[MODERATED] Re: [patch V3 9/9] MDS basics 9

[Greg KH <gregkh@linuxfoundation.org>]

On Fri, Feb 22, 2019 at 11:38:36AM +0100, speck for Thomas Gleixner wrote:
> On Fri, 22 Feb 2019, speck for Greg KH wrote:
> > On Fri, Feb 22, 2019 at 12:44:40AM +0100, speck for Thomas Gleixner wrote:
> > >  static void mds_select_mitigation(void)
> > > @@ -236,12 +237,12 @@ static void mds_select_mitigation(void)
> > >  		break;
> > >  	case MDS_MITIGATION_AUTO:
> > >  	case MDS_MITIGATION_FULL:
> > > -		if (boot_cpu_has(X86_FEATURE_MD_CLEAR)) {
> > > +	case MDS_MITIGATION_VMWERV:
> > > +		if (boot_cpu_has(X86_FEATURE_MD_CLEAR))
> > >  			mds_mitigation = MDS_MITIGATION_FULL;
> > > -			static_branch_enable(&mds_user_clear);
> > > -		} else {
> > > -			mds_mitigation = MDS_MITIGATION_OFF;
> > > -		}
> > > +		else
> > > +			mds_mitigation = MDS_MITIGATION_VMWERV;
> > > +		static_branch_enable(&mds_user_clear);
> > 
> > So did we just loose the ability at "auto" to turn this off if present,
> > because we really do not know if we can turn it off automatically?
> > 
> > Or am I reading this code wrong?
> > 
> > Should there be a new usespace command line option for "vmwerv"?
> 
> I'd prefer not. So the logic here is:
> 
> if CPU not affected:
>    do nothing
> 
> if 'off':
>    do nothing
> 
> if 'auto' or 'full':
>    enable VERW
> 
> The latter has two variants:
> 
>   1) cpuid MD_CLEAR is set
> 
>      Switches the internal mode to FULL and VERW provides real protection.
> 
>   2) cpuid MD_CLEAR is not set
> 
>      Switches the internal mode to VMWERV, issues VERW which protects or
>      not. If microcode is not updated the VERW wastes a few cpu cycles
>      pointlessly.
> 
> The internal state is there so the dmesg/sysfs output reflects the
> protection state real vs. lottery.

Ok, thanks, that makes more sense.  That might want to go into the
documentation somewhere :)

thanks,

greg k-h