From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 25 Feb 2019 21:09:27 -0000 Received: from mail.kernel.org ([198.145.29.99]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gyNV6-0007w6-Pu for speck@linutronix.de; Mon, 25 Feb 2019 22:09:26 +0100 Date: Mon, 25 Feb 2019 22:09:16 +0100 From: Greg KH Subject: [MODERATED] Re: [patch V4 06/11] x86/speculation/mds: Conditionally clear CPU buffers on idle entry Message-ID: <20190225210915.GE12242@kroah.com> References: <20190222222418.405369026@linutronix.de> <20190222224149.616531116@linutronix.de> MIME-Version: 1.0 In-Reply-To: <20190222224149.616531116@linutronix.de> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Fri, Feb 22, 2019 at 11:24:24PM +0100, speck for Thomas Gleixner wrote: > From: Thomas Gleixner > > Add a static key which controls the invocation of the CPU buffer clear > mechanism on idle entry. This is independent of other MDS mitigations > because the idle entry invocation to mitigate the potential leakage due to > store buffer repartitioning is only necessary on SMT systems. > > Add the actual invocations to the different halt/mwait variants which > covers all usage sites. mwaitx is not patched as it's not available on > Intel CPUs. > > The buffer clear is only invoked before entering the C-State to prevent > that stale data from the idling CPU is spilled to the Hyper-Thread sibling > after the Store buffer got repartitioned and all entries are available to > the non idle sibling. > > When coming out of idle the store buffer is partitioned again so each > sibling has half of it available. Now CPU which returned from idle could be > speculatively exposed to contents of the sibling, but the buffers are > flushed either on exit to user space or on VMENTER. > > When later on conditional buffer clearing is implemented on top of this, > then there is no action required either because before returning to user > space the context switch will set the condition flag which causes a flush > on the return to user path. > > This intentionaly does not handle the case in the acpi/processor_idle > driver which uses the legacy IO port interface for C-State transitions for > two reasons: > > - The acpi/processor_idle driver was replaced by the intel_idle driver > almost a decade ago. Anything Nehalem upwards supports it and defaults > to that new driver. > > - The legacy IO port interface is likely to be used on older and therefore > unaffected CPUs or on systems which do not receive microcode updates > anymore, so there is no point in adding that. > > Signed-off-by: Thomas Gleixner > Reviewed-by: Borislav Petkov Comparing this to the Intel paper, I find this way more readable and understandable. Things they "hint" at are actually spelled out here, nice work. Reviewed-by: Greg Kroah-Hartman