[thirdparty/kernel/stable-queue.git] / releases / 4.19.43 / 0018-x86-speculation-mds-Add-mds-full-nosmt-cmdline-optio.patch

From e3ef0729359b15dcecbe1a5da4dfe32612a1590d Mon Sep 17 00:00:00 2001
From: Josh Poimboeuf <jpoimboe@redhat.com>
Date: Tue, 2 Apr 2019 09:59:33 -0500
Subject: [PATCH 18/30] x86/speculation/mds: Add mds=full,nosmt cmdline option

commit d71eb0ce109a124b0fa714832823b9452f2762cf upstream

Add the mds=full,nosmt cmdline option.  This is like mds=full, but with
SMT disabled if the CPU is vulnerable.

Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 Documentation/admin-guide/hw-vuln/mds.rst       |  3 +++
 Documentation/admin-guide/kernel-parameters.txt |  6 ++++--
 arch/x86/kernel/cpu/bugs.c                      | 10 ++++++++++
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
index 1de29d28903d..244ab47d1fb3 100644
--- a/Documentation/admin-guide/hw-vuln/mds.rst
+++ b/Documentation/admin-guide/hw-vuln/mds.rst
@@ -260,6 +260,9 @@ time with the option "mds=". The valid arguments for this option are:
 
 		It does not automatically disable SMT.
 
+  full,nosmt	The same as mds=full, with SMT disabled on vulnerable
+		CPUs.  This is the complete mitigation.
+
   off		Disables MDS mitigations completely.
 
   ============  =============================================================
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 290f0946f2ef..df8d10668b11 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2335,8 +2335,10 @@
 			This parameter controls the MDS mitigation. The
 			options are:
 
-			full    - Enable MDS mitigation on vulnerable CPUs
-			off     - Unconditionally disable MDS mitigation
+			full       - Enable MDS mitigation on vulnerable CPUs
+			full,nosmt - Enable MDS mitigation and disable
+				     SMT on vulnerable CPUs
+			off        - Unconditionally disable MDS mitigation
 
 			Not specifying this option is equivalent to
 			mds=full.
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index a7e54a91abc4..3f70da3a4e58 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -219,6 +219,7 @@ static void x86_amd_ssb_disable(void)
 
 /* Default mitigation for L1TF-affected CPUs */
 static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
+static bool mds_nosmt __ro_after_init = false;
 
 static const char * const mds_strings[] = {
 	[MDS_MITIGATION_OFF]	= "Vulnerable",
@@ -236,8 +237,13 @@ static void __init mds_select_mitigation(void)
 	if (mds_mitigation == MDS_MITIGATION_FULL) {
 		if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
 			mds_mitigation = MDS_MITIGATION_VMWERV;
+
 		static_branch_enable(&mds_user_clear);
+
+		if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
+			cpu_smt_disable(false);
 	}
+
 	pr_info("%s\n", mds_strings[mds_mitigation]);
 }
 
@@ -253,6 +259,10 @@ static int __init mds_cmdline(char *str)
 		mds_mitigation = MDS_MITIGATION_OFF;
 	else if (!strcmp(str, "full"))
 		mds_mitigation = MDS_MITIGATION_FULL;
+	else if (!strcmp(str, "full,nosmt")) {
+		mds_mitigation = MDS_MITIGATION_FULL;
+		mds_nosmt = true;
+	}
 
 	return 0;
 }
-- 
2.21.0
Commit	Line	Data
9b9d3ba2 GKH	1	From e3ef0729359b15dcecbe1a5da4dfe32612a1590d Mon Sep 17 00:00:00 2001
	2	From: Josh Poimboeuf <jpoimboe@redhat.com>
	3	Date: Tue, 2 Apr 2019 09:59:33 -0500
	4	Subject: [PATCH 18/30] x86/speculation/mds: Add mds=full,nosmt cmdline option
	5
	6	commit d71eb0ce109a124b0fa714832823b9452f2762cf upstream
	7
	8	Add the mds=full,nosmt cmdline option. This is like mds=full, but with
	9	SMT disabled if the CPU is vulnerable.
	10
	11	Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
	12	Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
	13	Reviewed-by: Tyler Hicks <tyhicks@canonical.com>
	14	Acked-by: Jiri Kosina <jkosina@suse.cz>
	15	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	16	---
	17	Documentation/admin-guide/hw-vuln/mds.rst \| 3 +++
	18	Documentation/admin-guide/kernel-parameters.txt \| 6 ++++--
	19	arch/x86/kernel/cpu/bugs.c \| 10 ++++++++++
	20	3 files changed, 17 insertions(+), 2 deletions(-)
	21
	22	diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
	23	index 1de29d28903d..244ab47d1fb3 100644
	24	--- a/Documentation/admin-guide/hw-vuln/mds.rst
	25	+++ b/Documentation/admin-guide/hw-vuln/mds.rst
	26	@@ -260,6 +260,9 @@ time with the option "mds=". The valid arguments for this option are:
	27
	28	It does not automatically disable SMT.
	29
	30	+ full,nosmt The same as mds=full, with SMT disabled on vulnerable
	31	+ CPUs. This is the complete mitigation.
	32	+
	33	off Disables MDS mitigations completely.
	34
	35	============ =============================================================
	36	diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
	37	index 290f0946f2ef..df8d10668b11 100644
	38	--- a/Documentation/admin-guide/kernel-parameters.txt
	39	+++ b/Documentation/admin-guide/kernel-parameters.txt
	40	@@ -2335,8 +2335,10 @@
	41	This parameter controls the MDS mitigation. The
	42	options are:
	43
	44	- full - Enable MDS mitigation on vulnerable CPUs
	45	- off - Unconditionally disable MDS mitigation
	46	+ full - Enable MDS mitigation on vulnerable CPUs
	47	+ full,nosmt - Enable MDS mitigation and disable
	48	+ SMT on vulnerable CPUs
	49	+ off - Unconditionally disable MDS mitigation
	50
	51	Not specifying this option is equivalent to
	52	mds=full.
	53	diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
	54	index a7e54a91abc4..3f70da3a4e58 100644
	55	--- a/arch/x86/kernel/cpu/bugs.c
	56	+++ b/arch/x86/kernel/cpu/bugs.c
	57	@@ -219,6 +219,7 @@ static void x86_amd_ssb_disable(void)
	58
	59	/* Default mitigation for L1TF-affected CPUs */
	60	static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
	61	+static bool mds_nosmt __ro_after_init = false;
	62
	63	static const char * const mds_strings[] = {
	64	[MDS_MITIGATION_OFF] = "Vulnerable",
65	@@ -236,8 +237,13 @@ static void __init mds_select_mitigation(void)
66	if (mds_mitigation == MDS_MITIGATION_FULL) {
67	if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
68	mds_mitigation = MDS_MITIGATION_VMWERV;
69	+
70	static_branch_enable(&mds_user_clear);
71	+
72	+ if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
73	+ cpu_smt_disable(false);
74	}
75	+
76	pr_info("%s\n", mds_strings[mds_mitigation]);
77	}
78
79	@@ -253,6 +259,10 @@ static int __init mds_cmdline(char *str)
80	mds_mitigation = MDS_MITIGATION_OFF;
81	else if (!strcmp(str, "full"))
82	mds_mitigation = MDS_MITIGATION_FULL;
83	+ else if (!strcmp(str, "full,nosmt")) {
84	+ mds_mitigation = MDS_MITIGATION_FULL;
85	+ mds_nosmt = true;
86	+ }
87
88	return 0;
89	}
90	--
91	2.21.0
92