Received: by 2002:a05:6a10:eb17:0:0:0:0 with SMTP id hx23csp30663pxb; Tue, 7 Sep 2021 16:50:59 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyTMeamDZr0BxPvVVWEib2OgNEqeQTdjvVFjTYONcneuG4klYDvJUY/5WpTvtF4+JXAvSiQ X-Received: by 2002:a17:907:20d1:: with SMTP id qq17mr969200ejb.439.1631058659064; Tue, 07 Sep 2021 16:50:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1631058659; cv=none; d=google.com; s=arc-20160816; b=tGauhKaFBszyE3WqgKRTAtTbUL7EOHBEb/A8pR3BAp4LGDAM2GCzr9y5/SmayXTnlM ofTntVq2R6PJVLQ5CCCYHQHzp4vkp1XM+3TPNge0larCBeiEjLHTMgn8NUnqPlOtUcqJ BEV/hw/+5ZZ2eoSSIflSeXxtriAtsVTd6+0wVNOYMC358ECXpVenWIHBNtnmEe+OgQDD Pc5s5z4vzzRXJQfo8AnL/Z4h9dTie/2YRBFDAl1r/4PVETxWG6xYZF3KxH5AqG/82jhk J5ybp8+GJuNqXAK9RSXpzrojKqhl5qqLuwAdYZNIr45wClyJaDGvenu+hsGNpDtmRs5Y PQHQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=5M/aHwnT40FIu6BYBqjoYbQe1Aa78pF1vCgFLPGmyBg=; b=PJagVgv5HiEhzYRNrLUgDYT+LULOlWpIIfxN5VKOQ2+h+1M6PojAJXaotz/02+O0/B 5Fv2R6Cmx54YrH+0ml96fRMD9WUNRKctTFjFrgn7C2rFvvw1FhPbGXsPhOhcc1qW+eMP pS9f2QtJ3IDXe0jfbn2mxUpCV0tDmoWgqhM4Q8u8eq4nWysKBUYAci56GrSH+V7JFeUE mY3KvL8cvDNiXmMvp2sC4AGE1xPzr7SILKwiD9ykJ/YIsr/rRCnBtKy4Whnb2oiWtUVb IVgQW0fhH4L0KqMFaB2GInnyli+FsMd6YREjNs0IQdR68iuUxVUVn90CoixuzGHHNRaA DJgA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id s6si426202ejs.783.2021.09.07.16.50.33; Tue, 07 Sep 2021 16:50:59 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S239995AbhIGW6t (ORCPT + 99 others); Tue, 7 Sep 2021 18:58:49 -0400 Received: from mga18.intel.com ([134.134.136.126]:43286 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229522AbhIGW6s (ORCPT ); Tue, 7 Sep 2021 18:58:48 -0400 X-IronPort-AV: E=McAfee;i="6200,9189,10100"; a="207448907" X-IronPort-AV: E=Sophos;i="5.85,276,1624345200"; d="scan'208";a="207448907" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga106.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 07 Sep 2021 15:57:41 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.85,276,1624345200"; d="scan'208";a="469382603" Received: from gupta-dev2.jf.intel.com (HELO gupta-dev2.localdomain) ([10.54.74.119]) by orsmga007.jf.intel.com with ESMTP; 07 Sep 2021 15:57:41 -0700 Date: Tue, 7 Sep 2021 15:59:12 -0700 From: Pawan Gupta To: Hao Peng Cc: tglx@linutronix.de, mingo@redhat.com, Borislav Petkov , x86@kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH] x86/tsx: clear RTM and HLE when MSR_IA32_TSX_CTRL is not supported Message-ID: <20210907225912.2i6cmprvauyxrhlu@gupta-dev2.localdomain> References: <20210907051454.56eocxfxeuqixlf6@gupta-dev2.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 07.09.2021 14:36, Hao Peng wrote: >On Tue, Sep 7, 2021 at 1:13 PM Pawan Gupta > wrote: >> >> On 06.09.2021 10:46, Hao Peng wrote: >> >If hypervisor does not support MSR_IA32_TSX_CTRL, but guest supports >> >RTM and HLE features, it will affect TAA mitigation. >> >> Guests are on purpose not allowed to control TSX via MSR_IA32_TSX_CTRL, >> otherwise a malicious guest can enable TSX and attack host or other >> guests. The TAA mitigation within a guest is same as MDS i.e. >> micro-architectural buffer clear using VERW instruction. Support for >> VERW is added by the microcode update and enumerate by >> MSR_ARCH_CAP[MD_CLEAR] bit. >> >> >Signed-off-by: Peng Hao >> >--- >> > arch/x86/kernel/cpu/tsx.c | 7 +++++++ >> > 1 file changed, 7 insertions(+) >> > >> >diff --git a/arch/x86/kernel/cpu/tsx.c b/arch/x86/kernel/cpu/tsx.c >> >index 9c7a5f049292..5e852c14fef2 100644 >> >--- a/arch/x86/kernel/cpu/tsx.c >> >+++ b/arch/x86/kernel/cpu/tsx.c >> >@@ -122,6 +122,13 @@ void __init tsx_init(void) >> > >> > if (!tsx_ctrl_is_supported()) { >> > tsx_ctrl_state = TSX_CTRL_NOT_SUPPORTED; >> >+ >> >+ /* If hypervisor does not support MSR_IA32_TSX_CTRL emulation, >> >+ * but guest supports RTM and HLE features, it will affect TAA >> >+ * (tsx_async_abort)mitigation. >> >+ */ >> >+ setup_clear_cpu_cap(X86_FEATURE_RTM); >> >+ setup_clear_cpu_cap(X86_FEATURE_HLE); >> >> This is not correct. TSX feature can exist without TSX_CTRL MSR. >> Moreover, clearing the cached bits with setup_clear_cpu_cap() doesn't >> disable the TSX feature in CPU. >> >After applying this patch, the output of >/sys/devices/system/cpu/vulnerabilities/tsx_async_abort >becomes “Mitigation: TSX disabled”.Do you mean that tsx is still >enabled in this case in guest? If the host has TSX enabled, guest can use TSX instructions irrespective of what cpu capabilities in the guest says. >I made a mistake in the description before. This problem occurred >under the qemu -cpu Icelake-server . So looks like the real problem is with qemu feature definitions for cpu "Icelake-Server", it is probably not exporting "taa-no". >When I debug this problem to -cpu host, the guest can see taa-no. >Thanks. Thats good.