Home
last modified time | relevance | path

Searched full:mitigation (Results 1 – 25 of 152) sorted by relevance

1234567

/linux/Documentation/admin-guide/hw-vuln/
H A Dgather_data_sampling.rst29 Without mitigation, GDS can infer stale data across virtually all
38 Because of this, it is important to ensure that the mitigation stays enabled in
41 The hardware enforces the mitigation for SGX. Likewise, VMMs should ensure
42 that guests are not allowed to disable the GDS mitigation. If a host erred and
43 allowed this, a guest could theoretically disable GDS mitigation, mount an
46 Mitigation mechanism
53 and mitigation support.
55 IA32_MCU_OPT_CTRL[GDS_MITG_DIS] R/W Disables the mitigation
71 Mitigation control on the kernel command line
73 The mitigation can be disabled by setting "gather_data_sampling=off" or
[all …]
H A Dindirect-target-selection.rst49 update for mitigation.
55 Mitigation chapter
59 the mitigation is to not allow indirect branches in the lower half.
89 reason, when retpoline is enabled, ITS mitigation only relocates the RETs to
90 safe thunks. Unless user requested the RSB-stuffing mitigation.
94 RSB-stuffing via Call Depth Tracking is a mitigation for Retbleed RSB-underflow
97 Mitigation in guests
99 All guests deploy ITS mitigation by default, irrespective of eIBRS enumeration
104 To prevent guests from unnecessarily deploying the mitigation on unaffected
110 Mitigation options
[all …]
H A Dvmscape.rst23 Note that, BHI affected parts that use BHB clearing software mitigation e.g.
32 Mitigation chapter
42 Note that the existing userspace mitigation against Spectre-v2 is effective in
48 Vulnerability enumeration and mitigation is not applied inside a guest. This is
69 The sysfs file showing VMSCAPE mitigation status is:
81 The processor is vulnerable and no mitigation has been applied.
83 * 'Mitigation: IBPB before exit to userspace':
85 Conditional IBPB mitigation is enabled. The kernel tracks when a CPU has
89 * 'Mitigation: IBPB on VMEXIT':
94 Mitigation control on the kernel command line
[all …]
H A Dspecial-register-buffer-data-sampling.rst62 Mitigation mechanism
87 the mitigation for RDRAND and RDSEED instructions executed outside of Intel
89 disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not
97 Along with the mitigation for this issue, Intel added a new thread-scope
103 disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
104 enclave on that logical processor. Opting out of the mitigation for a
108 Note that inside of an Intel SGX enclave, the mitigation is applied regardless
111 Mitigation control on the kernel command line
113 The kernel command line allows control over the SRBDS mitigation at boot time
117 off This option disables SRBDS mitigation for RDRAND and RDSEED on
[all …]
H A Dprocessor_mmio_stale_data.rst10 provided to untrusted guests may need mitigation. These vulnerabilities are
13 by an unmitigated transient execution attack. Mitigation for these
110 section, mitigation largely remains the same for all the variants, i.e. to
117 specific variants of Processor MMIO Stale Data vulnerabilities and mitigation
150 Mitigation chapter
153 same mitigation strategy to force the CPU to clear the affected buffers before
164 additional mitigation is needed on such CPUs.
166 For CPUs not affected by MDS or TAA, mitigation is needed only for the attacker
171 Mitigation points
175 Same mitigation as MDS when affected by MDS/TAA, otherwise no mitigation
[all …]
H A Dtsx_async_abort.rst99 …- The CPU is affected by this vulnerability and the microcode and kernel mitigation are not applie…
102 mitigation is enabled on a best effort basis.
105 based mitigation mechanism is not advertised via CPUID, the kernel
106 selects a best effort mitigation mode. This mode invokes the mitigation
114 * - 'Mitigation: Clear CPU buffers'
116 * - 'Mitigation: TSX disabled'
121 Mitigation mechanism
126 enables the mitigation by default.
