[PATCH 0/2] x86/bugs: Break down mitigations configurations

[PATCH 0/2] x86/bugs: Break down mitigations configurations

[Breno Leitao]

There is no way to compile a kernel today with some of the speculative
mitigations disabled. Even if the kernel has
CONFIG_SPECULATION_MITIGATIONS=n, some Intel mitigations, such as MDS, TAA,
MMIO are still enabled and can only be disabled using a kernel parameter.

This patchset creates a way to choose what to enable or disable, and,
get the mitigations disable if CONFIG_SPECULATION_MITIGATIONS is not
set, as the rest of other mitigations.

Also, we want to print a warning message letting users know that these
mitigations are disabled.

This is a follow up to this discussion: https://lkml.org/lkml/2023/6/12/798

Breno Leitao (3):
  x86/bugs: Create an option to disable MDS
  x86/bugs: Create an option to disable TAA
  x86/bugs: Create an option to disable MMIO vulnerability

 arch/x86/Kconfig           | 31 +++++++++++++++++++++++++++++++
 arch/x86/kernel/cpu/bugs.c | 23 +++++++++++++++++++----
 2 files changed, 50 insertions(+), 4 deletions(-)

-- 
2.34.1

[PATCH 1/3] x86/bugs: Create an option to disable MDS

[Breno Leitao]

There is no way to disable MDS mitigation today at compilation time. MDS
is enabled even if CONFIG_SPECULATION_MITIGATIONS is unset.

Create a new KCONFIG option that allow MDS mitigations to be disabled in
compilation time.

Signed-off-by: Breno Leitao <leitao@debian.org>
---
 arch/x86/Kconfig           | 11 +++++++++++
 arch/x86/kernel/cpu/bugs.c |  9 ++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 53bab123a8ee..d25132b2d54f 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2649,6 +2649,17 @@ config SLS
 	  against straight line speculation. The kernel image might be slightly
 	  larger.
 
+config MITIGATE_MDS
+	bool "Mitigate Microarchitectural Data Sampling (MDS) hardware bug"
+	depends on CPU_SUP_INTEL && X86_64
+	default y
+	help
+	  Enable mitigation for Microarchitectural Data Sampling (MDS). MDS is
+	  a hardware vulnerability which allows unprivileged speculative access
+	  to data which is available in various CPU internal buffer. Deeper
+	  technical information is available in the MDS specific x86 architecture
+	  section: Documentation/arch/x86/mds.rst.
+
 endif
 
 config ARCH_HAS_ADD_PAGES
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 182af64387d0..50f12829dce9 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -269,6 +269,7 @@ static void x86_amd_ssb_disable(void)
 /* Default mitigation for MDS-affected CPUs */
 static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
 static bool mds_nosmt __ro_after_init = false;
+#define MDS_WARN_MSG "WARNING: Microarchitectural Data Sampling (MDS) speculative mitigation disabled!\n"
 
 static const char * const mds_strings[] = {
 	[MDS_MITIGATION_OFF]	= "Vulnerable",
@@ -278,11 +279,17 @@ static const char * const mds_strings[] = {
 
 static void __init mds_select_mitigation(void)
 {
-	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
+	if (!boot_cpu_has_bug(X86_BUG_MDS)) {
 		mds_mitigation = MDS_MITIGATION_OFF;
 		return;
 	}
 
+	if (cpu_mitigations_off() || !IS_ENABLED(CONFIG_MITIGATE_MDS)) {
+		mds_mitigation = MDS_MITIGATION_OFF;
+		pr_err(MDS_WARN_MSG);
+		return;
+	}
+
 	if (mds_mitigation == MDS_MITIGATION_FULL) {
 		if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
 			mds_mitigation = MDS_MITIGATION_VMWERV;
-- 
2.34.1

[PATCH 2/3] x86/bugs: Create an option to disable TAA

[Breno Leitao]

There is no way to disable TAA mitigation today at compilation time. TAA
is enabled even if CONFIG_SPECULATION_MITIGATIONS is unset.

Create a new KCONFIG option that allow TAA mitigation to be disabled in
compilation time.

Signed-off-by: Breno Leitao <leitao@debian.org>
---
 arch/x86/Kconfig           | 10 ++++++++++
 arch/x86/kernel/cpu/bugs.c |  4 +++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index d25132b2d54f..140af3b30c45 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2660,6 +2660,16 @@ config MITIGATE_MDS
 	  technical information is available in the MDS specific x86 architecture
 	  section: Documentation/arch/x86/mds.rst.
 
