!1962 x86/speculation: Add force option to GDS mitigation

 ================================   ===   ============================

GDS can also be mitigated on systems that don't have updated microcode by

disabling AVX. This can be done by setting "clearcpuid=avx" on the kernel

command-line.

disabling AVX. This can be done by setting gather_data_sampling="force" or

"clearcpuid=avx" on the kernel command-line.

If used, these options will disable AVX use by turning off XSAVE YMM support.

However, the processor will still enumerate AVX support.  Userspace that

does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM

support will break.

Mitigation control on the kernel command line

---------------------------------------------

The mitigation can be disabled by setting "gather_data_sampling=off" or

"mitigations=off" on the kernel command line. Not specifying either will

default to the mitigation being enabled.

"mitigations=off" on the kernel command line. Not specifying either will default

to the mitigation being enabled. Specifying "gather_data_sampling=force" will

use the microcode mitigation when available or disable AVX on affected systems

where the microcode hasn't been updated to include the mitigation.

GDS System Information

------------------------

 Vulnerable                     Processor vulnerable and mitigation disabled.

 Vulnerable: No microcode       Processor vulnerable and microcode is missing

                                mitigation.

 Mitigation: AVX disabled,

 no microcode                   Processor is vulnerable and microcode is missing

                                mitigation. AVX disabled as mitigation.

 Mitigation: Microcode          Processor is vulnerable and mitigation is in

                                effect.

 Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in

			This issue is mitigated by default in updated microcode.

			The mitigation may have a performance impact but can be

			disabled.

			disabled. On systems without the microcode mitigation

			disabling AVX serves as a mitigation.

			force:	Disable AVX to mitigate systems without

				microcode mitigation. No effect if the microcode

				mitigation is present. Known to cause crashes in

				userspace with buggy AVX enumeration.

			off:	Disable GDS mitigation.

	  against straight line speculation. The kernel image might be slightly

	  larger.

config GDS_FORCE_MITIGATION

	bool "Force GDS Mitigation"

	depends on CPU_SUP_INTEL

	default n

	help

	  Gather Data Sampling (GDS) is a hardware vulnerability which allows

	  unprivileged speculative access to data which was previously stored in

	  vector registers.

	  This option is equivalent to setting gather_data_sampling=force on the

	  command line. The microcode mitigation is used if present, otherwise

	  AVX is disabled as a mitigation. On affected systems that are missing

	  the microcode any userspace code that unconditionally uses AVX will

	  break with this option set.

	  Setting this option on systems not vulnerable to GDS has no effect.

	  If in doubt, say N.

endif

config ARCH_HAS_ADD_PAGES

#define arch_is_platform_page arch_is_platform_page

#endif

extern bool gds_ucode_mitigated(void);

#endif /* _ASM_X86_PROCESSOR_H */

enum gds_mitigations {

	GDS_MITIGATION_OFF,

	GDS_MITIGATION_UCODE_NEEDED,

	GDS_MITIGATION_FORCE,

	GDS_MITIGATION_FULL,

	GDS_MITIGATION_FULL_LOCKED,

	GDS_MITIGATION_HYPERVISOR,

};

#if IS_ENABLED(CONFIG_GDS_FORCE_MITIGATION)

static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FORCE;

#else

static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL;

#endif

static const char * const gds_strings[] = {

	[GDS_MITIGATION_OFF]		= "Vulnerable",

	[GDS_MITIGATION_UCODE_NEEDED]	= "Vulnerable: No microcode",

	[GDS_MITIGATION_FORCE]		= "Mitigation: AVX disabled, no microcode",

	[GDS_MITIGATION_FULL]		= "Mitigation: Microcode",

	[GDS_MITIGATION_FULL_LOCKED]	= "Mitigation: Microcode (locked)",

	[GDS_MITIGATION_HYPERVISOR]	= "Unknown: Dependent on hypervisor status",

};

bool gds_ucode_mitigated(void)

{

	return (gds_mitigation == GDS_MITIGATION_FULL ||

		gds_mitigation == GDS_MITIGATION_FULL_LOCKED);

}

EXPORT_SYMBOL_GPL(gds_ucode_mitigated);

void update_gds_msr(void)

{

	u64 mcu_ctrl_after;

		rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);

		mcu_ctrl &= ~GDS_MITG_DIS;

		break;

	case GDS_MITIGATION_FORCE:

	case GDS_MITIGATION_UCODE_NEEDED:

	case GDS_MITIGATION_HYPERVISOR:

		return;

	/* No microcode */

	if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) {

		if (gds_mitigation == GDS_MITIGATION_FORCE) {

			/*

			 * This only needs to be done on the boot CPU so do it

			 * here rather than in update_gds_msr()

			 */

			setup_clear_cpu_cap(X86_FEATURE_AVX);

			pr_warn("Microcode update needed! Disabling AVX as mitigation.\n");

		} else {

			gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;

		}

		goto out;

	}

	/* Microcode has mitigation, use it */

	if (gds_mitigation == GDS_MITIGATION_FORCE)

		gds_mitigation = GDS_MITIGATION_FULL;

	rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);

	if (mcu_ctrl & GDS_MITG_LOCKED) {

		if (gds_mitigation == GDS_MITIGATION_OFF)

	if (!strcmp(str, "off"))

		gds_mitigation = GDS_MITIGATION_OFF;

	else if (!strcmp(str, "force"))

		gds_mitigation = GDS_MITIGATION_FORCE;

	return 0;

}