Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBorislav Petkov <bp@suse.de>2019-05-02 22:14:31 +0200
committerBorislav Petkov <bp@suse.de>2019-05-02 22:14:31 +0200
commit1c1582b3cbab6b416024ab4911e77cd6b6114ad5 (patch)
treead5254fb81c41b07132a5bdba6617bb974da7a68
parentb0f815cf9c596b10b947f2742ccc8ea59870f83a (diff)
x86/speculation/mds: Add 'mitigations=' support for MDSrpm-4.4.178-94.91
(bsc#1111331, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130). suse-commit: d683ca150490600931928d07891ba980202068ed
-rw-r--r--Documentation/kernel-parameters.txt2
-rw-r--r--arch/x86/kernel/cpu/bugs.c5
2 files changed, 5 insertions, 2 deletions
diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt
index ca37727a2d00..d26b7629539b 100644
--- a/Documentation/kernel-parameters.txt
+++ b/Documentation/kernel-parameters.txt
@@ -2361,6 +2361,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
spectre_v2_user=off [X86]
spec_store_bypass_disable=off [X86,PPC]
l1tf=off [X86]
+ mds=off [X86]
auto (default)
Mitigate all CPU vulnerabilities, but leave SMT
@@ -2375,6 +2376,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
if needed. This is for users who always want to
be fully mitigated, even if it means losing SMT.
Equivalent to: l1tf=flush,nosmt [X86]
+ mds=full,nosmt [X86]
mminit_loglevel=
[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 56ce0a45981c..d0e7e97011f5 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -170,7 +170,7 @@ static const char * const mds_strings[] = {
static void __init mds_select_mitigation(void)
{
- if (!boot_cpu_has_bug(X86_BUG_MDS)) {
+ if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
mds_mitigation = MDS_MITIGATION_OFF;
return;
}
@@ -181,7 +181,8 @@ static void __init mds_select_mitigation(void)
static_branch_enable(&mds_user_clear);
- if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
+ if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) &&
+ (mds_nosmt || cpu_mitigations_auto_nosmt()))
cpu_smt_disable(false);
}