• Thomas Gleixner's avatar
    x86/speculation/mds: Add mitigation control for MDS · b279e535
    Thomas Gleixner authored
    Now that the mitigations are in place, add a command line parameter to
    control the mitigation, a mitigation selector function and a SMT update
    mechanism.
    
    This is the minimal straight forward initial implementation which just
    provides an always on/off mode. The command line parameter is:
    
      mds=[full|off]
    
    This is consistent with the existing mitigations for other speculative
    hardware vulnerabilities.
    
    The idle invocation is dynamically updated according to the SMT state of
    the system similar to the dynamic update of the STIBP mitigation. The idle
    mitigation is limited to CPUs which are only affected by MSBDS and not any
    other variant, because the other variants cannot be mitigated on SMT
    enabled systems.
    Signed-off-by: default avatarThomas Gleixner <tglx@linutronix.de>
    
    CVE-2018-12126
    CVE-2018-12127
    CVE-2018-12130
    
    (backported from commit c5ee1ae05768716933d4e5d2015b59bdf6df04c5)
    [juergh:
     - Adjusted context due to empty arch_smt_update() stub.
     - Adjusted file path Documentation/kernel-parameters.txt.]
    Signed-off-by: default avatarJuerg Haefliger <juergh@canonical.com>
    Acked-by: default avatarTyler Hicks <tyhicks@canonical.com>
    Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
    Signed-off-by: default avatarStefan Bader <stefan.bader@canonical.com>
    b279e535
processor.h 21.5 KB