Received: by 2002:a05:6a10:eb17:0:0:0:0 with SMTP id hx23csp3430749pxb; Mon, 6 Sep 2021 22:16:35 -0700 (PDT) X-Google-Smtp-Source: ABdhPJySMJzS7q+AnYVbvO9cr4xxwlyNfxcCz7cYRTFyobI/6M1D8w8C/4caq1WMSEpFw5jmxalQ X-Received: by 2002:a6b:5a1a:: with SMTP id o26mr12624989iob.40.1630991795229; Mon, 06 Sep 2021 22:16:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1630991795; cv=none; d=google.com; s=arc-20160816; b=nu6S8S9HR1EKmdHNQKmsmJVvIlkiSOASBDc0kGF+OzJG8YPcrh4BplzN+VuEvDS9mQ klDatAvbf3x4RIDVS530HmWdG5AJ11c+uQj6oCklgqBtiVP5bObdI68f+OYR029WMiXE 6jwtuYg5YNAzM8GSmVUTRSZ7TWhy6uh/VeZVzOM7qkXEkRjFylDkoQlwcSkkNALPmZ4v MdeZB8/uGRLqM3z7OwKO086vrix0xMdZv2s294XjJ/vC8mbCaoKl/oiYhnyCyvCgzFF4 3mno0EB9He8D99ZNUIEtG4l4XQVHakx5xeJoCQp9jiqlu68Bx+ClslFCwN8Y0JsWrFLk 4PzQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=RDJNUKa3hng+ws/eW/z+uU1UkSytytCZTyc58DNIyQA=; b=qNMZe6G9NB82EAeDOM0tqNLS5Lpf/7IqYt75rPdEQxN6OBg7lvKaA1cqdRwNyG9HNK 2koHs+yri+m96CewjMQ/f03LrLGyMX9VdlsDCLxlJfRDPfOrM6jokC/SF9nzodA/Hqn9 AWYIr771lUV3/i68tweetbP2fKmE1UPMYur+PE0xIUVjooEY1My14XR1wB8h0tC3iWgo mhGxWhIhbhsQWIk2nVKrnMfBhjd+z2PNVYPHSpJwybPrUl3UNg2yLd8VbpCg2SZ5ewiB wbbG5bnn/Z8Cv5vnfEQUwYVjk/e8o/QwIQkhm8EWDNPzxeI2AP0bkzvhT2LW6M9jmCnm vwVw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b10si252589ilc.151.2021.09.06.22.16.13; Mon, 06 Sep 2021 22:16:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235001AbhIGFOd (ORCPT + 99 others); Tue, 7 Sep 2021 01:14:33 -0400 Received: from mga17.intel.com ([192.55.52.151]:45474 "EHLO mga17.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229456AbhIGFOb (ORCPT ); Tue, 7 Sep 2021 01:14:31 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10099"; a="200308241" X-IronPort-AV: E=Sophos;i="5.85,274,1624345200"; d="scan'208";a="200308241" Received: from orsmga001.jf.intel.com ([10.7.209.18]) by fmsmga107.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 06 Sep 2021 22:13:24 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,274,1624345200"; d="scan'208";a="512707527" Received: from gupta-dev2.jf.intel.com (HELO gupta-dev2.localdomain) ([10.54.74.119]) by orsmga001.jf.intel.com with ESMTP; 06 Sep 2021 22:13:24 -0700 Date: Mon, 6 Sep 2021 22:14:54 -0700 From: Pawan Gupta To: Hao Peng Cc: tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, x86@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] x86/tsx: clear RTM and HLE when MSR_IA32_TSX_CTRL is not supported Message-ID: <20210907051454.56eocxfxeuqixlf6@gupta-dev2.localdomain> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 06.09.2021 10:46, Hao Peng wrote: >If hypervisor does not support MSR_IA32_TSX_CTRL, but guest supports >RTM and HLE features, it will affect TAA mitigation. Guests are on purpose not allowed to control TSX via MSR_IA32_TSX_CTRL, otherwise a malicious guest can enable TSX and attack host or other guests. The TAA mitigation within a guest is same as MDS i.e. micro-architectural buffer clear using VERW instruction. Support for VERW is added by the microcode update and enumerate by MSR_ARCH_CAP[MD_CLEAR] bit. >Signed-off-by: Peng Hao >--- > arch/x86/kernel/cpu/tsx.c | 7 +++++++ > 1 file changed, 7 insertions(+) > >diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c >index 9c7a5f049292..5e852c14fef2 100644 >--- a/arch/x86/kernel/cpu/tsx.c >+++ b/arch/x86/kernel/cpu/tsx.c >@@ -122,6 +122,13 @@ void __init tsx_init(void) > > if (!tsx_ctrl_is_supported()) { > tsx_ctrl_state = TSX_CTRL_NOT_SUPPORTED; >+ >+ /* If hypervisor does not support MSR_IA32_TSX_CTRL emulation, >+ * but guest supports RTM and HLE features, it will affect TAA >+ * (tsx_async_abort)mitigation. >+ */ >+ setup_clear_cpu_cap(X86_FEATURE_RTM); >+ setup_clear_cpu_cap(X86_FEATURE_HLE); This is not correct. TSX feature can exist without TSX_CTRL MSR. Moreover, clearing the cached bits with setup_clear_cpu_cap() doesn't disable the TSX feature in CPU. Thanks, Pawan