x86/speculation/mds: Add mds=full,nosmt cmdline option

Add the mds=full,nosmt cmdline option. This is like mds=full, but with SMT disabled if the CPU is vulnerable. Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com> Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Jiri Kosina <jkosina@suse.cz>
author: Josh Poimboeuf <jpoimboe@redhat.com> 2019-04-02 10:59:33 -0400
committer: Thomas Gleixner <tglx@linutronix.de> 2019-04-02 14:02:36 -0400
commit: d71eb0ce109a124b0fa714832823b9452f2762cf (patch)
tree: e5efa2ea879a545d3eb552a83343c91f873e7ffb
parent: 5999bbe7a6ea3c62029532ec84dc06003a1fa258 (diff)
3 files changed, 17 insertions, 2 deletions
diff --git a/Documentation/admin-guide/hw-vuln/mds.rst b/Documentation/admin-guide/hw-vuln/mds.rst
index 1de29d28903d..244ab47d1fb3 100644
--- a/Documentation/admin-guide/hw-vuln/mds.rst
+++ b/Documentation/admin-guide/hw-vuln/mds.rst
@@ -260,6 +260,9 @@ time with the option "mds=". The valid arguments for this option are:
                It does not automatically disable SMT.
+  full,nosmt    The same as mds=full, with SMT disabled on vulnerable
+                CPUs.  This is the complete mitigation.
  off           Disables MDS mitigations completely.
  ============  =============================================================
diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
index 7325319c2c23..8f04985d3122 100644
--- a/Documentation/admin-guide/kernel-parameters.txt
+++ b/Documentation/admin-guide/kernel-parameters.txt
@@ -2372,8 +2372,10 @@
                        This parameter controls the MDS mitigation. The
                        options are:
-                        full    - Enable MDS mitigation on vulnerable CPUs
+                        full       - Enable MDS mitigation on vulnerable CPUs
-                        off     - Unconditionally disable MDS mitigation
+                        full,nosmt - Enable MDS mitigation and disable
+                                     SMT on vulnerable CPUs
+                        off        - Unconditionally disable MDS mitigation
                        Not specifying this option is equivalent to
                        mds=full.
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 373ae1dcd301..9f252082a83b 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -221,6 +221,7 @@ static void x86_amd_ssb_disable(void)
 /* Default mitigation for L1TF-affected CPUs */
 static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
+static bool mds_nosmt __ro_after_init = false;
 static const char * const mds_strings[] = {
        [MDS_MITIGATION_OFF]    = "Vulnerable",
@@ -238,8 +239,13 @@ static void __init mds_select_mitigation(void)
        if (mds_mitigation == MDS_MITIGATION_FULL) {
                if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
                        mds_mitigation = MDS_MITIGATION_VMWERV;
                static_branch_enable(&mds_user_clear);
+                if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
+                        cpu_smt_disable(false);
        }
        pr_info("%s\n", mds_strings[mds_mitigation]);
 }
@@ -255,6 +261,10 @@ static int __init mds_cmdline(char *str)
                mds_mitigation = MDS_MITIGATION_OFF;
        else if (!strcmp(str, "full"))
                mds_mitigation = MDS_MITIGATION_FULL;
+        else if (!strcmp(str, "full,nosmt")) {
+                mds_mitigation = MDS_MITIGATION_FULL;
+                mds_nosmt = true;
+        }
        return 0;
 }
author	Josh Poimboeuf <jpoimboe@redhat.com>	2019-04-02 10:59:33 -0400
committer	Thomas Gleixner <tglx@linutronix.de>	2019-04-02 14:02:36 -0400
commit	d71eb0ce109a124b0fa714832823b9452f2762cf (patch)
tree	e5efa2ea879a545d3eb552a83343c91f873e7ffb
parent	5999bbe7a6ea3c62029532ec84dc06003a1fa258 (diff)