Merge branch 'x86-mds-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...

Pull x86 MDS mitigations from Thomas Gleixner:
 "Microarchitectural Data Sampling (MDS) is a hardware vulnerability
  which allows unprivileged speculative access to data which is
  available in various CPU internal buffers. This new set of misfeatures
  has the following CVEs assigned:

     CVE-2018-12126  MSBDS  Microarchitectural Store Buffer Data Sampling
     CVE-2018-12130  MFBDS  Microarchitectural Fill Buffer Data Sampling
     CVE-2018-12127  MLPDS  Microarchitectural Load Port Data Sampling
     CVE-2019-11091  MDSUM  Microarchitectural Data Sampling Uncacheable Memory

  MDS attacks target microarchitectural buffers which speculatively
  forward data under certain conditions. Disclosure gadgets can expose
  this data via cache side channels.

  Contrary to other speculation based vulnerabilities the MDS
  vulnerability does not allow the attacker to control the memory target
  address. As a consequence the attacks are purely sampling based, but
  as demonstrated with the TLBleed attack samples can be postprocessed
  successfully.

  The mitigation is to flush the microarchitectural buffers on return to
  user space and before entering a VM. It's bolted on the VERW
  instruction and requires a microcode update. As some of the attacks
  exploit data structures shared between hyperthreads, full protection
  requires to disable hyperthreading. The kernel does not do that by
  default to avoid breaking unattended updates.

  The mitigation set comes with documentation for administrators and a
  deeper technical view"

* 'x86-mds-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits)
  x86/speculation/mds: Fix documentation typo
  Documentation: Correct the possible MDS sysfs values
  x86/mds: Add MDSUM variant to the MDS documentation
  x86/speculation/mds: Add 'mitigations=' support for MDS
  x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
  x86/speculation/mds: Fix comment
  x86/speculation/mds: Add SMT warning message
  x86/speculation: Move arch_smt_update() call to after mitigation decisions
  x86/speculation/mds: Add mds=full,nosmt cmdline option
  Documentation: Add MDS vulnerability documentation
  Documentation: Move L1TF to separate directory
  x86/speculation/mds: Add mitigation mode VMWERV
  x86/speculation/mds: Add sysfs reporting for MDS
  x86/speculation/mds: Add mitigation control for MDS
  x86/speculation/mds: Conditionally clear CPU buffers on idle entry
  x86/kvm/vmx: Add MDS protection when L1D Flush is not active
  x86/speculation/mds: Clear CPU buffers on exit to user
  x86/speculation/mds: Add mds_clear_cpu_buffers()
  x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
  x86/speculation/mds: Add BUG_MSBDS_ONLY
  ...

diff --cc Documentation/ABI/testing/sysfs-devices-system-cpu
Simple merge

diff --cc Documentation/admin-guide/index.rst
Simple merge

diff --cc Documentation/admin-guide/kernel-parameters.txt
index 08df588057036e2eba4c4fcc38281ddc98a8711f,18cad2b0392aa76ae207f2691922590a21f7740e..43176340c73dc43d2e888f2de69917bd9a97a918
--- 1/Documentation/admin-guide/kernel-parameters.txt
--- 2/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@@ -2557,14 -2550,13 +2583,15 @@@
                                improves system performance, but it may also
                                expose users to several CPU vulnerabilities.
                                Equivalent to: nopti [X86,PPC]
 +                                             kpti=0 [ARM64]
                                               nospectre_v1 [PPC]
                                               nobp=0 [S390]
 -                                             nospectre_v2 [X86,PPC,S390]
 +                                             nospectre_v2 [X86,PPC,S390,ARM64]
                                               spectre_v2_user=off [X86]
                                               spec_store_bypass_disable=off [X86,PPC]
 +                                             ssbd=force-off [ARM64]
                                               l1tf=off [X86]
+                                              mds=off [X86]
  
                        auto (default)
                                Mitigate all CPU vulnerabilities, but leave SMT

diff --cc Documentation/index.rst
index 9e01aace4f48ca46885241da10e30413727c0483,63864826dcd66749dfa5cff762ef9d896acc0e3f..a7566ef624112abb79087bd6ce6fe3b361f57276
--- 1/Documentation/index.rst
--- 2/Documentation/index.rst
+++ b/Documentation/index.rst
@@@ -112,8 -100,8 +112,9 @@@ implementation
  .. toctree::
     :maxdepth: 2
  
 +   x86/index
     sh/index
+    x86/index
  
  Filesystem Documentation
  ------------------------

diff --cc Documentation/x86/index.rst
index 73a487957fd4c7e1f8edf9bbdd423c07259638fd,ef389dcf1b1d3cc6a01d334fff858c21c696c931..ae36fc5fc649fed482ce0cc60936bbd1bb4409cc
--- 1/Documentation/x86/index.rst
--- 2/Documentation/x86/index.rst
+++ b/Documentation/x86/index.rst
@@@ -5,26 -3,6 +5,27 @@@ x86-specific Documentatio
  ==========================
  
