multihit.rst - OpenGrok cross reference for /Documentation/admin-guide/hw-vuln/multihit.rst

Lines Matching +full:system +full:- +full:on +full:- +full:module
8 or cache type. A malicious guest running on a virtualized system can
13 -------------------
15 Variations of this erratum are present on most Intel Core and Xeon processor
16 models. The erratum is not present on:
18    - non-Intel processors
20    - Some Atoms (Airmont, Bonnell, Goldmont, GoldmontPlus, Saltwell, Silvermont)
22    - Intel processors that have the PSCHANGE_MC_NO bit set in the
27 ------------
32    CVE-2018-12207  Machine Check Error Avoidance on Page Size Change
37 -------
55 the linear address, a code fetch that happens on the same linear address may
56 cause a machine-check error which can result in a system hang or shutdown.
60 ----------------
63 guests in a virtualized system.
66 iTLB multihit system information
67 --------------------------------
70 multihit status of the system:whether the system is vulnerable and which
73 /sys/devices/system/cpu/vulnerabilities/itlb_multihit
77 .. list-table::
79      * - Not affected
80        - The processor is not vulnerable.
81      * - KVM: Mitigation: Split huge pages
82        - Software changes mitigate this issue.
83      * - KVM: Vulnerable
84        - The processor is vulnerable, but no mitigation enabled
88 --------------------------------
91 and will be set on CPU's which are mitigated against this issue.
101 -------------------------
104 non-executable pages.  This forces all iTLB entries to be 4K, and removes
108 as non-executable. If the guest attempts to execute in one of those pages,
111 If EPT is disabled or not available on the host, KVM is in control of TLB
115 (non-nested) page tables.  For simplicity, KVM will make large pages
116 non-executable in all shadow paging modes.
118 Mitigation control on the kernel command line and KVM - module parameter
119 ------------------------------------------------------------------------
122 non-executable can be controlled with a module parameter "nx_huge_pages=".
130               non-executable huge pages in Linux kernel KVM module. All huge
131               pages in the EPT are marked as non-executable.
144 --------------------------
149    The system is protected by the kernel unconditionally and no further
163    module parameter.