| /kernel/linux/linux-5.10/Documentation/admin-guide/hw-vuln/ |
| D | mds.rst | 26 Not all processors are affected by all variants of MDS, but the mitigation
103 - The processor is vulnerable, but no mitigation enabled
107 The mitigation is enabled on a best effort basis. See :ref:`vmwerv`
108 * - 'Mitigation: Clear CPU buffers'
109 - The processor is vulnerable and the CPU buffer clearing mitigation is
124 Best effort mitigation mode
128 mitigation mechanism is not advertised via CPUID the kernel selects a best
129 effort mitigation mode. This mode invokes the mitigation instructions
140 Mitigation mechanism
147 enables the mitigation by default. The mitigation can be controlled at boot
[all …]
|
| D | special-register-buffer-data-sampling.rst | 61 Mitigation mechanism
86 the mitigation for RDRAND and RDSEED instructions executed outside of Intel
88 disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not
96 Along with the mitigation for this issue, Intel added a new thread-scope
102 disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
103 enclave on that logical processor. Opting out of the mitigation for a
107 Note that inside of an Intel SGX enclave, the mitigation is applied regardless
110 Mitigation control on the kernel command line
112 The kernel command line allows control over the SRBDS mitigation at boot time
116 off This option disables SRBDS mitigation for RDRAND and RDSEED on
[all …]
|
| D | processor_mmio_stale_data.rst | 10 provided to untrusted guests may need mitigation. These vulnerabilities are
13 by an unmitigated transient execution attack. Mitigation for these
110 section, mitigation largely remains the same for all the variants, i.e. to
117 specific variants of Processor MMIO Stale Data vulnerabilities and mitigation
150 Mitigation chapter
153 same mitigation strategy to force the CPU to clear the affected buffers before
166 additional mitigation is needed on such CPUs.
168 For CPUs not affected by MDS or TAA, mitigation is needed only for the attacker
173 Mitigation points
177 Same mitigation as MDS when affected by MDS/TAA, otherwise no mitigation
[all …]
|
| D | tsx_async_abort.rst | 99 …- The CPU is affected by this vulnerability and the microcode and kernel mitigation are not applie…
102 * - 'Mitigation: Clear CPU buffers'
104 * - 'Mitigation: TSX disabled'
111 Best effort mitigation mode
115 mitigation mechanism is not advertised via CPUID the kernel selects a best
116 effort mitigation mode. This mode invokes the mitigation instructions
128 Mitigation mechanism
133 enables the mitigation by default.
136 The mitigation can be controlled at boot time via a kernel command line option.
139 Virtualization mitigation
[all …]
|
| D | spectre.rst | 144 For a full mitigation against BHB attacks, it's recommended to use
331 mitigation status of the system for Spectre: whether the system is
334 The sysfs file showing Spectre variant 1 mitigation status is:
348 * - 'Mitigation: usercopy/swapgs barriers and __user pointer sanitization'
358 retpoline mitigation or if the CPU has hardware mitigation, and if the
359 CPU has support for additional process-specific mitigation.
372 The sysfs file showing Spectre variant 2 mitigation status is:
382 'Mitigation: None' Vulnerable, no mitigation
383 'Mitigation: Retpolines' Use Retpoline thunks
384 'Mitigation: LFENCE' Use LFENCE instructions
[all …]
|
| D | multihit.rst | 81 * - KVM: Mitigation: Split huge pages
83 * - KVM: Mitigation: VMX unsupported
85 * - KVM: Mitigation: VMX disabled
88 - The processor is vulnerable, but no mitigation enabled
104 Mitigation mechanism
122 Mitigation control on the kernel command line and KVM - module parameter
125 The KVM hypervisor mitigation mechanism for marking huge pages as
133 force Mitigation is enabled. In this case, the mitigation implements
139 off Mitigation is disabled.
141 auto Enable mitigation only if the platform is affected and the kernel
[all …]
|
| D | l1tf.rst | 78 The Linux kernel contains a mitigation for this attack vector, PTE
92 PTE inversion mitigation for L1TF, to attack physical host memory.
132 'Mitigation: PTE Inversion' The host protection is active
136 information is appended to the 'Mitigation: PTE Inversion' part:
158 Host mitigation mechanism
165 Guest mitigation mechanisms
282 of other mitigation solutions like confining guests to dedicated cores.