+config MITIGATE_TAA
+	bool "Mitigate TSX Asynchronous Abort (TAA) hardware bug"
+	depends on CPU_SUP_INTEL && X86_64
+	default y
+	help
+	  Enable mitigation for TSX Asynchronous Abort (TAA). TAA is a hardware
+	  vulnerability that allows unprivileged speculative access to data
+	  which is available in various CPU internal buffers by using
+	  asynchronous aborts within an Intel TSX transactional region.
+
 endif
 
 config ARCH_HAS_ADD_PAGES
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 50f12829dce9..3615bda9573f 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -336,6 +336,7 @@ enum taa_mitigations {
 /* Default mitigation for TAA-affected CPUs */
 static enum taa_mitigations taa_mitigation __ro_after_init = TAA_MITIGATION_VERW;
 static bool taa_nosmt __ro_after_init;
+#define TAA_WARN_MSG "WARNING: TSX Asynchronous Abort (TAA) speculative mitigation disabled!\n"
 
 static const char * const taa_strings[] = {
 	[TAA_MITIGATION_OFF]		= "Vulnerable",
@@ -359,8 +360,9 @@ static void __init taa_select_mitigation(void)
 		return;
 	}
 
-	if (cpu_mitigations_off()) {
+	if (cpu_mitigations_off() || !IS_ENABLED(CONFIG_MITIGATE_TAA)) {
 		taa_mitigation = TAA_MITIGATION_OFF;
+		pr_err(TAA_WARN_MSG);
 		return;
 	}
 
-- 
2.34.1

[PATCH 3/3] x86/bugs: Create an option to disable MMIO vulnerability

[Breno Leitao]

There is no way to disable MMIO Stale data mitigation today at
compilation time. These mitigations are enabled even if
CONFIG_SPECULATION_MITIGATIONS is unset.

Create a new KCONFIG option that allow MMIO mitigation to be disabled in
compilation time.

Signed-off-by: Breno Leitao <leitao@debian.org>
---
 arch/x86/Kconfig           | 10 ++++++++++
 arch/x86/kernel/cpu/bugs.c | 10 ++++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
index 140af3b30c45..ba64f7c9b08d 100644
--- a/arch/x86/Kconfig
+++ b/arch/x86/Kconfig
@@ -2670,6 +2670,16 @@ config MITIGATE_TAA
 	  which is available in various CPU internal buffers by using
 	  asynchronous aborts within an Intel TSX transactional region.
 
+config MITIGATE_MMIO_STALE_DATA
+	bool "Mitigate MMIO Stale Data hardware bug"
+	depends on CPU_SUP_INTEL && X86_64
+	default y
+	help
+	  Enable mitigation for MMIO Stale Data hardware bugs.  Processor MMIO
+	  Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO)
+	  vulnerabilities that can expose data. The vulnerabilities require the
+	  attacker to have access to MMIO.
+
 endif
 
 config ARCH_HAS_ADD_PAGES
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 3615bda9573f..b5c171feb05e 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -439,6 +439,7 @@ enum mmio_mitigations {
 /* Default mitigation for Processor MMIO Stale Data vulnerabilities */
 static enum mmio_mitigations mmio_mitigation __ro_after_init = MMIO_MITIGATION_VERW;
 static bool mmio_nosmt __ro_after_init = false;
+#define MMIO_WARN_MSG "WARNING: MMIO Stale Data speculative mitigation disabled!\n"
 
 static const char * const mmio_strings[] = {
 	[MMIO_MITIGATION_OFF]		= "Vulnerable",
@@ -451,12 +452,17 @@ static void __init mmio_select_mitigation(void)
 	u64 ia32_cap;
 
 	if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) ||
-	     boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN) ||
-	     cpu_mitigations_off()) {
+	     boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) {
 		mmio_mitigation = MMIO_MITIGATION_OFF;
 		return;
 	}
 
+	if (cpu_mitigations_off() || !IS_ENABLED(CONFIG_MITIGATE_MDS)) {
+		mmio_mitigation = MMIO_MITIGATION_OFF;
+		pr_err(MMIO_WARN_MSG);
+		return;
+	}
+
 	if (mmio_mitigation == MMIO_MITIGATION_OFF)
 		return;
 
-- 
2.34.1

[PATCH 0/2] x86/bugs: Break down mitigations configurations

[Breno Leitao]

There is no way to compile a kernel today with some of the speculative
mitigations disabled. Even if the kernel has
CONFIG_SPECULATION_MITIGATIONS=n, some Intel mitigations, such as MDS, TAA,
MMIO are still enabled and can only be disabled using a kernel parameter.

