x86/speculation/mds: Add 'mitigations=' support for MDS

Add MDS to the new 'mitigations=' cmdline option.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 9aa3543a8723ecf8da77f6e1aaa24a4646e40edb..18cad2b0392aa76ae207f2691922590a21f7740e 100644 (file)
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2556,6 +2556,7 @@
                                               spectre_v2_user=off [X86]
                                               spec_store_bypass_disable=off [X86,PPC]
                                               l1tf=off [X86]
                                               spectre_v2_user=off [X86]
                                               spec_store_bypass_disable=off [X86,PPC]
                                               l1tf=off [X86]

+                                              mds=off [X86]

 
                        auto (default)
                                Mitigate all CPU vulnerabilities, but leave SMT
 
                        auto (default)
                                Mitigate all CPU vulnerabilities, but leave SMT


@@ -2570,6 +2571,7 @@
                                if needed.  This is for users who always want to
                                be fully mitigated, even if it means losing SMT.
                                Equivalent to: l1tf=flush,nosmt [X86]
                                if needed.  This is for users who always want to
                                be fully mitigated, even if it means losing SMT.
                                Equivalent to: l1tf=flush,nosmt [X86]

+                                              mds=full,nosmt [X86]

 
        mminit_loglevel=
                        [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
 
        mminit_loglevel=
                        [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 3c5c3c3ba73421547e361bd71d4f185fcebc2c3a..667c273a66d7697c11cb5b2db56b967a1596af21 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -233,7 +233,7 @@ static const char * const mds_strings[] = {
 
 static void __init mds_select_mitigation(void)
 {
 
 static void __init mds_select_mitigation(void)
 {

-       if (!boot_cpu_has_bug(X86_BUG_MDS)) {
+       if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {

                mds_mitigation = MDS_MITIGATION_OFF;
                return;
        }
                mds_mitigation = MDS_MITIGATION_OFF;
                return;
        }


@@ -244,7 +244,8 @@ static void __init mds_select_mitigation(void)
 
                static_branch_enable(&mds_user_clear);
 
 
                static_branch_enable(&mds_user_clear);
 

-               if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
+               if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) &&
+                   (mds_nosmt || cpu_mitigations_auto_nosmt()))

                        cpu_smt_disable(false);
        }
 
                        cpu_smt_disable(false);
        }