From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 06 Mar 2019 16:14:26 -0000 Received: from mail.kernel.org ([198.145.29.99]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1h1ZBY-0007XU-Up for speck@linutronix.de; Wed, 06 Mar 2019 17:14:25 +0100 Received: from localhost (lfbn-1-18527-45.w90-101.abo.wanadoo.fr [90.101.69.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B227E20684 for ; Wed, 6 Mar 2019 16:14:17 +0000 (UTC) Date: Wed, 6 Mar 2019 17:14:15 +0100 From: Frederic Weisbecker Subject: [MODERATED] Re: [patch V6 09/14] MDS basics 9 Message-ID: <20190306161414.GB18392@lenoir> References: <20190301214738.281554861@linutronix.de> <20190301214847.984923807@linutronix.de> MIME-Version: 1.0 In-Reply-To: <20190301214847.984923807@linutronix.de> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Fri, Mar 01, 2019 at 10:47:47PM +0100, speck for Thomas Gleixner wrote: > Subject: [patch V6 09/14] x86/speculation/mds: Conditionally clear CPU buffers on idle entry > From: Thomas Gleixner > > Add a static key which controls the invocation of the CPU buffer clear > mechanism on idle entry. This is independent of other MDS mitigations > because the idle entry invocation to mitigate the potential leakage due to > store buffer repartitioning is only necessary on SMT systems. > > Add the actual invocations to the different halt/mwait variants which > covers all usage sites. mwaitx is not patched as it's not available on > Intel CPUs. > > The buffer clear is only invoked before entering the C-State to prevent > that stale data from the idling CPU is spilled to the Hyper-Thread sibling > after the Store buffer got repartitioned and all entries are available to > the non idle sibling. > > When coming out of idle the store buffer is partitioned again so each > sibling has half of it available. Now CPU which returned from idle could be > speculatively exposed to contents of the sibling, but the buffers are > flushed either on exit to user space or on VMENTER. > > When later on conditional buffer clearing is implemented on top of this, > then there is no action required either because before returning to user > space the context switch will set the condition flag which causes a flush > on the return to user path. > > Note, that the buffer clearing on idle is only sensible on CPUs which are > solely affected by MSBDS and not any other variant of MDS because the other > MDS variants cannot be mitigated when SMT is enabled, so the buffer > clearing on idle would be a window dressing exercise. > > This intentionally does not handle the case in the acpi/processor_idle > driver which uses the legacy IO port interface for C-State transitions for > two reasons: > > - The acpi/processor_idle driver was replaced by the intel_idle driver > almost a decade ago. Anything Nehalem upwards supports it and defaults > to that new driver. > > - The legacy IO port interface is likely to be used on older and therefore > unaffected CPUs or on systems which do not receive microcode updates > anymore, so there is no point in adding that. > > Signed-off-by: Thomas Gleixner > Reviewed-by: Borislav Petkov > Reviewed-by: Greg Kroah-Hartman Reviewed-by: Frederic Weisbecker