Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp129983pxb; Wed, 16 Feb 2022 23:58:52 -0800 (PST) X-Google-Smtp-Source: ABdhPJwPTz0q4XzjzT6pQB21YeAP4cy8cy2dMXK12INLaocfiV6iycXxXghdoQWTDqzpebOHd7R7 X-Received: by 2002:a63:1848:0:b0:373:41d9:77a2 with SMTP id 8-20020a631848000000b0037341d977a2mr1522709pgy.84.1645084731815; Wed, 16 Feb 2022 23:58:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645084731; cv=none; d=google.com; s=arc-20160816; b=DPv7YmpT0hCC5NWywuZ5Gj2GTG9RKYJ6y4NE9xC3k1EfEIW9ihTA8Bp6ogTNFST1z0 U6bLLyH4HsQ2VSCUWaHaNA8Y69Ri51AaTdNjwTstoIWTapyGaWjfp75T5gG/JrhAqnSX iS/FwmUKSo5o6mXctuHH6ubwEiZI8yi7WduazBtSO0Xf94vVXz1PonXPx8pS4pE9s0N5 NTQmwdttcr5RL1B6gzdRRESKDoCAbJDZ9HqhRgN9A7q8J6yzsKQWhtBFw1gip4OpMKzO qK7exnDbM6qKeDXYMouLP0/EX44haUUwt/851SyTA0ObFHI0ZDiMLm/4iNBY3GTMXzh0 uZFQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=oDlaYpURS0mY/S93Fxt90FT2dbYdR6j8k4Tu9b37GWU=; b=cdbqC0mDU2EINI/PY6z5JicdZmrTASTZMmjnXRHQVWBWKTZgLJuwfPCyf/BKGOuAZd 7w6HiOEtWnu0Nx47SOX4AiODMUj5PxI3SMTQv6LamtcuB4SsXWnlqYrWXmHSoQGyI6Er ZmNbkfe/DweSyZ1Kh0w6FlqPgr02vOh5U9BbZji0jvSsiQ+xPQNBYTbkyx1IFzMtcsNy IsZ1Dhd1zP/z/iKwsJAulHF6A3A8Lj0X/SD+Ft6QildVaITQnBZ1AffaQ4m7RIeaysMh AAjudIZpOxKnQcUfJY9+wZX2eiJXl3mLwY4R1cucT3A9GL6VA3DJ+7ggpZEJVBn69E1p sg1w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EMZ8FzBT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id y21si215594pjp.145.2022.02.16.23.58.36; Wed, 16 Feb 2022 23:58:51 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@intel.com header.s=Intel header.b=EMZ8FzBT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237811AbiBPTAJ (ORCPT + 99 others); Wed, 16 Feb 2022 14:00:09 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:60878 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233070AbiBPTAF (ORCPT ); Wed, 16 Feb 2022 14:00:05 -0500 Received: from mga07.intel.com (mga07.intel.com [134.134.136.100]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0A3462AD677; Wed, 16 Feb 2022 10:59:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=intel.com; i=@intel.com; q=dns/txt; s=Intel; t=1645037993; x=1676573993; h=date:from:to:cc:subject:message-id:references: mime-version:content-transfer-encoding:in-reply-to; bh=oDlaYpURS0mY/S93Fxt90FT2dbYdR6j8k4Tu9b37GWU=; b=EMZ8FzBT38yTiJqfojZ8q+3PcMSxud2VMXgPSPxOHBx7WHcnbNr9Aay1 KwXhsYAboNolpiZPv4CSpMdaPZFVTmcFNTpqSlqYTpI715ZUI4O9MScrm uOczpNW6oAskj0sRA4lXFjdWMa+P3JdOa68cafLU9h3wskDm1PiYcnAWZ E42nK/jcbFhqqNN2r6psfSkHObFRojutTDYfam91KXsehJ5NBjKZ7NmDQ PoTsMTMcPKT9jl9yTxjpkbjsXAUjWHo/RUiYP90eTPHSVaaOeRnRvcFTU zbS56/XwFoAmKnGpt77b64eNv2nKD655nxx3PtteevvvpFqfMbytEWc3b w==; X-IronPort-AV: E=McAfee;i="6200,9189,10260"; a="313971534" X-IronPort-AV: E=Sophos;i="5.88,374,1635231600"; d="scan'208";a="313971534" Received: from orsmga007.jf.intel.com ([10.7.209.58]) by orsmga105.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Feb 2022 10:59:52 -0800 X-IronPort-AV: E=Sophos;i="5.88,374,1635231600"; d="scan'208";a="529651961" Received: from guptapa-mobl1.amr.corp.intel.com ([10.212.185.96]) by orsmga007-auth.jf.