351 Disabling EPT for virtual machines provides full mitigation for L1TF even
354 significant performance impact especially when the Meltdown mitigation
359 There is ongoing research and development for new mitigation mechanisms to
[all …]
|
| /kernel/linux/linux-5.10/arch/x86/kernel/cpu/ |
| D | bugs.c | 215 * If the host has SSBD mitigation enabled, force it in the host's in x86_virt_spec_ctrl()
251 /* Default mitigation for MDS-affected CPUs */
257 [MDS_MITIGATION_FULL] = "Mitigation: Clear CPU buffers",
311 /* Default mitigation for TAA-affected CPUs */
318 [TAA_MITIGATION_VERW] = "Mitigation: Clear CPU buffers",
319 [TAA_MITIGATION_TSX_DISABLED] = "Mitigation: TSX disabled",
343 * TAA mitigation via VERW is turned off if both in taa_select_mitigation()
370 * TSX is enabled, select alternate mitigation for TAA which is in taa_select_mitigation()
374 * present on host, enable the mitigation for UCODE_NEEDED as well. in taa_select_mitigation()
412 /* Default mitigation for Processor MMIO Stale Data vulnerabilities */
[all …]
|
| /kernel/linux/linux-5.10/Documentation/x86/ |
| D | mds.rst | 1 Microarchitectural Data Sampling (MDS) mitigation
70 Mitigation strategy
73 All variants have the same mitigation strategy at least for the single CPU
82 command. The latter is issued when L1TF mitigation is enabled so the extra
98 The mitigation is invoked on kernel/userspace, hypervisor/guest and C-state
112 Kernel internal mitigation modes
116 off Mitigation is disabled. Either the CPU is not affected or
119 full Mitigation is enabled. CPU is affected and MD_CLEAR is
122 vmwerv Mitigation is enabled. CPU is affected and MD_CLEAR is not
130 line then the kernel selects the appropriate mitigation mode depending on
[all …]
|
| D | tsx_async_abort.rst | 3 TSX Async Abort (TAA) mitigation
21 Mitigation strategy
33 Kernel internal mitigation modes
37 off Mitigation is disabled. Either the CPU is not affected or
40 tsx disabled Mitigation is enabled. TSX feature is disabled by default at
43 verw Mitigation is enabled. CPU is affected and MD_CLEAR is
46 ucode needed Mitigation is enabled. CPU is affected and MD_CLEAR is not
54 not provided then the kernel selects an appropriate mitigation depending on the
58 TAA mitigation, VERW behavior and TSX feature for various combinations of
66 …A_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
[all …]
|
| /kernel/linux/linux-5.10/arch/arm64/kernel/ |
| D | proton-pack.c | 3 * Handle detection, reporting and mitigation of Spectre v1, v2 and v4, as
35 * We try to ensure that the mitigation state can never change as the result of
63 return sprintf(buf, "Mitigation: __user pointer sanitization\n"); in cpu_show_spectre_v1()
96 pr_info_once("spectre-v2 mitigation disabled by command line option\n"); in spectre_v2_mitigations_off()
145 return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str); in cpu_show_spectre_v2()
341 * still rely on firmware for the mitigation at EL2. in spectre_v2_enable_fw_mitigation()
373 * A major source of headaches is that the software mitigation is enabled both
380 * all of the currently onlined CPUs are safelisted, as the mitigation tends to
383 * The only good part is that if the firmware mitigation is present, then it is
385 * vulnerable CPU if one of the boot CPUs is using the firmware mitigation.
[all …]
|
| /kernel/linux/linux-5.10/arch/s390/kernel/ |
| D | nospec-sysfs.c | 10 return sprintf(buf, "Mitigation: __user pointer sanitization\n"); in cpu_show_spectre_v1()
17 return sprintf(buf, "Mitigation: etokens\n"); in cpu_show_spectre_v2()
19 return sprintf(buf, "Mitigation: execute trampolines\n"); in cpu_show_spectre_v2()
21 return sprintf(buf, "Mitigation: limited branch prediction\n"); in cpu_show_spectre_v2()
|
| D | nospec-branch.c | 40 pr_info("Spectre V2 mitigation: etokens\n"); in nospec_report()
42 pr_info("Spectre V2 mitigation: execute trampolines\n"); in nospec_report()
44 pr_info("Spectre V2 mitigation: limited branch prediction\n"); in nospec_report()
|
| /kernel/linux/linux-5.10/drivers/net/wireless/broadcom/b43/ |
| D | sysfs.c | 58 "0 (No Interference Mitigation)\n"); in b43_attr_interfmode_show()
63 "1 (Non-WLAN Interference Mitigation)\n"); in b43_attr_interfmode_show()
68 "2 (WLAN Interference Mitigation)\n"); in b43_attr_interfmode_show()
113 b43err(wldev->wl, "Interference Mitigation not " in b43_attr_interfmode_store()
|
| D | phy_common.h | 40 * enum b43_interference_mitigation - Interference Mitigation mode
43 * @B43_INTERFMODE_NONWLAN: Non-WLAN Interference Mitigation
44 * @B43_INTERFMODE_MANUALWLAN: WLAN Interference Mitigation
45 * @B43_INTERFMODE_AUTOWLAN: Automatic WLAN Interference Mitigation
125 * @interf_mitigation: Switch the Interference Mitigation mode.
|
| /kernel/linux/linux-5.10/Documentation/driver-api/thermal/ |
| D | cpu-idle-cooling.rst | 70 performance penalty and a fixed latency. Mitigation can be increased
90 the duty cycle percentage. When no mitigation is happening the cooling
93 When the mitigation begins, depending on the governor's policy, a
133 mitigation begins. It is platform dependent and will depend on the
138 for thermal mitigation, otherwise we end up consuming more energy.
