x86/speculation/mds: Add mds=full,nosmt cmdline option
authorJosh Poimboeuf <jpoimboe@redhat.com>
Tue, 2 Apr 2019 14:59:33 +0000 (09:59 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 14 May 2019 17:19:41 +0000 (19:19 +0200)
commit d71eb0ce109a124b0fa714832823b9452f2762cf upstream.

Add the mds=full,nosmt cmdline option.  This is like mds=full, but with
SMT disabled if the CPU is vulnerable.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Jiri Kosina <jkosina@suse.cz>
[bwh: Backported to 4.9: adjust filenames]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Documentation/hw-vuln/mds.rst
Documentation/kernel-parameters.txt
arch/x86/kernel/cpu/bugs.c

index ff6bfdb..aec9e49 100644 (file)
@@ -260,6 +260,9 @@ time with the option "mds=". The valid arguments for this option are:
 
                It does not automatically disable SMT.
 
+  full,nosmt   The same as mds=full, with SMT disabled on vulnerable
+               CPUs.  This is the complete mitigation.
+
   off          Disables MDS mitigations completely.
 
   ============  =============================================================
index 7164790..4c13470 100644 (file)
@@ -2341,8 +2341,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
                        This parameter controls the MDS mitigation. The
                        options are:
 
-                       full    - Enable MDS mitigation on vulnerable CPUs
-                       off     - Unconditionally disable MDS mitigation
+                       full       - Enable MDS mitigation on vulnerable CPUs
+                       full,nosmt - Enable MDS mitigation and disable
+                                    SMT on vulnerable CPUs
+                       off        - Unconditionally disable MDS mitigation
 
                        Not specifying this option is equivalent to
                        mds=full.
index e0c77a4..a8bef0a 100644 (file)
@@ -218,6 +218,7 @@ static void x86_amd_ssb_disable(void)
 
 /* Default mitigation for L1TF-affected CPUs */
 static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
+static bool mds_nosmt __ro_after_init = false;
 
 static const char * const mds_strings[] = {
        [MDS_MITIGATION_OFF]    = "Vulnerable",
@@ -235,8 +236,13 @@ static void __init mds_select_mitigation(void)
        if (mds_mitigation == MDS_MITIGATION_FULL) {
                if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
                        mds_mitigation = MDS_MITIGATION_VMWERV;
+
                static_branch_enable(&mds_user_clear);
+
+               if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
+                       cpu_smt_disable(false);
        }
+
        pr_info("%s\n", mds_strings[mds_mitigation]);
 }
 
@@ -252,6 +258,10 @@ static int __init mds_cmdline(char *str)
                mds_mitigation = MDS_MITIGATION_OFF;
        else if (!strcmp(str, "full"))
                mds_mitigation = MDS_MITIGATION_FULL;
+       else if (!strcmp(str, "full,nosmt")) {
+               mds_mitigation = MDS_MITIGATION_FULL;
+               mds_nosmt = true;
+       }
 
        return 0;
 }