Commit f02eee68 authored by Josh Poimboeuf's avatar Josh Poimboeuf Committed by Greg Kroah-Hartman

x86/speculation/mds: Add mds=full,nosmt cmdline option

commit d71eb0ce upstream.

Add the mds=full,nosmt cmdline option.  This is like mds=full, but with
SMT disabled if the CPU is vulnerable.
Signed-off-by: default avatarJosh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
Reviewed-by: default avatarTyler Hicks <tyhicks@canonical.com>
Acked-by: default avatarJiri Kosina <jkosina@suse.cz>
[bwh: Backported to 4.9: adjust filenames]
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 3880bc16
...@@ -260,6 +260,9 @@ time with the option "mds=". The valid arguments for this option are: ...@@ -260,6 +260,9 @@ time with the option "mds=". The valid arguments for this option are:
It does not automatically disable SMT. It does not automatically disable SMT.
full,nosmt The same as mds=full, with SMT disabled on vulnerable
CPUs. This is the complete mitigation.
off Disables MDS mitigations completely. off Disables MDS mitigations completely.
============ ============================================================= ============ =============================================================
......
...@@ -2341,8 +2341,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted. ...@@ -2341,8 +2341,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
This parameter controls the MDS mitigation. The This parameter controls the MDS mitigation. The
options are: options are:
full - Enable MDS mitigation on vulnerable CPUs full - Enable MDS mitigation on vulnerable CPUs
off - Unconditionally disable MDS mitigation full,nosmt - Enable MDS mitigation and disable
SMT on vulnerable CPUs
off - Unconditionally disable MDS mitigation
Not specifying this option is equivalent to Not specifying this option is equivalent to
mds=full. mds=full.
......
...@@ -218,6 +218,7 @@ static void x86_amd_ssb_disable(void) ...@@ -218,6 +218,7 @@ static void x86_amd_ssb_disable(void)
/* Default mitigation for L1TF-affected CPUs */ /* Default mitigation for L1TF-affected CPUs */
static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL; static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
static bool mds_nosmt __ro_after_init = false;
static const char * const mds_strings[] = { static const char * const mds_strings[] = {
[MDS_MITIGATION_OFF] = "Vulnerable", [MDS_MITIGATION_OFF] = "Vulnerable",
...@@ -235,8 +236,13 @@ static void __init mds_select_mitigation(void) ...@@ -235,8 +236,13 @@ static void __init mds_select_mitigation(void)
if (mds_mitigation == MDS_MITIGATION_FULL) { if (mds_mitigation == MDS_MITIGATION_FULL) {
if (!boot_cpu_has(X86_FEATURE_MD_CLEAR)) if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
mds_mitigation = MDS_MITIGATION_VMWERV; mds_mitigation = MDS_MITIGATION_VMWERV;
static_branch_enable(&mds_user_clear); static_branch_enable(&mds_user_clear);
if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
cpu_smt_disable(false);
} }
pr_info("%s\n", mds_strings[mds_mitigation]); pr_info("%s\n", mds_strings[mds_mitigation]);
} }
...@@ -252,6 +258,10 @@ static int __init mds_cmdline(char *str) ...@@ -252,6 +258,10 @@ static int __init mds_cmdline(char *str)
mds_mitigation = MDS_MITIGATION_OFF; mds_mitigation = MDS_MITIGATION_OFF;
else if (!strcmp(str, "full")) else if (!strcmp(str, "full"))
mds_mitigation = MDS_MITIGATION_FULL; mds_mitigation = MDS_MITIGATION_FULL;
else if (!strcmp(str, "full,nosmt")) {
mds_mitigation = MDS_MITIGATION_FULL;
mds_nosmt = true;
}
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment