x86/speculation/mds: Add 'mitigations=' support for MDS

commit 5c14068f87d04adc73ba3f41c2a303d3c3d1fa12 upstream.

Add MDS to the new 'mitigations=' cmdline option.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 5f81df18b2be44ee31735e603e2cbb557303d840..55a9bbbcf5e1e6f2844fe601b4c250ec93283b40 100644 (file)
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2488,6 +2488,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
                                               spectre_v2_user=off [X86]
                                               spec_store_bypass_disable=off [X86]
                                               l1tf=off [X86]
+                                              mds=off [X86]
 
                        auto (default)
                                Mitigate all CPU vulnerabilities, but leave SMT
@@ -2502,6 +2503,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
                                if needed.  This is for users who always want to
                                be fully mitigated, even if it means losing SMT.
                                Equivalent to: l1tf=flush,nosmt [X86]
+                                              mds=full,nosmt [X86]
 
        mminit_loglevel=
                        [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index c2e07be3773c5a7630fd29c5cf123f8af9e4adc4..6eef57e83af76a171d2a86e4b989071765c0552d 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -230,7 +230,7 @@ static const char * const mds_strings[] = {
 
 static void __init mds_select_mitigation(void)
 {
-       if (!boot_cpu_has_bug(X86_BUG_MDS)) {
+       if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
                mds_mitigation = MDS_MITIGATION_OFF;
                return;
        }
@@ -241,7 +241,8 @@ static void __init mds_select_mitigation(void)
 
                static_branch_enable(&mds_user_clear);
 
-               if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
+               if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) &&
+                   (mds_nosmt || cpu_mitigations_auto_nosmt()))
                        cpu_smt_disable(false);
        }