x86@kernel.org, "H. Peter Anvin" , Ingo Molnar , Thomas Gleixner , John Johansen , Steve Beattie Subject: Re: [PATCH] x86/speculation/srbds: do not try to turn mitigation off when not supported Message-ID: <20200615104713.GE14668@zn.tnic> References: <20200609174313.2600320-1-cascardo@canonical.com> <20200615082858.GC14668@zn.tnic> <20200615102738.GZ4342@mussarela> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20200615102738.GZ4342@mussarela> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Jun 15, 2020 at 07:27:38AM -0300, Thadeu Lima de Souza Cascardo wrote: > It was booted without the microcode update. There was microcode available, but > systems may be booted without it, thus causing warnings due to the MSR > read/write. Right. > That's exactly the fix in the patch I sent, right? Do you want me to resend > with a comment, then? Your patch replaced - if (srbds_mitigation == SRBDS_MITIGATION_UCODE_NEEDED) Thinking about this more, I think the proper thing to do is this: --- diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 0b71970d2d3d..ce2931563f8f 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -432,14 +432,14 @@ void update_srbds_msr(void) if (boot_cpu_has(X86_FEATURE_HYPERVISOR)) return; - if (srbds_mitigation == SRBDS_MITIGATION_UCODE_NEEDED) + if (srbds_mitigation == SRBDS_MITIGATION_UCODE_NEEDED || + srbds_mitigation == SRBDS_MITIGATION_TSX_OFF) return; rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); switch (srbds_mitigation) { case SRBDS_MITIGATION_OFF: - case SRBDS_MITIGATION_TSX_OFF: mcu_ctrl |= RNGDS_MITG_DIS; break; case SRBDS_MITIGATION_FULL: --- because looking at: 7e5b3c267d25 ("x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation") it says: While it is present on all affected CPU models, the microcode mitigation is not needed on models that enumerate ARCH_CAPABILITIES[MDS_NO] in the cases where TSX is not supported or has been disabled with TSX_CTRL. which could be also understood as "there won't be microcode for those CPUs and thus MSR_IA32_MCU_OPT_CTRL won't be there." Because if that is the case, then SRBDS_MITIGATION_TSX_OFF means the MSR is not there and therefore we should not touch it. And you've actually shown that without the microcode loaded, you can have a system which is MDS_NO and which hasn't generated MSR_IA32_MCU_OPT_CTRL (because the microcode is not loaded) and thus can't touch said MSR. Mark? -- Regards/Gruss, Boris. https://people.kernel.org/tglx/notes-about-netiquette