  .. toctree::
 -   :maxdepth: 1
 +   :maxdepth: 2
 +   :numbered:
  
 +   boot
 +   topology
 +   exception-tables
 +   kernel-stacks
 +   entry_64
 +   earlyprintk
 +   orc-unwinder
 +   zero-page
 +   tlb
 +   mtrr
 +   pat
 +   protection-keys
 +   intel_mpx
 +   amd-memory-encryption
 +   pti
+    mds
 +   microcode
 +   resctrl_ui
 +   usb-legacy-support
 +   i386/index
 +   x86_64/index

diff --cc arch/x86/entry/common.c
index 51beb8d29123a66f28e1d4d6e0f35c160a9913f7,19f650d729f5d5aa96ec91bccff93ec4cba3064d..a986b3c8294c8df7ee0157b27b665cfc4e05d894
--- 1/arch/x86/entry/common.c
--- 2/arch/x86/entry/common.c
+++ b/arch/x86/entry/common.c
@@@ -30,8 -29,9 +30,9 @@@
  #include <asm/desc.h>
  #include <asm/traps.h>
  #include <asm/vdso.h>
 -#include <linux/uaccess.h>
  #include <asm/cpufeature.h>
 +#include <asm/fpu/api.h>
+ #include <asm/nospec-branch.h>
  
  #define CREATE_TRACE_POINTS
  #include <trace/events/syscalls.h>

diff --cc arch/x86/include/asm/cpufeatures.h
index 981ff94796484426911c41e333b82ef395380caa,bdcea163850a30167fdbac942b03bb75b35e6643..75f27ee2c263f4233f7818c52c1afa4a3fca768b
--- 1/arch/x86/include/asm/cpufeatures.h
--- 2/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@@ -344,7 -344,7 +344,8 @@@
  /* Intel-defined CPU features, CPUID level 0x00000007:0 (EDX), word 18 */
  #define X86_FEATURE_AVX512_4VNNIW     (18*32+ 2) /* AVX-512 Neural Network Instructions */
  #define X86_FEATURE_AVX512_4FMAPS     (18*32+ 3) /* AVX-512 Multiply Accumulation Single precision */
+ #define X86_FEATURE_MD_CLEAR          (18*32+10) /* VERW clears CPU buffers */
 +#define X86_FEATURE_TSX_FORCE_ABORT   (18*32+13) /* "" TSX_FORCE_ABORT */
  #define X86_FEATURE_PCONFIG           (18*32+18) /* Intel PCONFIG */
  #define X86_FEATURE_SPEC_CTRL         (18*32+26) /* "" Speculation Control (IBRS + IBPB) */
  #define X86_FEATURE_INTEL_STIBP               (18*32+27) /* "" Single Thread Indirect Branch Predictors */

diff --cc arch/x86/include/asm/msr-index.h
Simple merge

diff --cc arch/x86/include/asm/nospec-branch.h
Simple merge

diff --cc arch/x86/include/asm/processor.h
Simple merge

diff --cc arch/x86/kernel/cpu/bugs.c
Simple merge

diff --cc arch/x86/kernel/cpu/common.c
Simple merge

diff --cc arch/x86/kernel/nmi.c
Simple merge

diff --cc arch/x86/kernel/traps.c
Simple merge

diff --cc arch/x86/kvm/cpuid.c
Simple merge

diff --cc arch/x86/kvm/vmx/vmx.c
index 9663d41cc2bc7ee3e7e17c227880a9ea7992d89f,b0597507bde7d8490991076fdd8f2abce0f47006..e1fa935a545ffad093b32ec41a46a1fd37658a0a
--- 1/arch/x86/kvm/vmx/vmx.c
--- 2/arch/x86/kvm/vmx/vmx.c
+++ b/arch/x86/kvm/vmx/vmx.c
@@@ -6431,16 -6575,7 +6431,19 @@@ static void vmx_vcpu_run(struct kvm_vcp
         */
        x86_spec_ctrl_set_guest(vmx->spec_ctrl, 0);
  
 -      __vmx_vcpu_run(vcpu, vmx);
++      /* L1D Flush includes CPU buffer clear to mitigate MDS */
 +      if (static_branch_unlikely(&vmx_l1d_should_flush))
 +              vmx_l1d_flush(vcpu);
++      else if (static_branch_unlikely(&mds_user_clear))
++              mds_clear_cpu_buffers();
 +
 +      if (vcpu->arch.cr2 != read_cr2())
 +              write_cr2(vcpu->arch.cr2);
 +
 +      vmx->fail = __vmx_vcpu_run(vmx, (unsigned long *)&vcpu->arch.regs,
 +                                 vmx->loaded_vmcs->launched);
 +
 +      vcpu->arch.cr2 = read_cr2();
  
        /*
         * We do not use IBRS in the kernel. If this vCPU has used the

diff --cc drivers/base/cpu.c
Simple merge

diff --cc include/linux/cpu.h
Simple merge