Re: MMIO and VERW

[Pawan Gupta]

On Tue, Mar 18, 2025 at 03:16:59PM +0100, Borislav Petkov wrote:
> Carving this thing out into a separate thread:
> 
> On Thu, Mar 13, 2025 at 12:26:06PM -0700, Pawan Gupta wrote:
> > On Thu, Mar 13, 2025 at 10:36:17AM +0100, Borislav Petkov wrote:
> > > I'd expect to see:
> > > 
> > > 	if (mmio_mitigation == MMIO_MITIGATION_AUTO) {
> > >                 mmio_mitigation = MMIO_MITIGATION_VERW;
> > > 		verw_mitigation_selected = true;
> > > 	}
> > > 
> > >         if (boot_cpu_has_bug(X86_BUG_MDS) || taa_vulnerable())
> > >                 verw_mitigation_selected = true;
> > > 
> > > because the above branch already selected MMIO_MITIGATION_VERW so we might as
> > > well set verw_mitigation_selected, right?
> > 
> > There is a subtle difference between setting verw_mitigation_selected and
> > MMIO_MITIGATION_VERW. The former is a system-wide switch that indicates
> > VERW is needed at both kernel-exit and VMenter. MMIO Stale Data is
> > different from other VERW based mitigations because it only requires VERW
> > at VMenter, when not affected by MDS/TAA. So, turning the system-wide knob
> > here would be wrong.
> 
> Realistically speaking, do we have a machine where you *only* enable VERW on
> VMENTER?

Yes, more on it below.

> I'm not talking about some experimentation scenario where one measures which
> mitigations cost how much.
> 
> Do we have a real-life hw configuration where the *only* VERW mitigation
> needed is at VMENTER because that machine is affected *only* by MMIO and no
> other VERW-based mitigation is needed?

Rocket Lake, Comet Lake, Ice Lake with tsx=off only require VERW at
VMENTER. There are other MMIO affected CPUs that are not affected by MDS
and do not support TSX or disable it by default.