From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 24 Feb 2019 15:12:28 -0000 Received: from mga02.intel.com ([134.134.136.20]) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1gxvNy-0001Tj-M2 for speck@linutronix.de; Sun, 24 Feb 2019 16:08:11 +0100 From: Andi Kleen Subject: [MODERATED] [PATCH v6 12/43] MDSv6 Date: Sun, 24 Feb 2019 07:07:18 -0800 Message-Id: <854f25147a77e328f2eedb3437b8a89d58c32e6f.1551019522.git.ak@linux.intel.com> In-Reply-To: References: In-Reply-To: References: Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit MIME-Version: 1.0 To: speck@linutronix.de Cc: Andi Kleen List-ID: Add a static key to guard clear_cpus on kernel exit and vm entry, so that we can implement a mds=full implementation later, once we have a new lazy policy. Right now the static key is enabled by default, so there is no behavior change. Signed-off-by: Andi Kleen --- arch/x86/entry/common.c | 3 ++- arch/x86/include/asm/clearcpu.h | 2 ++ arch/x86/kernel/cpu/bugs.c | 10 ++++++++-- arch/x86/kernel/nmi.c | 3 ++- 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c index dfd51d97d683..ffcc24620ec9 100644 --- a/arch/x86/entry/common.c +++ b/arch/x86/entry/common.c @@ -212,7 +212,8 @@ __visible inline void prepare_exit_to_usermode(struct pt_regs *regs) ti->status &= ~(TS_COMPAT|TS_I386_REGS_POKED); #endif - clear_cpu(); + if (static_key_enabled(&force_cpu_clear)) + clear_cpu(); user_enter_irqoff(); } diff --git a/arch/x86/include/asm/clearcpu.h b/arch/x86/include/asm/clearcpu.h index 15d25c2436da..30e802bae2ca 100644 --- a/arch/x86/include/asm/clearcpu.h +++ b/arch/x86/include/asm/clearcpu.h @@ -46,4 +46,6 @@ static inline void lazy_clear_cpu(void) __this_cpu_write(clear_cpu_flag, true); } +DECLARE_STATIC_KEY_FALSE(force_cpu_clear); + #endif diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c index 067309190a6a..a756c57979be 100644 --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -1064,6 +1064,9 @@ early_param("l1tf", l1tf_cmdline); DEFINE_PER_CPU(bool, clear_cpu_flag); EXPORT_PER_CPU_SYMBOL(clear_cpu_flag); +DEFINE_STATIC_KEY_FALSE(force_cpu_clear); +EXPORT_SYMBOL(force_cpu_clear); + static void mds_select_mitigation(void) { if (!boot_cpu_has(X86_BUG_MDS)) @@ -1086,9 +1089,12 @@ static void mds_select_mitigation(void) setup_force_cpu_cap(X86_FEATURE_VERW); if (cmdline_find_option_bool(boot_command_line, "mds=off")) setup_clear_cpu_cap(X86_FEATURE_VERW); - /* Nop currently because this is default for now. */ + /* Default to old behavior for now */ if (cmdline_find_option_bool(boot_command_line, "mds=full") || - cmdline_find_option_bool(boot_command_line, "mds=auto")) + true) + static_branch_enable(&force_cpu_clear); + /* Nop currently because this is default for now. */ + if (cmdline_find_option_bool(boot_command_line, "mds=auto")) setup_force_cpu_cap(X86_FEATURE_VERW); if (boot_cpu_has(X86_FEATURE_VERW) && boot_cpu_has_bug(X86_BUG_MDS_NO_L1TF)) diff --git a/arch/x86/kernel/nmi.c b/arch/x86/kernel/nmi.c index 1c5507400089..eb6e39238d1d 100644 --- a/arch/x86/kernel/nmi.c +++ b/arch/x86/kernel/nmi.c @@ -535,7 +535,8 @@ do_nmi(struct pt_regs *regs, long error_code) goto nmi_restart; out: - clear_cpu(); + if (static_key_enabled(&force_cpu_clear)) + clear_cpu(); } NOKPROBE_SYMBOL(do_nmi); -- 2.17.2