194 potentially invert the mitigation effect
|
| /kernel/linux/linux-5.10/Documentation/userspace-api/ |
| D | spec_ctrl.rst | 9 The kernel provides mitigation for such vulnerabilities in various
34 0 PR_SPEC_PRCTL Mitigation can be controlled per task by
36 1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is
38 2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is
48 If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is
|
| /kernel/linux/linux-5.10/tools/testing/selftests/powerpc/security/ |
| D | spectre_v2.c | 142 printf("Error: couldn't determine spectre_v2 mitigation state?\n"); in spectre_v2_test()
188 printf("Possible mis-match between reported & actual mitigation\n"); in spectre_v2_test()
206 printf("Possible mis-match between reported & actual mitigation\n"); in spectre_v2_test()
213 printf("Possible mis-match between reported & actual mitigation\n"); in spectre_v2_test()
223 printf("OK - Measured branch prediction rates match reported spectre v2 mitigation.\n"); in spectre_v2_test()
|
| /kernel/linux/linux-5.10/drivers/net/wireless/broadcom/b43legacy/ |
| D | sysfs.c | 79 " Mitigation)\n"); in b43legacy_attr_interfmode_show()
83 " Mitigation)\n"); in b43legacy_attr_interfmode_show()
87 " Mitigation)\n"); in b43legacy_attr_interfmode_show()
133 b43legacyerr(wldev->wl, "Interference Mitigation not " in b43legacy_attr_interfmode_store()
|
| /kernel/linux/linux-5.10/arch/powerpc/kernel/ |
| D | security.c | 153 seq_buf_printf(&s, "Mitigation: RFI Flush"); in cpu_show_meltdown()
186 seq_buf_printf(&s, "Mitigation: __user pointer sanitization"); in cpu_show_spectre_v1()
211 seq_buf_printf(&s, "Mitigation: "); in cpu_show_spectre_v2()
223 seq_buf_printf(&s, "Mitigation: Software count cache flush"); in cpu_show_spectre_v2()
229 seq_buf_printf(&s, "Mitigation: Branch predictor state flush"); in cpu_show_spectre_v2()
355 return sprintf(buf, "Mitigation: Kernel entry/exit barrier (%s)\n", type); in cpu_show_spec_store_bypass()
380 * barrier is not a global or per-process mitigation, so the in ssb_prctl_get()
|
| /kernel/linux/linux-5.10/arch/arm/kernel/ |
| D | spectre.c | 20 return sprintf(buf, "Mitigation: __user pointer sanitization\n"); in cpu_show_spectre_v1()
70 return sprintf(buf, "Mitigation: %s\n", method); in cpu_show_spectre_v2()
|
| /kernel/linux/linux-5.10/arch/arm64/include/asm/ |
| D | vectors.h | 25 * Perform the BHB loop mitigation, before branching to the canonical
31 * Make the SMC call for firmware mitigation, before branching to the
|
| /kernel/linux/linux-5.10/arch/x86/include/asm/ |
| D | nospec-branch.h | 251 /* The Spectre V2 mitigation variants */
340 * mds_clear_cpu_buffers - Mitigation for MDS and TAA vulnerability
363 * mds_user_clear_cpu_buffers - Mitigation for MDS and TAA vulnerability
374 * mds_idle_clear_cpu_buffers - Mitigation for MDS vulnerability
|
| /kernel/linux/linux-5.10/Documentation/virt/kvm/arm/ |
| D | psci.rst | 47 firmware support for the workaround. The mitigation status for the
51 available to the guest and required for the mitigation.
|
| /kernel/linux/linux-5.10/Documentation/admin-guide/ |
| D | kernel-parameters.txt | 2231 Default: enabled on cores which need mitigation.
2320 kvm-intel.vmentry_l1d_flush=[KVM,Intel] Mitigation for L1 Terminal Fault
2328 never: Disables the mitigation
2336 l1tf= [X86] Control mitigation of the L1TF vulnerability on
2363 hypervisor mitigation, i.e. conditional
2376 hypervisor mitigation.
2655 Control mitigation for the Micro-architectural Data
2667 This parameter controls the MDS mitigation. The
2670 full - Enable MDS mitigation on vulnerable CPUs
2671 full,nosmt - Enable MDS mitigation and disable
[all …]
|