x86/speculation/mds: Add 'mitigations=' support for MDS

Add MDS to the new 'mitigations=' cmdline option.
Signed-off-by: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Thomas Gleixner <tglx@linutronix.de>

CVE-2018-12126
CVE-2018-12127
CVE-2018-12130

(backported from commit 5c14068f)
[juergh: Adjusted file path Documentation/kernel-parameters.txt.]
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Tyler Hicks <tyhicks@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Documentation/kernel-parameters.txt

@@ -2272,6 +2272,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 					       nospectre_v2 [X86,S390]
 					       spec_store_bypass_disable=off [X86,PPC]
 					       l1tf=off [X86]
+					       mds=off [X86]
 
 			auto (default)
 				Mitigate all CPU vulnerabilities, but leave SMT
@@ -2286,6 +2287,7 @@ bytes respectively. Such letter suffixes can also be entirely omitted.
 				if needed.  This is for users who always want to
 				be fully mitigated, even if it means losing SMT.
 				Equivalent to: l1tf=flush,nosmt [X86]
+					       mds=full,nosmt [X86]
 
 	mminit_loglevel=
 			[KNL] When CONFIG_DEBUG_MEMORY_INIT is set, this

arch/x86/kernel/cpu/bugs.c

@@ -243,7 +243,7 @@ static const char * const mds_strings[] = {
 
 static void mds_select_mitigation(void)
 {
-	if (!boot_cpu_has_bug(X86_BUG_MDS)) {
+	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
 		mds_mitigation = MDS_MITIGATION_OFF;
 		return;
 	}
@@ -254,7 +254,8 @@ static void mds_select_mitigation(void)
 
 		static_branch_enable(&mds_user_clear);
 
-		if (mds_nosmt && !boot_cpu_has(X86_BUG_MSBDS_ONLY))
+		if (!boot_cpu_has(X86_BUG_MSBDS_ONLY) &&
+		    (mds_nosmt || cpu_mitigations_auto_nosmt()))
 			cpu_smt_disable(false);
 	}