[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v2] qemu-cpu-models: Document -noTSX, mds-no, taa-no, and tsx
From: |
Kashyap Chamarthy |
Subject: |
Re: [PATCH v2] qemu-cpu-models: Document -noTSX, mds-no, taa-no, and tsx-ctrl |
Date: |
Mon, 27 Jan 2020 11:29:05 +0100 |
On Wed, Jan 22, 2020 at 06:20:51PM +0100, Paolo Bonzini wrote:
> On 21/01/20 19:49, Kashyap Chamarthy wrote:
> > Question: How can a user validate that TSX is indeed disabled for the
> > guest?
>
> Look for rtm in /proc/cpuinfo, or look at the TAA entry in the sysfs
> vulnerabilities directory.
Noted.
[...]
> > +@item @code{taa-no}
> > +
> > +Recommended to inform that the guest that the host is @i{not} vulnerable
> > +to CVE-2019-11135, TSX Asyncrnous Abort (TAA).
>
> Asynchronous
Will fix.
[...]
> > +@item @code{tsx-ctrl}
> > +
> > +Recommended to inform the guest to @i{disable} the Intel TSX
> > +(Transactional Synchronization Extensions) feature.
>
> Not "to disable" but rather:
>
> Recommended to inform the guest that it can disable the Intel TSX
> feature or (if vulnerable) use the VERW instruction as a mitigation for
> the TAA vulnerability.
Thanks. I'll make that last bit to:
... use the Intel 'VERW' instruction (a processor-level instruction
that performs checks on memory access) as a mitigation for the
TAA vulnerability.
Hope that's accurate-but-vague-enough description of 'VERW'. (I
realize, as Dave Gilbert said on IRC, the actual description of VERW is
besides the point, as Intel reused that to do something else in addition
to its original purpose).
I just wanted to note a small, high-level blurb on _what_ VERW is,
because I feel awkward leaving such words like that in the air in a
user-facing doc.
[...]
--
/kashyap
- [PATCH v2] qemu-cpu-models: Document -noTSX, mds-no, taa-no, and tsx-ctrl, Kashyap Chamarthy, 2020/01/21
- Re: [PATCH v2] qemu-cpu-models: Document -noTSX, mds-no, taa-no, and tsx-ctrl, Kashyap Chamarthy, 2020/01/22
- Re: [PATCH v2] qemu-cpu-models: Document -noTSX, mds-no, taa-no, and tsx-ctrl, Paolo Bonzini, 2020/01/22
- Re: [PATCH v2] qemu-cpu-models: Document -noTSX, mds-no, taa-no, and tsx-ctrl,
Kashyap Chamarthy <=