From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 21 Jan 2019 19:54:27 -0000 Received: from mga01.intel.com ([192.55.52.88]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gkeqW-0003N7-5P for speck@linutronix.de; Sat, 19 Jan 2019 01:50:48 +0100 From: Andi Kleen Subject: [MODERATED] [PATCH v5 04/27] MDSv5 15 Date: Fri, 18 Jan 2019 16:50:19 -0800 Message-Id: <21244f88a3fad17a0bdbc48e085083590bb31ab0.1547858934.git.ak@linux.intel.com> In-Reply-To: References: In-Reply-To: References: To: speck@linutronix.de Cc: Andi Kleen List-ID: From: Andi Kleen Subject: x86/speculation/mds: Support mds=full Support a new command line option to support unconditional flushing on each kernel exit. This is not enabled by default. Signed-off-by: Andi Kleen --- v2: Don't enable mds=full for MDS_NO because it will be a nop. --- Documentation/admin-guide/kernel-parameters.txt | 5 +++++ arch/x86/entry/common.c | 7 ++++++- arch/x86/include/asm/clearcpu.h | 2 ++ arch/x86/kernel/cpu/bugs.c | 5 +++++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt index 9c967d0caeca..5f5a8808c475 100644 --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -2360,6 +2360,11 @@ mds=off [X86, Intel] Disable workarounds for Micro-architectural Data Sampling. + mds=full [X86, Intel] + Always flush cpu buffers when exiting kernel for MDS. + Normally the kernel decides dynamically when flushing is + needed or not. + mem=nn[KMG] [KNL,BOOT] Force usage of a specific amount of memory Amount of memory to be used when the kernel is not able to see the whole system memory or for test. diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c index 924f8dab2068..66c08e1d493a 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c @@ -173,7 +173,9 @@ static void exit_to_usermode_loop(struct pt_regs *regs, u32 cached_flags) if (cached_flags & _TIF_CLEAR_CPU) { clear_thread_flag(TIF_CLEAR_CPU); - clear_cpu(); + /* Don't do it twice if forced */ + if (!static_key_enabled(&force_cpu_clear)) + clear_cpu(); } /* Disable IRQs and retry */ @@ -217,6 +219,9 @@ __visible inline void prepare_exit_to_usermode(struct pt_regs *regs) ti->status &= ~(TS_COMPAT|TS_I386_REGS_POKED); #endif + if (static_key_enabled(&force_cpu_clear)) + clear_cpu(); + user_enter_irqoff(); } diff --git a/arch/x86/include/asm/clearcpu.h b/arch/x86/include/asm/clearcpu.h index 530ef619ac1b..3b8ee76b9c07 100644 --- a/arch/x86/include/asm/clearcpu.h +++ b/arch/x86/include/asm/clearcpu.h @@ -20,4 +20,6 @@ static inline void clear_cpu(void) [kernelds] "m" (kernel_ds)); } +DECLARE_STATIC_KEY_FALSE(force_cpu_clear); + #endif diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 2fd8faa7e23a..ce0e367753ff 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1061,11 +1061,16 @@ early_param("l1tf", l1tf_cmdline); #undef pr_fmt +DEFINE_STATIC_KEY_FALSE(force_cpu_clear); + static void mds_select_mitigation(void) { if (cmdline_find_option_bool(boot_command_line, "mds=off") || !boot_cpu_has_bug(X86_BUG_MDS)) setup_force_cpu_cap(X86_FEATURE_NO_VERW); + if (cmdline_find_option_bool(boot_command_line, "mds=full") && + boot_cpu_has_bug(X86_BUG_MDS)) + static_branch_enable(&force_cpu_clear); } #ifdef CONFIG_SYSFS -- 2.17.2