89 lines
3.3 KiB
Diff
89 lines
3.3 KiB
Diff
From 71cd118bd3491d54b45c8185bb0d8c3a2466424f Mon Sep 17 00:00:00 2001
|
|
From: Josh Poimboeuf <jpoimboe@redhat.com>
|
|
Date: Tue, 2 Apr 2019 09:59:33 -0500
|
|
Subject: [PATCH 18/30] x86/speculation/mds: Add mds=full,nosmt cmdline option
|
|
|
|
commit d71eb0ce109a124b0fa714832823b9452f2762cf upstream
|
|
|
|
Add the mds=full,nosmt cmdline option. This is like mds=full, but with
|
|
SMT disabled if the CPU is vulnerable.
|
|
|
|
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
|
|
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
|
|
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
|
|
Acked-by: Jiri Kosina <jkosina@suse.cz>
|
|
---
|
|
Documentation/admin-guide/hw-vuln/mds.rst | 3 +++
|
|
Documentation/admin-guide/kernel-parameters.txt | 6 ++++--
|
|
arch/x86/kernel/cpu/bugs.c | 10 ++++++++++
|
|
3 files changed, 17 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
|
|
index 1de29d28903d..244ab47d1fb3 100644
|
|
--- a/Documentation/admin-guide/hw-vuln/mds.rst
|
|
+++ b/Documentation/admin-guide/hw-vuln/mds.rst
|
|
@@ -260,6 +260,9 @@ The kernel command line allows to control the MDS mitigations at boot
|
|
|
|
It does not automatically disable SMT.
|
|
|
|
+ full,nosmt The same as mds=full, with SMT disabled on vulnerable
|
|
+ CPUs. This is the complete mitigation.
|
|
+
|
|
off Disables MDS mitigations completely.
|
|
|
|
============ =============================================================
|
|
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
|
|
index 290f0946f2ef..df8d10668b11 100644
|
|
--- a/Documentation/admin-guide/kernel-parameters.txt
|
|
+++ b/Documentation/admin-guide/kernel-parameters.txt
|
|
@@ -2335,8 +2335,10 @@
|
|
This parameter controls the MDS mitigation. The
|
|
options are:
|
|
|
|
- full - Enable MDS mitigation on vulnerable CPUs
|
|
- off - Unconditionally disable MDS mitigation
|
|
+ full - Enable MDS mitigation on vulnerable CPUs
|
|
+ full,nosmt - Enable MDS mitigation and disable
|
|
+ SMT on vulnerable CPUs
|
|
+ off - Unconditionally disable MDS mitigation
|
|
|
|
Not specifying this option is equivalent to
|
|
mds=full.
|
|
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
|
|
index a7e54a91abc4..3f70da3a4e58 100644
|
|
--- a/arch/x86/kernel/cpu/bugs.c
|
|
+++ b/arch/x86/kernel/cpu/bugs.c
|
|
@@ -219,6 +219,7 @@ static void x86_amd_ssb_disable(void)
|
|
|
|
/* Default mitigation for L1TF-affected CPUs */
|
|
static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
|
|
+static bool mds_nosmt __ro_after_init = false;
|
|
|
|
static const char * const mds_strings[] = {
|
|
[MDS_MITIGATION_OFF] = "Vulnerable",
|
|
@@ -236,8 +237,13 @@ static void __init mds_select_mitigation(void)
|
|
if (mds_mitigation == MDS_MITIGATION_FULL) {
|
|
if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
|
|
mds_mitigation = MDS_MITIGATION_VMWERV;
|
|
+
|
|
static_branch_enable(&mds_user_clear);
|
|
+
|
|
+ if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
|
|
+ cpu_smt_disable(false);
|
|
}
|
|
+
|
|
pr_info("%s\n", mds_strings[mds_mitigation]);
|
|
}
|
|
|
|
@@ -253,6 +259,10 @@ static int __init mds_cmdline(char *str)
|
|
mds_mitigation = MDS_MITIGATION_OFF;
|
|
else if (!strcmp(str, "full"))
|
|
mds_mitigation = MDS_MITIGATION_FULL;
|
|
+ else if (!strcmp(str, "full,nosmt")) {
|
|
+ mds_mitigation = MDS_MITIGATION_FULL;
|
|
+ mds_nosmt = true;
|
|
+ }
|
|
|
|
return 0;
|
|
}
|