| pti.rst (cf79f291f985662150363b4a93d16f88f12643bc) | pti.rst (ea4654e0885348f0faa47f6d7b44a08d75ad16e9) |
|---|---|
| 1.. SPDX-License-Identifier: GPL-2.0 2 3========================== 4Page Table Isolation (PTI) 5========================== 6 7Overview 8======== --- 12 unchanged lines hidden (view full) --- 21data: only what is needed to enter/exit the kernel such as the 22entry/exit functions themselves and the interrupt descriptor table 23(IDT). There are a few strictly unnecessary things that get mapped 24such as the first C function when entering an interrupt (see 25comments in pti.c). 26 27This approach helps to ensure that side-channel attacks leveraging 28the paging structures do not function when PTI is enabled. It can be | 1.. SPDX-License-Identifier: GPL-2.0 2 3========================== 4Page Table Isolation (PTI) 5========================== 6 7Overview 8======== --- 12 unchanged lines hidden (view full) --- 21data: only what is needed to enter/exit the kernel such as the 22entry/exit functions themselves and the interrupt descriptor table 23(IDT). There are a few strictly unnecessary things that get mapped 24such as the first C function when entering an interrupt (see 25comments in pti.c). 26 27This approach helps to ensure that side-channel attacks leveraging 28the paging structures do not function when PTI is enabled. It can be |
| 29enabled by setting CONFIG_PAGE_TABLE_ISOLATION=y at compile time. 30Once enabled at compile-time, it can be disabled at boot with the 31'nopti' or 'pti=' kernel parameters (see kernel-parameters.txt). | 29enabled by setting CONFIG_MITIGATION_PAGE_TABLE_ISOLATION=y at compile 30time. Once enabled at compile-time, it can be disabled at boot with 31the 'nopti' or 'pti=' kernel parameters (see kernel-parameters.txt). |
| 32 33Page Table Management 34===================== 35 36When PTI is enabled, the kernel manages two sets of page tables. 37The first set is very similar to the single set which is present in 38kernels without PTI. This includes a complete mapping of userspace 39that the kernel can use for things like copy_to_user(). --- 154 unchanged lines hidden --- | 32 33Page Table Management 34===================== 35 36When PTI is enabled, the kernel manages two sets of page tables. 37The first set is very similar to the single set which is present in 38kernels without PTI. This includes a complete mapping of userspace 39that the kernel can use for things like copy_to_user(). --- 154 unchanged lines hidden --- |