x86/speculation/mds: Add mds=full,nosmt cmdline option

author Josh Poimboeuf <jpoimboe@redhat.com>

Tue, 2 Apr 2019 14:59:33 +0000 (09:59 -0500)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Tue, 14 May 2019 17:18:45 +0000 (19:18 +0200)
author Josh Poimboeuf <jpoimboe@redhat.com>
Tue, 2 Apr 2019 14:59:33 +0000 (09:59 -0500)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 14 May 2019 17:18:45 +0000 (19:18 +0200)
diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst

index 1de29d28903d069b4612bc954d1c4d82c71c6438..244ab47d1fb3a367336f659b25a8c33716df64c0 100644 (file)
--- a/Documentation/admin-guide/hw-vuln/mds.rst
+++ b/Documentation/admin-guide/hw-vuln/mds.rst
@@ -260,6 +260,9 @@ time with the option "mds=". The valid arguments for this option are:
  
                 It does not automatically disable SMT.
  
+  full,nosmt   The same as mds=full, with SMT disabled on vulnerable
+               CPUs.  This is the complete mitigation.
+
    off          Disables MDS mitigations completely.
  
    ============  =============================================================
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt

index 1c85241a5d747ede05bbecfc3d7852ea1eb6f591..69b566404d85854a7081b0f5ad52a559641b87bc 100644 (file)
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2230,8 +2230,10 @@
                         This parameter controls the MDS mitigation. The
                         options are:
  
-                       full    - Enable MDS mitigation on vulnerable CPUs
-                       off     - Unconditionally disable MDS mitigation
+                       full       - Enable MDS mitigation on vulnerable CPUs
+                       full,nosmt - Enable MDS mitigation and disable
+                                    SMT on vulnerable CPUs
+                       off        - Unconditionally disable MDS mitigation
  
                         Not specifying this option is equivalent to
                         mds=full.
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c

index 6cf16108273bc4eb1a8c2654248a13db681b4b95..11e504627d31c0371f503c8d4007fc516a4a2d57 100644 (file)
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -219,6 +219,7 @@ static void x86_amd_ssb_disable(void)
  
  /* Default mitigation for L1TF-affected CPUs */
  static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
+static bool mds_nosmt __ro_after_init = false;
  
  static const char * const mds_strings[] = {
         [MDS_MITIGATION_OFF]    = "Vulnerable",
@@ -236,8 +237,13 @@ static void __init mds_select_mitigation(void)
         if (mds_mitigation == MDS_MITIGATION_FULL) {
                 if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
                         mds_mitigation = MDS_MITIGATION_VMWERV;
+
                 static_branch_enable(&mds_user_clear);
+
+               if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
+                       cpu_smt_disable(false);
         }
+
         pr_info("%s\n", mds_strings[mds_mitigation]);
  }
  
@@ -253,6 +259,10 @@ static int __init mds_cmdline(char *str)
                 mds_mitigation = MDS_MITIGATION_OFF;
         else if (!strcmp(str, "full"))
                 mds_mitigation = MDS_MITIGATION_FULL;
+       else if (!strcmp(str, "full,nosmt")) {
+               mds_mitigation = MDS_MITIGATION_FULL;
+               mds_nosmt = true;
+       }
  
         return 0;
  }
author	Josh Poimboeuf <jpoimboe@redhat.com>
	Tue, 2 Apr 2019 14:59:33 +0000 (09:59 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 14 May 2019 17:18:45 +0000 (19:18 +0200)
Documentation/admin-guide/hw-vuln/mds.rst		patch \| blob \| blame \| history
Documentation/admin-guide/kernel-parameters.txt		patch \| blob \| blame \| history
arch/x86/kernel/cpu/bugs.c		patch \| blob \| blame \| history