This patchset creates a way to choose what to enable or disable, and,
get the mitigations disable if CONFIG_SPECULATION_MITIGATIONS is not
set, as the rest of other mitigations.

Also, we want to print a warning message letting users know that these
mitigations are disabled.

Breno Leitao (2):
  x86/speculation: Disable mitigations if CONFIG says so
  x86/speculation: Print error when mitigations are disabled

 arch/x86/kernel/cpu/bugs.c | 29 ++++++++++++++++++++++++-----
 1 file changed, 24 insertions(+), 5 deletions(-)

-- 
2.34.1

[PATCH 1/2] x86/speculation: Disable mitigations if CONFIG says so

[Breno Leitao]

There is no way to disable certain mitigations(MDS, TAA, MMIO) today.
They are enabled even when the kernel has
CONFIG_SPECULATION_MITIGATIONS=n.

Create a function that says if the speculative mitigations are enabled
or not. They should use CONFIG_SPECULATION_MITIGATIONS as one source of
information.

Just enable MDS, TAA, MMIO mitigations if speculative mitigations are
enabled.

Signed-off-by: Breno Leitao <leitao@debian.org>
---
 arch/x86/kernel/cpu/bugs.c | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 182af64387d0..703649a29181 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -87,6 +87,12 @@ void update_spec_ctrl_cond(u64 val)
 		wrmsrl(MSR_IA32_SPEC_CTRL, val);
 }
 
+static inline bool cpu_speculative_mitigations_off(void)
+{
+	return cpu_mitigations_off() ||
+		!IS_ENABLED(CONFIG_SPECULATION_MITIGATIONS);
+}
+
 noinstr u64 spec_ctrl_current(void)
 {
 	return this_cpu_read(x86_spec_ctrl_current);
@@ -278,7 +284,7 @@ static const char * const mds_strings[] = {
 
 static void __init mds_select_mitigation(void)
 {
-	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
+	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_speculative_mitigations_off()) {
 		mds_mitigation = MDS_MITIGATION_OFF;
 		return;
 	}
@@ -352,7 +358,7 @@ static void __init taa_select_mitigation(void)
 		return;
 	}
 
-	if (cpu_mitigations_off()) {
+	if (cpu_speculative_mitigations_off()) {
 		taa_mitigation = TAA_MITIGATION_OFF;
 		return;
 	}
@@ -443,7 +449,7 @@ static void __init mmio_select_mitigation(void)
 
 	if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) ||
 	     boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN) ||
-	     cpu_mitigations_off()) {
+	     cpu_speculative_mitigations_off()) {
 		mmio_mitigation = MMIO_MITIGATION_OFF;
 		return;
 	}
@@ -516,7 +522,7 @@ early_param("mmio_stale_data", mmio_stale_data_parse_cmdline);
 
 static void __init md_clear_update_mitigation(void)
 {
-	if (cpu_mitigations_off())
+	if (cpu_speculative_mitigations_off())
 		return;
 
 	if (!static_key_enabled(&mds_user_clear))
-- 
2.34.1

[PATCH 2/2] x86/speculation: Print error when mitigations are disabled

[Breno Leitao]

If mitigations are disabled for MDS, TAA, MMIO we want to let users
aware. This is either disabled by "mitigations=off" kernel argument, or,
by CONFIG_SPECULATION_MITIGATIONS=n

Signed-off-by: Breno Leitao <leitao@debian.org>
---
 arch/x86/kernel/cpu/bugs.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 703649a29181..b678cdd95dc1 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -275,6 +275,7 @@ static void x86_amd_ssb_disable(void)
 /* Default mitigation for MDS-affected CPUs */
 static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
 static bool mds_nosmt __ro_after_init = false;
+#define MDS_WARN_MSG "WARNING: Microarchitectural Data Sampling (MDS) speculative mitigation disabled!\n"
 
 static const char * const mds_strings[] = {
 	[MDS_MITIGATION_OFF]	= "Vulnerable",
@@ -284,11 +285,16 @@ static const char * const mds_strings[] = {
 
 static void __init mds_select_mitigation(void)
 {
-	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_speculative_mitigations_off()) {
+	if (!boot_cpu_has_bug(X86_BUG_MDS)) {
 		mds_mitigation = MDS_MITIGATION_OFF;
 		return;
 	}
 
