x86/speculation/mds: Add mitigation control for MDS

author Thomas Gleixner <tglx@linutronix.de>

Thu, 28 Mar 2019 17:57:21 +0000 (13:57 -0400)

committer Mihai Carabas <mihai.carabas@oracle.com>

Mon, 22 Apr 2019 18:16:18 +0000 (21:16 +0300)
author Thomas Gleixner <tglx@linutronix.de>
Thu, 28 Mar 2019 17:57:21 +0000 (13:57 -0400)
committer Mihai Carabas <mihai.carabas@oracle.com>
Mon, 22 Apr 2019 18:16:18 +0000 (21:16 +0300)
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt

index 640931e9df5f33c1d71e9d8a7c8bc681479d03e5..91c5d98efdcb713c6e18db6cad3dadf295748a8f 100644 (file)
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2049,6 +2049,28 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
                         Format: <first>,<last>
                         Specifies range of consoles to be captured by the MDA.
  
+       mds=            [X86,INTEL]
+                       Control mitigation for the Micro-architectural Data
+                       Sampling (MDS) vulnerability.
+
+                       Certain CPUs are vulnerable to an exploit against CPU
+                       internal buffers which can forward information to a
+                       disclosure gadget under certain conditions.
+
+                       In vulnerable processors, the speculatively
+                       forwarded data can be used in a cache side channel
+                       attack, to access data to which the attacker does
+                       not have direct access.
+
+                       This parameter controls the MDS mitigation. The
+                       options are:
+
+                       full    - Enable MDS mitigation on vulnerable CPUs
+                       off     - Unconditionally disable MDS mitigation
+
+                       Not specifying this option is equivalent to
+                       mds=full.
+
         mem=nn[KMG]     [KNL,BOOT] Force usage of a specific amount of memory
                         Amount of memory to be used when the kernel is not able
                         to see the whole system memory or for test.
diff --git a/arch/x86/include/asm/processor.h b/arch/x86/include/asm/processor.h

index c64a698b5e428db852c194669de045c3d7e4e252..fe7e5df41236891d39bf7c0bebc268abb3aa95c5 100644 (file)
--- a/arch/x86/include/asm/processor.h
+++ b/arch/x86/include/asm/processor.h
@@ -1021,4 +1021,9 @@ enum l1tf_mitigations {
  
  extern enum l1tf_mitigations l1tf_mitigation;
  
+enum mds_mitigations {
+       MDS_MITIGATION_OFF,
+       MDS_MITIGATION_FULL,
+};
+
  #endif /* _ASM_X86_PROCESSOR_H */
diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c

index 4094ed7e15da45a68cf52df4146d0efb338932d9..afc91d319b2216e0c226f895297c7034172097b8 100644 (file)
--- a/arch/x86/kernel/cpu/bugs_64.c
+++ b/arch/x86/kernel/cpu/bugs_64.c
@@ -135,6 +135,7 @@ static void __init spectre_v2_select_mitigation(void);
  static enum ssb_mitigation __init ssb_select_mitigation(void);
  static void __init ssb_init(void);
  static void __init l1tf_select_mitigation(void);
+static void __init mds_select_mitigation(void);
  
  static enum ssb_mitigation ssb_mode = SPEC_STORE_BYPASS_NONE;
  
@@ -226,6 +227,8 @@ void __init check_bugs(void)
  
         l1tf_select_mitigation();
  
+       mds_select_mitigation();
+
         alternative_instructions();
  
         /*
@@ -1281,6 +1284,64 @@ static void __init l1tf_select_mitigation(void)
         setup_force_cpu_cap(X86_FEATURE_L1TF_PTEINV);
  }
  
+#undef pr_fmt
+#define pr_fmt(fmt)    "MDS: " fmt
+
+/* Default mitigation for L1TF-affected CPUs */
+static enum mds_mitigations mds_mitigation __read_mostly = MDS_MITIGATION_FULL;
+
+static const char * const mds_strings[] = {
+       [MDS_MITIGATION_OFF]    = "Vulnerable",
+       [MDS_MITIGATION_FULL]   = "Mitigation: Clear CPU buffers"
+};
+
+static void update_mds_branch_idle(void)
+{
+       /*
+        * Enable the idle clearing on CPUs which are affected only by
+        * MDBDS and not any other MDS variant. The other variants cannot
+        * be mitigated when SMT is enabled, so clearing the buffers on
+        * idle would be a window dressing exercise.
+        */
+       if (!boot_cpu_has(X86_BUG_MSBDS_ONLY))
+               return;
+
+       if (cpu_smt_control == CPU_SMT_ENABLED)
+               static_branch_enable(&mds_idle_clear);
+       else
+               static_branch_disable(&mds_idle_clear);
+}
+
+static void mds_select_mitigation(void)
+{
+       char arg[12];
+       int ret;
+
+       if (!boot_cpu_has_bug(X86_BUG_MDS)) {
+               mds_mitigation = MDS_MITIGATION_OFF;
+               return;
+       }
+
+        ret = cmdline_find_option(boot_command_line, "mds", arg,
+                                  sizeof(arg));
+        if (ret > 0) {
+               if (match_option(arg, ret, "off"))
+                       mds_mitigation = MDS_MITIGATION_OFF;
+               else if (!match_option(arg, ret, "full"))
+                       pr_warn("mds: unknown option %s\n", arg);
+       }
+
+       if (mds_mitigation == MDS_MITIGATION_FULL) {
+               if (boot_cpu_has(X86_FEATURE_MD_CLEAR)) {
+                       static_branch_enable(&mds_user_clear);
+                       update_mds_branch_idle();
+               } else {
+                       mds_mitigation = MDS_MITIGATION_OFF;
+               }
+       }
+       pr_info("%s\n", mds_strings[mds_mitigation]);
+}
+
  #undef pr_fmt
  
  #ifdef CONFIG_SYSFS
author	Thomas Gleixner <tglx@linutronix.de>
	Thu, 28 Mar 2019 17:57:21 +0000 (13:57 -0400)
committer	Mihai Carabas <mihai.carabas@oracle.com>
	Mon, 22 Apr 2019 18:16:18 +0000 (21:16 +0300)
Documentation/kernel-parameters.txt		patch \| blob \| history
arch/x86/include/asm/processor.h		patch \| blob \| history
arch/x86/kernel/cpu/bugs_64.c		patch \| blob \| history