From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (146.0.238.70:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 22 Jan 2019 04:20:44 -0000 Received: from userp2120.oracle.com ([156.151.31.85]) by Galois.linutronix.de with esmtps (TLS1.2:RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1glnYH-0003Jk-0R for speck@linutronix.de; Tue, 22 Jan 2019 05:20:43 +0100 Received: from pps.filterd (userp2120.oracle.com [127.0.0.1]) by userp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id x0M4JxTD044462 for ; Tue, 22 Jan 2019 04:20:34 GMT Received: from aserv0022.oracle.com (aserv0022.oracle.com [141.146.126.234]) by userp2120.oracle.com with ESMTP id 2q3vhrh6cq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 22 Jan 2019 04:20:34 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0022.oracle.com (8.14.4/8.14.4) with ESMTP id x0M4KXM0027123 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 22 Jan 2019 04:20:33 GMT Received: from abhmp0004.oracle.com (abhmp0004.oracle.com [141.146.116.10]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id x0M4KXXf018419 for ; Tue, 22 Jan 2019 04:20:33 GMT Date: Mon, 21 Jan 2019 23:20:32 -0500 From: Konrad Rzeszutek Wilk Subject: [MODERATED] Re: [PATCH v5 02/27] MDSv5 14 Message-ID: <20190122042032.GD12859@char.us.oracle.com> References: <26a54dad8cc0389afebfe14ab317bf94e0f49369.1547858934.git.ak@linux.intel.com> MIME-Version: 1.0 In-Reply-To: <26a54dad8cc0389afebfe14ab317bf94e0f49369.1547858934.git.ak@linux.intel.com> Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit To: speck@linutronix.de List-ID: On Fri, Jan 18, 2019 at 04:50:17PM -0800, speck for Andi Kleen wrote: > From: Andi Kleen > Subject: x86/speculation/mds: Add mds=off > > Normally we execute VERW for clearing the cpu unconditionally on kernel exits > that might have touched sensitive. Add a new flag to disable VERW usage. s/sensitive/sensitive data/ > This is intended for systems that only run trusted code and don't > want the performance impact of the extra clearing. "And it is set if the CPU exposes MDS_NO (no need for mitigations) as well." > > This just sets the flag, actual implementation is in future patches. > > Signed-off-by: Andi Kleen Reviewed-by: Konrad Rzeszutek Wilk Thank you! > > --- > > v2: Also force mds=off for MDS_NO > --- > Documentation/admin-guide/kernel-parameters.txt | 3 +++ > arch/x86/include/asm/cpufeatures.h | 1 + > arch/x86/kernel/cpu/bugs.c | 10 ++++++++++ > 3 files changed, 14 insertions(+) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index b799bcf67d7b..9c967d0caeca 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -2357,6 +2357,9 @@ > Format: , > Specifies range of consoles to be captured by the MDA. > > + mds=off [X86, Intel] > + Disable workarounds for Micro-architectural Data Sampling. > + > mem=nn[KMG] [KNL,BOOT] Force usage of a specific amount of memory > Amount of memory to be used when the kernel is not able > to see the whole system memory or for test. > diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h > index 233ca598826f..09347c6a8901 100644 > --- a/arch/x86/include/asm/cpufeatures.h > +++ b/arch/x86/include/asm/cpufeatures.h > @@ -221,6 +221,7 @@ > #define X86_FEATURE_ZEN ( 7*32+28) /* "" CPU is AMD family 0x17 (Zen) */ > #define X86_FEATURE_L1TF_PTEINV ( 7*32+29) /* "" L1TF workaround PTE inversion */ > #define X86_FEATURE_IBRS_ENHANCED ( 7*32+30) /* Enhanced IBRS */ > +#define X86_FEATURE_NO_VERW ( 7*32+31) /* "" No VERW for MDS on kernel exit */ > > /* Virtualization flags: Linux defined, word 8 */ > #define X86_FEATURE_TPR_SHADOW ( 8*32+ 0) /* Intel TPR Shadow */ > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c > index 1de0f4170178..2fd8faa7e23a 100644 > --- a/arch/x86/kernel/cpu/bugs.c > +++ b/arch/x86/kernel/cpu/bugs.c > @@ -37,6 +37,7 @@ > static void __init spectre_v2_select_mitigation(void); > static void __init ssb_select_mitigation(void); > static void __init l1tf_select_mitigation(void); > +static void __init mds_select_mitigation(void); > > /* The base value of the SPEC_CTRL MSR that always has to be preserved. */ > u64 x86_spec_ctrl_base; > @@ -101,6 +102,8 @@ void __init check_bugs(void) > > l1tf_select_mitigation(); > > + mds_select_mitigation(); > + > #ifdef CONFIG_X86_32 > /* > * Check whether we are able to run this kernel safely on SMP. > @@ -1058,6 +1061,13 @@ early_param("l1tf", l1tf_cmdline); > > #undef pr_fmt > > +static void mds_select_mitigation(void) > +{ > + if (cmdline_find_option_bool(boot_command_line, "mds=off") || > + !boot_cpu_has_bug(X86_BUG_MDS)) > + setup_force_cpu_cap(X86_FEATURE_NO_VERW); > +} > + > #ifdef CONFIG_SYSFS > > #define L1TF_DEFAULT_MSG "Mitigation: PTE Inversion" > -- > 2.17.2