129 The mitigation can be controlled at boot time via a kernel command line option.
132 Virtualization mitigation
[all …]
H A Dmultihit.rst81 * - KVM: Mitigation: Split huge pages
83 * - KVM: Mitigation: VMX unsupported
85 * - KVM: Mitigation: VMX disabled
88 - The processor is vulnerable, but no mitigation enabled
104 Mitigation mechanism
122 Mitigation control on the kernel command line and KVM - module parameter
125 The KVM hypervisor mitigation mechanism for marking huge pages as
133 force Mitigation is enabled. In this case, the mitigation implements
139 off Mitigation is disabled.
141 auto Enable mitigation only if the platform is affected and the kernel
[all …]
H A Dl1tf.rst78 The Linux kernel contains a mitigation for this attack vector, PTE
92 PTE inversion mitigation for L1TF, to attack physical host memory.
132 'Mitigation: PTE Inversion' The host protection is active
136 information is appended to the 'Mitigation: PTE Inversion' part:
158 Host mitigation mechanism
165 Guest mitigation mechanisms
282 of other mitigation solutions like confining guests to dedicated cores.
351 Disabling EPT for virtual machines provides full mitigation for L1TF even
354 significant performance impact especially when the Meltdown mitigation
359 There is ongoing research and development for new mitigation mechanisms to
[all …]
H A Dcross-thread-rsb.rst65 Mitigation mechanism
77 Mitigation control on the kernel command line
82 Mitigation control for KVM - module parameter
88 mitigation that covers this path is not enabled by default.
90 The mitigation for the KVM_CAP_X86_DISABLE_EXITS capability can be turned on
H A Dl1d_flush.rst31 Mitigation chapter
39 mechanism is used, software fallback for the mitigation, is not supported.
41 Mitigation control on the kernel command line
63 cores or by disabling SMT. See the relevant chapter in the L1TF mitigation
H A Drsb.rst64 * On context switch, the user->user mitigation requires ensuring the
95 AMD recommends software use a RAP stuffing sequence (mitigation
110 mitigation if needed):
133 In this case the PBRSB mitigation is needed in addition to eIBRS.
214 * "Where software is using retpoline as a mitigation for BHI or
226Mitigation on Skylake-generation" in `Retpoline: A Branch Target Injection Mitigation <https://www…
228 .. [#amd-rsb-filling] "Mitigation V2-3" in `Software Techniques for Managing Speculation <https://w…
/linux/tools/testing/selftests/x86/bugs/
H A Dits_sysfs.py6 # Test for Indirect Target Selection(ITS) mitigation sysfs status.
16 mitigation = get_sysfs(bug) variable
18 ITS_MITIGATION_ALIGNED_THUNKS = "Mitigation: Aligned branch/return thunks"
19 ITS_MITIGATION_RETPOLINE_STUFF = "Mitigation: Retpolines, Stuffing RSB"
20 ITS_MITIGATION_VMEXIT_ONLY = "Mitigation: Vulnerable, KVM: Not affected"
24 if mitigation == ITS_MITIGATION_ALIGNED_THUNKS:
34 if mitigation == ITS_MITIGATION_RETPOLINE_STUFF:
43 if mitigation == ITS_MITIGATION_VMEXIT_ONLY:
49 if mitigation == ITS_MITIGATION_VULNERABLE:
53 bug_check_fail(bug, "Mitigation", ITS_MITIGATION_VULNERABLE)
[all …]
H A Dcommon.py7 # mitigation for x86 bugs.
52 def sysfs_has(bug, mitigation): argument
54 if mitigation in status:
60 for mitigation in mitigations:
61 if sysfs_has(bug, mitigation):
70 for mitigation in mitigations:
71 if not sysfs_has(bug, mitigation):
91 def basic_checks_sufficient(bug, mitigation): argument
92 if not mitigation:
95 elif mitigation == "Not affected":
[all …]
H A Dits_ret_alignment.py6 # Test for indirect target selection (ITS) mitigation.
31 mitigation = c.get_sysfs(bug) variable
32 if not mitigation or "Aligned branch/return thunks" not in mitigation:
H A Dits_indirect_alignment.py6 # Test for indirect target selection (ITS) mitigation.
