attack_vector_controls.rst - OpenGrok cross reference for /linux/Documentation/admin-guide/hw-vuln/attack_vector

Lines Matching +full:line +full:- +full:based
1 .. SPDX-License-Identifier: GPL-2.0
13 their command line parameters as mitigations will continue to be correctly
14 applied based on the chosen attack vector controls.
17 --------------
19 There are 5 sets of attack-vector mitigations currently supported by the kernel:
31 User-to-Kernel
34 The user-to-kernel attack vector involves a malicious userspace program
39 If no untrusted userspace applications are being run, such as with single-user
40 systems, consider disabling user-to-kernel mitigations.
43 shown to be exploitable from browser-based sandboxes.  User-to-kernel
47 *user-to-kernel mitigations are enabled by default*
51 User-to-User
54 The user-to-user attack vector involves a malicious userspace program attempting
56 exfiltrate data.  The vulnerability of a userspace program is based on the
60 user-to-user mitigations.
64 userspace program requires mitigating user-to-kernel attacks as well for
67 *user-to-user mitigations are enabled by default*
71 Guest-to-Host
74 The guest-to-host attack vector involves a malicious VM attempting to leak
79 If no untrusted VMs are being run, consider disabling guest-to-host mitigations.
81 *guest-to-host mitigations are enabled by default if KVM support is present*
85 Guest-to-Guest
88 The guest-to-guest attack vector involves a malicious VM attempting to influence
90 vulnerability of a VM is based on the code inside the VM itself and the
94 guest-to-guest mitigations.
96 Similar to the user-to-user attack vector, preventing a malicious VM from
97 leaking data from another VM requires mitigating guest-to-host attacks as well
100 *guest-to-guest mitigations are enabled by default if KVM support is present*
104 Cross-Thread
107 The cross-thread attack vector involves a malicious userspace program or
111 Many cross-thread attacks can only be mitigated if SMT is disabled, which will
114 If cross-thread mitigations are fully enabled ('auto,nosmt'), all mitigations
115 for cross-thread attacks will be enabled.  SMT may be disabled depending on
118 If cross-thread mitigations are partially enabled ('auto'), mitigations for
119 cross-thread attacks will be enabled but SMT will not be disabled.
121 If cross-thread mitigations are disabled, no mitigations for cross-thread
124 Cross-thread mitigation may not be required if core-scheduling or similar
127 *cross-thread mitigations default to partially enabled*
131 Command Line Controls
132 ---------------------
134 Attack vectors are controlled through the mitigations= command line option.  The
148 'auto'       All attack vectors enabled, partial cross-thread mitigations.
149 'auto,nosmt' All attack vectors enabled, full cross-thread mitigations.
157 'no_user_kernel'  Disables user-to-kernel mitigations.
158 'no_user_user'    Disables user-to-user mitigations.
159 'no_guest_host'   Disables guest-to-host mitigations.
160 'no_guest_guest'  Disables guest-to-guest mitigations
161 'no_cross_thread' Disables all cross-thread mitigations.
164 Multiple attack vector options may be specified in a comma-separated list.  If
171 	Enable all attack vectors except user-to-kernel.  Partial cross-thread
176 	Enable all attack vectors and cross-thread mitigations except for
177 	guest-to-host and guest-to-guest mitigations.
181 	Enable all attack vectors but not cross-thread mitigations.
183 Interactions with command-line options
184 --------------------------------------
186 Vulnerability-specific controls (e.g. "retbleed=off") take precedence over all
188 turned on or off via their command-line options regardless of the attack vector
191 Summary of attack-vector mitigations
192 ------------------------------------
194 When a vulnerability is mitigated due to an attack-vector control, the default
196 mitigation, please use the vulnerability-specific command line option.
202 Vulnerability   User-to-Kernel User-to-User Guest-to-Host Guest-to-Guest Cross-Thread Notes
225    1 --  Can be mitigated without disabling SMT.
227    2 --  Disables SMT if cross-thread mitigations are fully enabled  and the CPU
230    3 --  Disables SMT if cross-thread mitigations are fully enabled, the CPU is
233 When an attack-vector is disabled, all mitigations for the vulnerabilities
235 different enabled attack-vector or a mitigation is explicitly selected via a
236 vulnerability-specific command line option.