+	if (cpu_speculative_mitigations_off()) {
+		pr_err(MDS_WARN_MSG);
+		mds_mitigation = MDS_MITIGATION_OFF;
+	}
+
 	if (mds_mitigation == MDS_MITIGATION_FULL) {
 		if (!boot_cpu_has(X86_FEATURE_MD_CLEAR))
 			mds_mitigation = MDS_MITIGATION_VMWERV;
@@ -335,6 +341,7 @@ enum taa_mitigations {
 /* Default mitigation for TAA-affected CPUs */
 static enum taa_mitigations taa_mitigation __ro_after_init = TAA_MITIGATION_VERW;
 static bool taa_nosmt __ro_after_init;
+#define TAA_WARN_MSG "WARNING: TSX Asynchronous Abort (TAA) speculative mitigation disabled!\n"
 
 static const char * const taa_strings[] = {
 	[TAA_MITIGATION_OFF]		= "Vulnerable",
@@ -359,6 +366,7 @@ static void __init taa_select_mitigation(void)
 	}
 
 	if (cpu_speculative_mitigations_off()) {
+		pr_err(TAA_WARN_MSG);
 		taa_mitigation = TAA_MITIGATION_OFF;
 		return;
 	}
@@ -436,6 +444,7 @@ enum mmio_mitigations {
 /* Default mitigation for Processor MMIO Stale Data vulnerabilities */
 static enum mmio_mitigations mmio_mitigation __ro_after_init = MMIO_MITIGATION_VERW;
 static bool mmio_nosmt __ro_after_init = false;
+#define MMIO_WARN_MSG "WARNING: MMIO Stale Data speculative mitigation disabled!\n"
 
 static const char * const mmio_strings[] = {
 	[MMIO_MITIGATION_OFF]		= "Vulnerable",
@@ -448,12 +457,16 @@ static void __init mmio_select_mitigation(void)
 	u64 ia32_cap;
 
 	if (!boot_cpu_has_bug(X86_BUG_MMIO_STALE_DATA) ||
-	     boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN) ||
-	     cpu_speculative_mitigations_off()) {
+	     boot_cpu_has_bug(X86_BUG_MMIO_UNKNOWN)) {
 		mmio_mitigation = MMIO_MITIGATION_OFF;
 		return;
 	}
 
+	if (cpu_speculative_mitigations_off()) {
+		pr_err(MMIO_WARN_MSG);
+		mmio_mitigation = MMIO_MITIGATION_OFF;
+	}
+
 	if (mmio_mitigation == MMIO_MITIGATION_OFF)
 		return;
 
-- 
2.34.1

Re: [PATCH 0/2] x86/bugs: Break down mitigations configurations

[Andi Kleen]

Breno Leitao <leitao@debian.org> writes:

> There is no way to compile a kernel today with some of the speculative
> mitigations disabled. Even if the kernel has
> CONFIG_SPECULATION_MITIGATIONS=n, some Intel mitigations, such as MDS, TAA,
> MMIO are still enabled and can only be disabled using a kernel parameter.
>
> This patchset creates a way to choose what to enable or disable, and,
> get the mitigations disable if CONFIG_SPECULATION_MITIGATIONS is not
> set, as the rest of other mitigations.
>
> Also, we want to print a warning message letting users know that these
> mitigations are disabled.
>
> This is a follow up to this discussion: https://lkml.org/lkml/2023/6/12/798
>

Isn't this all roughly equivalent to CONFIG_CMDLINE="mitigations=..." ?

-Andi

Re: [PATCH 1/3] x86/bugs: Create an option to disable MDS

[Pawan Gupta]

On Thu, Jun 15, 2023 at 09:44:12AM -0700, Breno Leitao wrote:
> diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> index 182af64387d0..50f12829dce9 100644
> --- a/arch/x86/kernel/cpu/bugs.c
> +++ b/arch/x86/kernel/cpu/bugs.c
> @@ -269,6 +269,7 @@ static void x86_amd_ssb_disable(void)
>  /* Default mitigation for MDS-affected CPUs */
>  static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
>  static bool mds_nosmt __ro_after_init = false;
> +#define MDS_WARN_MSG "WARNING: Microarchitectural Data Sampling (MDS) speculative mitigation disabled!\n"
>  
>  static const char * const mds_strings[] = {
>  	[MDS_MITIGATION_OFF]	= "Vulnerable",
> @@ -278,11 +279,17 @@ static const char * const mds_strings[] = {
>  
>  static void __init mds_select_mitigation(void)
>  {
> -	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
> +	if (!boot_cpu_has_bug(X86_BUG_MDS)) {
>  		mds_mitigation = MDS_MITIGATION_OFF;
>  		return;
>  	}
>  
> +	if (cpu_mitigations_off() || !IS_ENABLED(CONFIG_MITIGATE_MDS)) {
> +		mds_mitigation = MDS_MITIGATION_OFF;
> +		pr_err(MDS_WARN_MSG);
> +		return;

Why does compile time config needs to be so restrictive that it does not
allow runtime override with mds= cmdline?

