l1tf.rst - OpenGrok cross reference for /Documentation/admin-guide/hw-vuln/l1tf.rst

Lines Matching +full:interrupt +full:- +full:affinity
1 L1TF - L1 Terminal Fault
10 -------------------
15    - Processors from AMD, Centaur and other non Intel vendors
17    - Older processor models, where the CPU family is < 6
19    - A range of Intel ATOM processors (Cedarview, Cloverview, Lincroft,
22    - The Intel XEON PHI family
24    - Intel processors which have the ARCH_CAP_RDCL_NO bit set in the
33 ------------
38    CVE-2018-3615  L1 Terminal Fault  SGX related aspects
39    CVE-2018-3620  L1 Terminal Fault  OS, SMM related aspects
40    CVE-2018-3646  L1 Terminal Fault  Virtualization related aspects
44 -------
66 ----------------
74    In some cases user-space can maliciously influence the information
120 -----------------------
138   - SMT status:
145   - L1D Flush mode:
159 -------------------------
166 ---------------------------
188     - conditional ('cond')
189     - unconditional ('always')
232    declared as non-interesting for an attacker without deep inspection of
244    https://www.kernel.org/doc/Documentation/admin-guide/cgroup-v1/cpusets.rst
248 3. Interrupt affinity
253    interrupts, e.g. the local timer interrupt. Aside of that multi queue
257    Moving the interrupts, which can be affinity controlled, away from CPUs
267    Interrupt affinity can be controlled by the administrator via the
271    https://www.kernel.org/doc/Documentation/IRQ-affinity.txt
294 		 core only one - the so called primary (hyper) thread is
306    - /sys/devices/system/cpu/smt/control
307    - /sys/devices/system/cpu/smt/active
322 			online a non-primary sibling is rejected
335      - on
336      - off
337      - forceoff
357   EPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter.
365 ---------------------------------------------
418 Mitigation control for KVM - module parameter
419 -------------------------------------------------------------
424 The option/parameter is "kvm-intel.vmentry_l1d_flush=". It takes the
445 line, then 'always' is enforced and the kvm-intel.vmentry_l1d_flush
451 --------------------------
491   EPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter.
499   - L1D flushing on VMENTER:
507   - Guest confinement:
515   - Interrupt isolation:
521     affinity to the CPUs which run the untrusted guests can depending on
531   - Disabling SMT:
538     parameters 'nosmt', 'l1tf', 'kvm-intel.vmentry_l1d_flush' and at run
543   - Disabling EPT:
550     EPT can be disabled in the hypervisor via the 'kvm-intel.ept'
562  - Flush the L1D cache on every switch from the nested hypervisor to the
566  - Flush the L1D cache on every switch from the nested virtual machine to
571  - Instruct the nested hypervisor to not perform any L1D cache flush. This
578 -------------------
582   - PTE inversion to protect against malicious user space. This is done
586   - L1D conditional flushing on VMENTER when EPT is enabled for
594   - Force disabling SMT can break existing setups, especially with
597   - If regular users run untrusted guests on their machine, then L1TF is
599     guest, e.g. spam-bots or attacks on the local network.
604   - It's technically extremely unlikely and from today's knowledge even
610   - The administrators of cloud and hosting setups have to carefully