diff options
| author | Linux Build Service Account <lnxbuild@localhost> | 2019-12-04 05:36:52 -0800 |
|---|---|---|
| committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2019-12-04 05:36:51 -0800 |
| commit | a94efeebe062bd8818aee9ef70483bbd21f4f558 (patch) | |
| tree | faf5d422e172a8f5708aa2e912c83a552596a37e /Documentation | |
| parent | fbbb7d9af6faf01b3fe05f9a91d1a0b56049fc0a (diff) | |
| parent | ed0754412226e593ffccb7990b18eb4914ac77e7 (diff) | |
Merge "Merge android-4.4-p.204 (583bdda) into msm-4.4"
Diffstat (limited to 'Documentation')
| -rw-r--r-- | Documentation/hw-vuln/mds.rst | 7 | ||||
| -rw-r--r-- | Documentation/hw-vuln/tsx_async_abort.rst | 5 | ||||
| -rw-r--r-- | Documentation/kernel-parameters.txt | 11 |
3 files changed, 20 insertions, 3 deletions
diff --git a/Documentation/hw-vuln/mds.rst b/Documentation/hw-vuln/mds.rst index 3f92728be021..7b8a1e9c5240 100644 --- a/Documentation/hw-vuln/mds.rst +++ b/Documentation/hw-vuln/mds.rst @@ -262,8 +262,11 @@ time with the option "mds=". The valid arguments for this option are: ============ ============================================================= -Not specifying this option is equivalent to "mds=full". - +Not specifying this option is equivalent to "mds=full". For processors +that are affected by both TAA (TSX Asynchronous Abort) and MDS, +specifying just "mds=off" without an accompanying "tsx_async_abort=off" +will have no effect as the same mitigation is used for both +vulnerabilities. Mitigation selection guide -------------------------- diff --git a/Documentation/hw-vuln/tsx_async_abort.rst b/Documentation/hw-vuln/tsx_async_abort.rst index 38beda735f39..0adfe63612ce 100644 --- a/Documentation/hw-vuln/tsx_async_abort.rst +++ b/Documentation/hw-vuln/tsx_async_abort.rst @@ -169,7 +169,10 @@ the option "tsx_async_abort=". The valid arguments for this option are: systems will have no effect. ============ ============================================================= -Not specifying this option is equivalent to "tsx_async_abort=full". +Not specifying this option is equivalent to "tsx_async_abort=full". For +processors that are affected by both TAA and MDS, specifying just +"tsx_async_abort=off" without an accompanying "mds=off" will have no +effect as the same mitigation is used for both vulnerabilities. The kernel command line also allows to control the TSX feature using the parameter "tsx=" on CPUs which support TSX control. MSR_IA32_TSX_CTRL is used diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-parameters.txt index d170c8fcced6..001e46497775 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt @@ -2105,6 +2105,12 @@ bytes respectively. Such letter suffixes can also be entirely omitted. full - Enable MDS mitigation on vulnerable CPUs off - Unconditionally disable MDS mitigation + On TAA-affected machines, mds=off can be prevented by + an active TAA mitigation as both vulnerabilities are + mitigated with the same mechanism so in order to disable + this mitigation, you need to specify tsx_async_abort=off + too. + Not specifying this option is equivalent to mds=full. @@ -4184,6 +4190,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. off - Unconditionally disable TAA mitigation + On MDS-affected machines, tsx_async_abort=off can be + prevented by an active MDS mitigation as both vulnerabilities + are mitigated with the same mechanism so in order to disable + this mitigation, you need to specify mds=off too. + Not specifying this option is equivalent to tsx_async_abort=full. On CPUs which are MDS affected and deploy MDS mitigation, TAA mitigation is not |