Re: [PATCH] x86/speculation: Fix incorrect MDS/TAA mitigation status

From: Waiman Long
Date: Thu Nov 14 2019 - 16:58:35 EST


On 11/14/19 3:12 PM, Pawan Gupta wrote:
> On Wed, Nov 13, 2019 at 02:33:50PM -0500, Waiman Long wrote:
>> For MDS vulnerable processors with TSX support, enabling either MDS
>> or TAA mitigations will enable the use of VERW to flush internal
>> processor buffers at the right code path. IOW, they are either both
>> mitigated or both not mitigated. However, if the command line options
>> are inconsistent, the vulnerabilites sysfs files may not report the
>> mitigation status correctly.
>>
>> For example, with only the "mds=off" option:
>>
>> vulnerabilities/mds:Vulnerable; SMT vulnerable
>> vulnerabilities/tsx_async_abort:Mitigation: Clear CPU buffers; SMT vulnerable
>>
>> The mds vulnerabilities file has wrong status in this case.
>>
>> Change taa_select_mitigation() to sync up the two mitigation status
>> and have them turned off if both "mds=off" and "tsx_async_abort=off"
>> are present.
>>
>> Signed-off-by: Waiman Long <longman@xxxxxxxxxx>
>> ---
>> arch/x86/kernel/cpu/bugs.c | 17 +++++++++++++++--
>> 1 file changed, 15 insertions(+), 2 deletions(-)
>>
>> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
>> index 4c7b0fa15a19..418d41c1fd0d 100644
>> --- a/arch/x86/kernel/cpu/bugs.c
>> +++ b/arch/x86/kernel/cpu/bugs.c
>> @@ -304,8 +304,12 @@ static void __init taa_select_mitigation(void)
>> return;
>> }
>>
>> - /* TAA mitigation is turned off on the cmdline (tsx_async_abort=off) */
>> - if (taa_mitigation == TAA_MITIGATION_OFF)
>> + /*
>> + * TAA mitigation via VERW is turned off if both
>> + * tsx_async_abort=off and mds=off are specified.
>> + */
>> + if (taa_mitigation == TAA_MITIGATION_OFF &&
>> + mds_mitigation == MDS_MITIGATION_OFF)
>> goto out;
>>
>> if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
>> @@ -339,6 +343,15 @@ static void __init taa_select_mitigation(void)
>> if (taa_nosmt || cpu_mitigations_auto_nosmt())
>> cpu_smt_disable(false);
>>
>> + /*
>> + * Update MDS mitigation, if necessary, as the mds_user_clear is
>> + * now enabled for TAA mitigation.
>> + */
>> + if (mds_mitigation == MDS_MITIGATION_OFF &&
>> + boot_cpu_has_bug(X86_BUG_MDS)) {
>> + mds_mitigation = MDS_MITIGATION_FULL;
>> + mds_select_mitigation();
> This will cause a confusing print in dmesg from previous and this call
> to mds_select_mitigation().
>
> "MDS: Vulnerable"
> "MDS: Mitigation: Clear CPU buffers"
Yes, that is the side effect of this patch. It is the last message that
is relevant. We saw this kind of messages all the time with early
loading of microcode. A message showing a hardware vulnerability as
vulnerable and then another message showing it as mitigated after the
loading of microcode.
>
> Maybe delay MDS mitigation print till TAA is evaluated.

I will see what can be done about that. However, this is not a critical
issue and I may not change it if there is no easy solution.

Cheers,
Longman