From: Josh Poimboeuf <jpoimboe@redhat.com>
Date: Tue, 2 Apr 2019 14:59:33 +0000 (-0500)
Subject: x86/speculation/mds: Add mds=full,nosmt cmdline option
X-Git-Tag: v4.1.12-124.31.3~183
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=830bd4f8c58acf18585ab8764c806f8b91ec1b48;p=users%2Fjedix%2Flinux-maple.git

x86/speculation/mds: Add mds=full,nosmt cmdline option

commit d71eb0ce109a124b0fa714832823b9452f2762cf upstream

Add the mds=full,nosmt cmdline option.  This is like mds=full, but with
SMT disabled if the CPU is vulnerable.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Jiri Kosina <jkosina@suse.cz>

(cherry picked from commit 623b724d5e50c15d160799446956ba0d23d4f978)

Orabug: 29526900
CVE: CVE-2018-12126
CVE: CVE-2018-12130
CVE: CVE-2018-12127

Signed-off-by: Mihai Carabas <mihai.carabas@oracle.com>
Reviewed-by: Boris Ostrovsky <boris.ostrovsky@oracle.com>

Conflicts:
	Documentation/admin-guide/kernel-parameters.txt
	arch/x86/kernel/cpu/bugs.c
bugs.64 vs bugs_64.c: different boot command line parsing code
Documentation/admin-guide/kernel-parameters.txt vs Documentation/kernel-parameters.txt
---

diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
index 1de29d28903d0..244ab47d1fb3a 100644
--- a/Documentation/admin-guide/hw-vuln/mds.rst
+++ b/Documentation/admin-guide/hw-vuln/mds.rst
@@ -260,6 +260,9 @@ time with the option "mds=". The valid arguments for this option are:
 
 		It does not automatically disable SMT.
 
+  full,nosmt	The same as mds=full, with SMT disabled on vulnerable
+		CPUs.  This is the complete mitigation.
+
   off		Disables MDS mitigations completely.
 
   ============  =============================================================
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index 91c5d98efdcb7..55d180c14e0d6 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2065,8 +2065,10 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 			This parameter controls the MDS mitigation. The
 			options are:
 
-			full    - Enable MDS mitigation on vulnerable CPUs
-			off     - Unconditionally disable MDS mitigation
+			full       - Enable MDS mitigation on vulnerable CPUs
+			full,nosmt - Enable MDS mitigation and disable
+				     SMT on vulnerable CPUs
+			off        - Unconditionally disable MDS mitigation
 
 			Not specifying this option is equivalent to
 			mds=full.
diff --git a/arch/x86/kernel/cpu/bugs_64.c b/arch/x86/kernel/cpu/bugs_64.c
index 3237a76441a78..41b485b160b2d 100644
--- a/arch/x86/kernel/cpu/bugs_64.c
+++ b/arch/x86/kernel/cpu/bugs_64.c
@@ -1319,6 +1319,7 @@ void mds_idle_clear_disable(void)
 
 /* Default mitigation for L1TF-affected CPUs */
 static enum mds_mitigations mds_mitigation __read_mostly = MDS_MITIGATION_FULL;
+static bool mds_nosmt = false;
 
 static const char * const mds_strings[] = {
 	[MDS_MITIGATION_OFF]    = "Vulnerable",
@@ -1358,6 +1359,8 @@ static void mds_select_mitigation(void)
         if (ret > 0) {
 	        if (match_option(arg, ret, "off"))
 			mds_mitigation = MDS_MITIGATION_OFF;
+		else if (match_option(arg, ret, "full,nosmt"))
+			mds_nosmt = true;
 	        else if (!match_option(arg, ret, "full"))
 			pr_warn("mds: unknown option %s\n", arg);
 	}
@@ -1365,7 +1368,12 @@ static void mds_select_mitigation(void)
 	if (mds_mitigation == MDS_MITIGATION_FULL) {
 		if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
 			mds_mitigation = MDS_MITIGATION_VMWERV;
+
 		static_branch_enable(&mds_user_clear);
+		
+		if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
+			cpu_smt_disable(false);
+
 		update_mds_branch_idle();
 	}
 	pr_info("%s\n", mds_strings[mds_mitigation]);