From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 06 Mar 2019 14:31:34 -0000 Received: from mx2.suse.de ([195.135.220.15] helo=mx1.suse.de) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1h1Xa0-0005as-FI for speck@linutronix.de; Wed, 06 Mar 2019 15:31:33 +0100 Received: from relay2.suse.de (unknown [195.135.220.254]) by mx1.suse.de (Postfix) with ESMTP id A19C8AF8D for ; Wed, 6 Mar 2019 14:31:26 +0000 (UTC) Date: Wed, 6 Mar 2019 15:31:22 +0100 From: Borislav Petkov Subject: [MODERATED] Re: [patch V6 10/14] MDS basics 10 Message-ID: <20190306143122.GF21338@zn.tnic> References: <20190301214738.281554861@linutronix.de> <20190301214848.075448450@linutronix.de> MIME-Version: 1.0 In-Reply-To: <20190301214848.075448450@linutronix.de> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable To: speck@linutronix.de List-ID: On Fri, Mar 01, 2019 at 10:47:48PM +0100, speck for Thomas Gleixner wrote: > Subject: [patch V6 10/14] x86/speculation/mds: Add mitigation control for M= DS > From: Thomas Gleixner >=20 > Now that the mitigations are in place, add a command line parameter to > control the mitigation, a mitigation selector function and a SMT update > mechanism. >=20 > This is the minimal straight forward initial implementation which just > provides an always on/off mode. The command line parameter is: >=20 > mds=3D[full|off] >=20 > This is consistent with the existing mitigations for other speculative > hardware vulnerabilities. >=20 > The idle invocation is dynamically updated according to the SMT state of > the system similar to the dynamic update of the STIBP mitigation. The idle > mitigation is limited to CPUs which are only affected by MSBDS and not any > other variant, because the other variants cannot be mitigated on SMT > enabled systems. >=20 > Signed-off-by: Thomas Gleixner > --- > V5 --> V6: Make idle clearing depend on BUG_MSBDS_ONLY > V4 --> V5: Remove 'auto' > --- ... > @@ -617,6 +664,24 @@ static void update_indir_branch_cond(voi > static_branch_disable(&switch_to_cond_stibp); > } > =20 > +/* Update the static key controlling the MDS CPU buffer clear in idle */ > +static void update_mds_branch_idle(void) > +{ > + /* > + * Enable the idle clearing on CPUs which are affected only by > + * MDBDS and not any other MDS variant. The other variants cannot > + * be mitigated when SMT is enabled, ... but we're not enabling the key when SMT on those is disabled, AFAICT. Or is that coming later? > so clearing the buffers on > + * idle would be a window dressing exercise. > + */ > + if (!boot_cpu_has(X86_BUG_MSBDS_ONLY)) if (!boot_cpu_has_bug > + return; > + > + if (sched_smt_active()) > + static_branch_enable(&mds_idle_clear); > + else > + static_branch_disable(&mds_idle_clear); > +} > + > void arch_smt_update(void) > { > /* Enhanced IBRS implies STIBP. No update required. */ > @@ -638,6 +703,9 @@ void arch_smt_update(void) > break; > } > =20 > + if (mds_mitigation =3D=3D MDS_MITIGATION_FULL) > + update_mds_branch_idle(); > + > mutex_unlock(&spec_ctrl_mutex); > } > =20 >=20 --=20 Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imend=C3=B6rffer, Jane Smithard, Graham Norton, HR= B 21284 (AG N=C3=BCrnberg) --=20