Re: [PATCH 5/5] KVM: vmx: use MSR_IA32_TSX_CTRL to hard-disable TSX on guest that lack it

From: Paolo Bonzini
Date: Thu Nov 21 2019 - 04:05:13 EST

On 21/11/19 03:22, Eduardo Habkost wrote:
> On Mon, Nov 18, 2019 at 07:17:47PM +0100, Paolo Bonzini wrote:
>> If X86_FEATURE_RTM is disabled, the guest should not be able to access
>> MSR_IA32_TSX_CTRL. We can therefore use it in KVM to force all
>> transactions from the guest to abort.
>> Signed-off-by: Paolo Bonzini <pbonzini@xxxxxxxxxx>
> So, without this patch guest OSes will incorrectly report "Not
> affected" at /sys/devices/system/cpu/vulnerabilities/tsx_async_abort
> if RTM is disabled in the VM configuration.
> Is there anything host userspace can do to detect this situation
> and issue a warning on that case?
> Is there anything the guest kernel can do to detect this and not
> report a false negative at /sys/.../tsx_async_abort?

Unfortunately not. The hypervisor needs to know about TAA in order to
mitigate it on behalf of the guest. At least this doesn't require an
updated userspace and VM configuration!