Home Home > GIT Browse > openSUSE-42.3
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBorislav Petkov <bp@suse.de>2019-05-02 22:14:31 +0200
committerBorislav Petkov <bp@suse.de>2019-05-02 22:14:31 +0200
commitd683ca150490600931928d07891ba980202068ed (patch)
tree6eabc68490842089abd28089ba23d58619a081fe
parent98b6fe5d934775e1b954e9763607752dc72a0537 (diff)
x86/speculation/mds: Add 'mitigations=' support for MDSrpm-4.4.178-94.91
(bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130).
-rw-r--r--patches.arch/x86-speculation-mds-add-mitigations-support-for-mds.patch62
-rw-r--r--series.conf1
2 files changed, 63 insertions, 0 deletions
diff --git a/patches.arch/x86-speculation-mds-add-mitigations-support-for-mds.patch b/patches.arch/x86-speculation-mds-add-mitigations-support-for-mds.patch
new file mode 100644
index 0000000000..4fe3c259e2
--- /dev/null
+++ b/patches.arch/x86-speculation-mds-add-mitigations-support-for-mds.patch
@@ -0,0 +1,62 @@
+From: Josh Poimboeuf <jpoimboe@redhat.com>
+Date: Wed, 17 Apr 2019 16:39:02 -0500
+Subject: x86/speculation/mds: Add 'mitigations=' support for MDS
+Git-repo: tip/tip
+Git-commit: 5c14068f87d04adc73ba3f41c2a303d3c3d1fa12
+Patch-mainline: Queued in a subsystem tree
+References: bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
+
+Add MDS to the new 'mitigations=' cmdline option.
+
+Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Thomas Gleixner <tglx@linutronix.de>
+Acked-by: Borislav Petkov <bp@suse.de>
+---
+ Documentation/kernel-parameters.txt | 2 ++
+ arch/x86/kernel/cpu/bugs.c | 5 +++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
+index 9aa3543a8723..18cad2b0392a 100644
+--- a/Documentation/kernel-parameters.txt
++++ b/Documentation/kernel-parameters.txt
+@@ -2556,6 +2556,7 @@
+ spectre_v2_user=off [X86]
+ spec_store_bypass_disable=off [X86,PPC]
+ l1tf=off [X86]
++ mds=off [X86]
+
+ auto (default)
+ Mitigate all CPU vulnerabilities, but leave SMT
+@@ -2570,6 +2571,7 @@
+ if needed. This is for users who always want to
+ be fully mitigated, even if it means losing SMT.
+ Equivalent to: l1tf=flush,nosmt [X86]
++ mds=full,nosmt [X86]
+
+ mminit_loglevel=
+ [KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
+diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
+index 3c5c3c3ba734..667c273a66d7 100644
+--- a/arch/x86/kernel/cpu/bugs.c
++++ b/arch/x86/kernel/cpu/bugs.c
+@@ -233,7 +233,7 @@ static const char * const mds_strings[] = {
+
+ static void __init mds_select_mitigation(void)
+ {
+- if (!boot_cpu_has_bug(X86_BUG_MDS)) {
++ if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
+ mds_mitigation = MDS_MITIGATION_OFF;
+ return;
+ }
+@@ -244,7 +244,8 @@ static void __init mds_select_mitigation(void)
+
+ static_branch_enable(&mds_user_clear);
+
+- if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
++ if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) &&
++ (mds_nosmt || cpu_mitigations_auto_nosmt()))
+ cpu_smt_disable(false);
+ }
+
+
diff --git a/series.conf b/series.conf
index 62221c7bc8..7ccaf59733 100644
--- a/series.conf
+++ b/series.conf
@@ -25057,6 +25057,7 @@
patches.arch/x86-speculation-move-arch_smt_update-call-to-after-mitigation-decisions.patch
patches.arch/x86-speculation-mds-add-smt-warning-message.patch
patches.arch/x86-speculation-mds-print-smt-vulnerable-on-msbds-with-mitigations-off.patch
+ patches.arch/x86-speculation-mds-add-mitigations-support-for-mds.patch
########################################################
# Scheduler / Core