I believe Kconfig should only be setting the mitigation default,
allowing users to select mitigation at runtime:

---
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 182af64387d0..50e1ca4ea68b 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -267,7 +267,11 @@ static void x86_amd_ssb_disable(void)
 #define pr_fmt(fmt)	"MDS: " fmt
 
 /* Default mitigation for MDS-affected CPUs */
+#if IS_ENABLED(CONFIG_MITIGATE_MDS)
 static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
+#else
+static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_OFF;
+#endif
 static bool mds_nosmt __ro_after_init = false;
 
 static const char * const mds_strings[] = {

Re: [PATCH 0/2] x86/bugs: Break down mitigations configurations

[Breno Leitao]

On Thu, Jun 15, 2023 at 10:21:55AM -0700, Andi Kleen wrote:
> Breno Leitao <leitao@debian.org> writes:
> 
> > There is no way to compile a kernel today with some of the speculative
> > mitigations disabled. Even if the kernel has
> > CONFIG_SPECULATION_MITIGATIONS=n, some Intel mitigations, such as MDS, TAA,
> > MMIO are still enabled and can only be disabled using a kernel parameter.
> >
> > This patchset creates a way to choose what to enable or disable, and,
> > get the mitigations disable if CONFIG_SPECULATION_MITIGATIONS is not
> > set, as the rest of other mitigations.
> >
> > Also, we want to print a warning message letting users know that these
> > mitigations are disabled.
> >
> > This is a follow up to this discussion: https://lkml.org/lkml/2023/6/12/798
> >
> 
> Isn't this all roughly equivalent to CONFIG_CMDLINE="mitigations=..." ?

It is, indeed. But, the main motivation for this patchset it to solve a
consistency problem on our Kconfig. The user would image that all
speculative mitigations would be disabled if he passes
CONFIG_SPECULATION_MITIGATIONS=n, but that is not true. The user needs
something else, such as CONFIG_CMDLINE="mitigations=off" or "mds=off".

This patchset give more consistency to our Kconfig options, and the user
doesn't need to read between the lines.

Re: [PATCH 1/3] x86/bugs: Create an option to disable MDS

[Breno Leitao]

On Thu, Jun 15, 2023 at 03:13:47PM -0700, Pawan Gupta wrote:
> On Thu, Jun 15, 2023 at 09:44:12AM -0700, Breno Leitao wrote:
> > diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
> > index 182af64387d0..50f12829dce9 100644
> > --- a/arch/x86/kernel/cpu/bugs.c
> > +++ b/arch/x86/kernel/cpu/bugs.c
> > @@ -269,6 +269,7 @@ static void x86_amd_ssb_disable(void)
> >  /* Default mitigation for MDS-affected CPUs */
> >  static enum mds_mitigations mds_mitigation __ro_after_init = MDS_MITIGATION_FULL;
> >  static bool mds_nosmt __ro_after_init = false;
> > +#define MDS_WARN_MSG "WARNING: Microarchitectural Data Sampling (MDS) speculative mitigation disabled!\n"
> >  
> >  static const char * const mds_strings[] = {
> >  	[MDS_MITIGATION_OFF]	= "Vulnerable",
> > @@ -278,11 +279,17 @@ static const char * const mds_strings[] = {
> >  
> >  static void __init mds_select_mitigation(void)
> >  {
> > -	if (!boot_cpu_has_bug(X86_BUG_MDS) || cpu_mitigations_off()) {
> > +	if (!boot_cpu_has_bug(X86_BUG_MDS)) {
> >  		mds_mitigation = MDS_MITIGATION_OFF;
> >  		return;
> >  	}
> >  
> > +	if (cpu_mitigations_off() || !IS_ENABLED(CONFIG_MITIGATE_MDS)) {
> > +		mds_mitigation = MDS_MITIGATION_OFF;
> > +		pr_err(MDS_WARN_MSG);
> > +		return;
> 
> Why does compile time config needs to be so restrictive that it does not
> allow runtime override with mds= cmdline?
> 
> I believe Kconfig should only be setting the mitigation default,
> allowing users to select mitigation at runtime:

Sure, that is doable as well. If no one has any opposition to it, I will
implemented as suggested.