| From e3ef0729359b15dcecbe1a5da4dfe32612a1590d Mon Sep 17 00:00:00 2001 |
| From: Josh Poimboeuf <jpoimboe@redhat.com> |
| Date: Tue, 2 Apr 2019 09:59:33 -0500 |
| Subject: [PATCH 18/30] x86/speculation/mds: Add mds=full,nosmt cmdline option |
| |
| commit d71eb0ce109a124b0fa714832823b9452f2762cf upstream |
| |
| Add the mds=full,nosmt cmdline option. This is like mds=full, but with |
| SMT disabled if the CPU is vulnerable. |
| |
| Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> |
| Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
| Reviewed-by: Tyler Hicks <tyhicks@canonical.com> |
| Acked-by: Jiri Kosina <jkosina@suse.cz> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| Documentation/admin-guide/hw-vuln/mds.rst | 3 +++ |
| Documentation/admin-guide/kernel-parameters.txt | 6 ++++-- |
| arch/x86/kernel/cpu/bugs.c | 10 ++++++++++ |
| 3 files changed, 17 insertions(+), 2 deletions(-) |
| |
| diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst |
| index 1de29d28903d..244ab47d1fb3 100644 |
| --- a/Documentation/admin-guide/hw-vuln/mds.rst |
| +++ b/Documentation/admin-guide/hw-vuln/mds.rst |
| @@ -260,6 +260,9 @@ time with the option "mds=". The valid arguments for this option are: |
| |
| It does not automatically disable SMT. |
| |
| + full,nosmt The same as mds=full, with SMT disabled on vulnerable |
| + CPUs. This is the complete mitigation. |
| + |
| off Disables MDS mitigations completely. |
| |
| ============ ============================================================= |
| diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt |
| index 290f0946f2ef..df8d10668b11 100644 |
| --- a/Documentation/admin-guide/kernel-parameters.txt |
| +++ b/Documentation/admin-guide/kernel-parameters.txt |
| @@ -2335,8 +2335,10 @@ |
| This parameter controls the MDS mitigation. The |
| options are: |
| |
| - full - Enable MDS mitigation on vulnerable CPUs |
| - off - Unconditionally disable MDS mitigation |
| + full - Enable MDS mitigation on vulnerable CPUs |
| + full,nosmt - Enable MDS mitigation and disable |
| + SMT on vulnerable CPUs |
| + off - Unconditionally disable MDS mitigation |
| |
| Not specifying this option is equivalent to |
| mds=full. |
| diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c |
| index a7e54a91abc4..3f70da3a4e58 100644 |
| --- a/arch/x86/kernel/cpu/bugs.c |
| +++ b/arch/x86/kernel/cpu/bugs.c |
| @@ -219,6 +219,7 @@ static void x86_amd_ssb_disable(void) |
| |
| /* Default mitigation for L1TF-affected CPUs */ |
| static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL; |
| +static bool mds_nosmt __ro_after_init = false; |
| |
| static const char * const mds_strings[] = { |
| [MDS_MITIGATION_OFF] = "Vulnerable", |
| @@ -236,8 +237,13 @@ static void __init mds_select_mitigation(void) |
| if (mds_mitigation == MDS_MITIGATION_FULL) { |
| if (!boot_cpu_has(X86_FEATURE_MD_CLEAR)) |
| mds_mitigation = MDS_MITIGATION_VMWERV; |
| + |
| static_branch_enable(&mds_user_clear); |
| + |
| + if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY)) |
| + cpu_smt_disable(false); |
| } |
| + |
| pr_info("%s\n", mds_strings[mds_mitigation]); |
| } |
| |
| @@ -253,6 +259,10 @@ static int __init mds_cmdline(char *str) |
| mds_mitigation = MDS_MITIGATION_OFF; |
| else if (!strcmp(str, "full")) |
| mds_mitigation = MDS_MITIGATION_FULL; |
| + else if (!strcmp(str, "full,nosmt")) { |
| + mds_mitigation = MDS_MITIGATION_FULL; |
| + mds_nosmt = true; |
| + } |
| |
| return 0; |
| } |
| -- |
| 2.21.0 |
| |