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 16 Feb 2022 10:59:51 -0800 Date: Wed, 16 Feb 2022 10:59:50 -0800 From: Pawan Gupta To: Andrew Cooper Cc: Borislav Petkov , Thomas Gleixner , Ingo Molnar , Dave Hansen , "x86@kernel.org" , "H. Peter Anvin" , Andi Kleen , Tony Luck , "linux-kernel@vger.kernel.org" , "antonio.gomez.iglesias@linux.intel.com" , "neelima.krishnan@intel.com" , "stable@vger.kernel.org" Subject: Re: [PATCH] x86/tsx: Use MSR_TSX_CTRL to clear CPUID bits Message-ID: <20220216185950.6nmkllbgawv5tjd7@guptapa-mobl1.amr.corp.intel.com> References: <20220215002014.mb7g4y3hfefmyozx@guptapa-mobl1.amr.corp.intel.com> <20220215121103.vhb2lpoygxn3xywy@guptapa-mobl1.amr.corp.intel.com> <20220215181931.wxfsn2a3npg7xmi2@guptapa-mobl1.amr.corp.intel.com> <20220216003950.5jxecuf773g2kuwl@guptapa-mobl1.amr.corp.intel.com> <6724088f-c7cf-da92-e894-d8970f13bf1e@citrix.com> <20220216012841.vxlnugre2j4pczp7@guptapa-mobl1.amr.corp.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_EF,RCVD_IN_DNSWL_MED,SPF_HELO_NONE, SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 16.02.2022 11:46, Andrew Cooper wrote: >On 16/02/2022 01:28, Pawan Gupta wrote: >> On 16.02.2022 00:49, Andrew Cooper wrote: >>> On 16/02/2022 00:39, Pawan Gupta wrote: >>>> On 15.02.2022 20:33, Borislav Petkov wrote: >>>>> On Tue, Feb 15, 2022 at 10:19:31AM -0800, Pawan Gupta wrote: >>>>>> I admit it has gotten complicated with so many bits associated with >>>>>> TSX. >>>>> >>>>> Yah, and looka here: >>>>> >>>>> https://github.com/andyhhp/xen/commit/ad9f7c3b2e0df38ad6d54f4769d4dccf765fbcee >>>>> >>>>> >>>>> >>>>> It seems it isn't complicated enough. ;-\ >>>>> >>>>> Andy just made me aware of this thing where you guys have added a new >>>>> MSR bit: >>>>> >>>>> MSR_MCU_OPT_CTRL[1] which is called something like >>>>> MCU_OPT_CTRL_RTM_ALLOW or so. >>>> >>>> RTM_ALLOW bit was added to MSR_MCU_OPT_CTRL, but its not set by >>>> default, >>>> and it is *not* recommended to be used in production deployments [1]: >>>> >>>>   Although MSR 0x122 (TSX_CTRL) and MSR 0x123 (IA32_MCU_OPT_CTRL) >>>> can be >>>>   used to reenable Intel TSX for development, doing so is not >>>> recommended >>>>   for production deployments. In particular, applying MD_CLEAR flows >>>> for >>>>   mitigation of the Intel TSX Asynchronous Abort (TAA) transient >>>> execution >>>>   attack may not be effective on these processors when Intel TSX is >>>>   enabled with updated microcode. The processors continue to be >>>> mitigated >>>>   against TAA when Intel TSX is disabled. >>> >>> The purpose of setting RTM_ALLOW isn't to enable TSX per say. >>> >>> The purpose is to make MSR_TSX_CTRL.RTM_DISABLE behaves consistently on >>> all hardware, which reduces the complexity and invasiveness of dealing >>> with this special case, because the TAA workaround will still turn TSX >>> off by default. >>> >>> The configuration you don't want to be running with is RTM_ALLOW && >>> !RTM_DISABLE, because that is "still vulnerable to TSX Async Abort". >> >> I am not sure how a system can end up with RTM_ALLOW && !RTM_DISABLE? I >> have no problem taking care of this case, I am just debating why we need >> it. > >Well for one, when Linux is starting up as the kexec environment >following Xen. > >You're not coding for "what logic should follow a clean microcode >load".  You're coding for "how to take the arbitrary state that my >preceding environment left, and turn it into what I want". I will add the handling for this case (and I am going to follow these words of wisdom in my future work). Thanks, Pawan