On Tue, Jan 21, 2020 at 07:49:39PM +0100, Kashyap Chamarthy wrote:
[...]
> +@item @code{taa-no}
> +
> +Recommended to inform that the guest that the host is @i{not} vulnerable
> +to CVE-2019-11135, TSX Asyncrnous Abort (TAA).
> +
> +This too is an MSR feature, so it does not show up in the Linux
> +@code{/proc/cpuinfo} in the host or guest.
> +
> +It should only be enabled for VMs if the host reports @code{Not
> +affected} in the
> +@code{/sys/devices/system/cpu/vulnerabilities/tsx_async_abort} file.
> +
> +@item @code{tsx-ctrl}
> +
> +Recommended to inform the guest to @i{disable} the Intel TSX
> +(Transactional Synchronization Extensions) feature. Expose this to the
> +guest OS if and only if: (a) the host has TSX enabled; and (b) the guest
> +has @code{rtm} CPU flag enabled.
> +
> +By disabling TSX, KVM-based guests can avoid paying the price of
> +mitigting TSX-based attacks.
> +
> +Note that too is an MSR feature,
"Note that too" --> "Note that this too"
(Will wait for other feedback. If there no need to respin, maybe the
pull-req submitter can do the touch-up.)
> so it does not show up in the Linux
> +@code{/proc/cpuinfo} in the host or guest.
> +
> @end table
>
> -
> @node preferred_cpu_models_amd_x86
> @subsubsection Preferred CPU models for AMD x86 hosts
>
> --
> 2.21.0
>
>
--
/kashyap
