Lines Matching +full:top +full:- +full:level

1 .. SPDX-License-Identifier: GPL-2.0
27 This approach helps to ensure that side-channel attacks leveraging
30 Once enabled at compile-time, it can be disabled at boot with the
31 'nopti' or 'pti=' kernel parameters (see kernel-parameters.txt).
42 crippled by setting the NX bit in the top level.  This ensures
43 that any missed kernel->user CR3 switch will immediately crash
49 each CPU's copy of the area a compile-time-fixed virtual address.
53 makes entries in the top (PGD) level.  In addition to setting the
57 This sharing at the PGD level also inherently shares all the lower
65 Protection against side-channel attacks is important.  But,
70   a. Each process now needs an order-1 PGD instead of order-0.
86      non-PTI SYSCALL entry code, so requires mapping fewer
106      are created by copying top-level (PGD) entries into each
111   f. In addition to the fork()-time copying, there must also
119   h. INVPCID is a TLB-flushing instruction which allows flushing
120      of TLB entries for non-current PCIDs.  Some systems support
124      single kernel address flush will require a TLB-flushing CR3
132    boot-time switching.
146 3. Run the 'perf' tool in a mode (top or record) that generates many
147    frequent performance monitoring non-maskable interrupts (see "NMI"
150    interrupted, including nested NMIs.  Using "-c" boosts the rate of
151    NMIs, and using two -c with separate counters encourages nested NMIs
155 	while true; do perf record -c 10000 -e instructions,cycles -a sleep 10; done
158 5. Run 32-bit binaries on systems supporting the SYSCALL instruction.
159    This has been a lightly-tested code path and needs extra scrutiny.
186    faults upon page faults.  Caused by touching non-pti-mapped
188    CR3 before calling into C functions which are not pti-mapped.