From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bp@suse.de>
Received: from mail.linutronix.de (146.0.238.70:993) by
  crypto-ml.lab.linutronix.de with IMAP4-SSL for <speck@linutronix.de>; 22 Feb
  2019 15:54:36 -0000
Received: from mx2.suse.de ([195.135.220.15] helo=mx1.suse.de)
	by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <bp@suse.de>)
	id 1gxD9m-0006kc-ML
	for speck@linutronix.de; Fri, 22 Feb 2019 16:54:35 +0100
Received: from relay2.suse.de (unknown [195.135.220.254])
	by mx1.suse.de (Postfix) with ESMTP id 5D2F2AE5C
	for <speck@linutronix.de>; Fri, 22 Feb 2019 15:54:29 +0000 (UTC)
Date: Fri, 22 Feb 2019 16:54:27 +0100
From: Borislav Petkov <bp@suse.de>
Subject: [MODERATED] Re: [patch V3 9/9] MDS basics 9
Message-ID: <20190222155426.GF30865@zn.tnic>
References: <20190221234431.922117624@linutronix.de>
 <20190221235535.207933985@linutronix.de>
MIME-Version: 1.0
In-Reply-To: <20190221235535.207933985@linutronix.de>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
To: speck@linutronix.de
List-ID: <speck.linutronix.de>

On Fri, Feb 22, 2019 at 12:44:40AM +0100, speck for Thomas Gleixner wrote:
> Subject: [patch V3 9/9] x86/speculation/mds: Add mitigation mode VMWERV
> From: Thomas Gleixner <tglx@linutronix.de>
>=20
> In virtualized environments it can happen that the host has the microcode
> update which utilizes the VERW instruction to clear CPU buffers, but the
> hypervisor is not yet updated to expose the X86_FEATURE_MD_CLEAR CPUID bit
> to guests.
>=20
> Introduce an internal mitigation mode 'VWWERV' which enables the invocation
					 ^
					 VMWERV


> of the CPU buffer clearing even if X86_FEATURE_MD_CLEAR is not set. If the
> system has no updated microcode this results in a pointless execution of
> the VERW instruction wasting a few CPU cycles. If the microcode is updated,
> but not exposed to a guest then the CPU buffers will be cleared.
>=20
> That said: Virtual Machines Will Eventually Receive Vaccine

Haha.

>=20
> Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
> ---
> V2 -> V3: Rename mode.
> ---
>  Documentation/x86/mds.rst        |    5 +++++
>  arch/x86/include/asm/processor.h |    1 +
>  arch/x86/kernel/cpu/bugs.c       |   14 ++++++++------
>  3 files changed, 14 insertions(+), 6 deletions(-)
>=20
> --- a/Documentation/x86/mds.rst
> +++ b/Documentation/x86/mds.rst
> @@ -88,6 +88,11 @@ The mitigation is invoked on kernel/user
>  (idle) transitions. Depending on the mitigation mode and the system state
>  the invocation can be enforced or conditional.
> =20
> +As a special quirk to address virtualization scenarios where the host has
> +the microcode updated, but the hypervisor does not (yet) expose the
> +MD_CLEAR CPUID bit to guests, the kernel issues the VERW instruction in the
> +hope that it might work. The state is reflected accordingly.

"... in the hope that it would clear the buffers, additionally."

It will work, the question is how much more will it do. :)

In any case:

Reviewed-by: Borislav Petkov <bp@suse.de>

--=20
Regards/Gruss,
    Boris.

SUSE Linux GmbH, GF: Felix Imend=C3=B6rffer, Jane Smithard, Graham Norton, HR=
B 21284 (AG N=C3=BCrnberg)
--=20