32 mitigation = c.get_sysfs(bug) variable
33 if not mitigation or "Aligned branch/return thunks" not in mitigation:
H A Dits_permutations.py17 mitigation = c.get_sysfs(bug) variable
19 if not mitigation or "Not affected" in mitigation:
/linux/arch/x86/kernel/cpu/
H A Dbugs.c41 * <vuln>_select_mitigation() -- Selects a mitigation to use. This should
45 * selected a mitigation, in case the selection
48 * <vuln>_apply_mitigation() -- Enable the selected mitigation.
50 * The compile-time mitigation in all cases should be AUTO. An explicit
53 * mitigation option.
198 * mitigation is required.
348 * If the host has SSBD mitigation enabled, force it in the host's in x86_virt_spec_ctrl()
414 * across address spaces. Therefore, mitigation is required for in should_mitigate_vuln()
446 /* Default mitigation for MDS-affected CPUs */
453 [MDS_MITIGATION_FULL] = "Mitigation: Clear CPU buffers",
[all …]
/linux/Documentation/arch/x86/
H A Dmds.rst1 Microarchitectural Data Sampling (MDS) mitigation
70 Mitigation strategy
73 All variants have the same mitigation strategy at least for the single CPU
82 command. The latter is issued when L1TF mitigation is enabled so the extra
101 The mitigation is invoked on kernel/userspace, hypervisor/guest and C-state
115 Kernel internal mitigation modes
119 off Mitigation is disabled. Either the CPU is not affected or
122 full Mitigation is enabled. CPU is affected and MD_CLEAR is
125 vmwerv Mitigation is enabled. CPU is affected and MD_CLEAR is not
133 line then the kernel selects the appropriate mitigation mode depending on
[all …]
H A Dtsx_async_abort.rst3 TSX Async Abort (TAA) mitigation
21 Mitigation strategy
33 Kernel internal mitigation modes
37 off Mitigation is disabled. Either the CPU is not affected or
40 tsx disabled Mitigation is enabled. TSX feature is disabled by default at
43 verw Mitigation is enabled. CPU is affected and MD_CLEAR is
46 ucode needed Mitigation is enabled. CPU is affected and MD_CLEAR is not
54 not provided then the kernel selects an appropriate mitigation depending on the
58 TAA mitigation, VERW behavior and TSX feature for various combinations of
66 …A_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
[all …]
/linux/arch/arm64/kernel/
H A Dproton-pack.c3 * Handle detection, reporting and mitigation of Spectre v1, v2, v3a and v4, as
36 * We try to ensure that the mitigation state can never change as the result of
64 return sprintf(buf, "Mitigation: __user pointer sanitization\n"); in cpu_show_spectre_v1()
97 pr_info_once("spectre-v2 mitigation disabled by command line option\n"); in spectre_v2_mitigations_off()
146 return sprintf(buf, "Mitigation: %s%s\n", v2_str, bhb_str); in cpu_show_spectre_v2()
298 * still rely on firmware for the mitigation at EL2. in spectre_v2_enable_fw_mitigation()
357 * A major source of headaches is that the software mitigation is enabled both
364 * all of the currently onlined CPUs are safelisted, as the mitigation tends to
367 * The only good part is that if the firmware mitigation is present, then it is
369 * vulnerable CPU if one of the boot CPUs is using the firmware mitigation.
[all …]
/linux/drivers/net/wireless/broadcom/b43/
H A Dsysfs.c56 count = sysfs_emit(buf, "0 (No Interference Mitigation)\n"); in b43_attr_interfmode_show()
60 "1 (Non-WLAN Interference Mitigation)\n"); in b43_attr_interfmode_show()
63 count = sysfs_emit(buf, "2 (WLAN Interference Mitigation)\n"); in b43_attr_interfmode_show()
108 b43err(wldev->wl, "Interference Mitigation not " in b43_attr_interfmode_store()
/linux/Documentation/driver-api/thermal/
H A Dcpu-idle-cooling.rst70 performance penalty and a fixed latency. Mitigation can be increased
90 the duty cycle percentage. When no mitigation is happening the cooling
93 When the mitigation begins, depending on the governor's policy, a
133 mitigation begins. It is platform dependent and will depend on the
138 for thermal mitigation, otherwise we end up consuming more energy.
194 potentially invert the mitigation effect
/linux/tools/testing/selftests/powerpc/security/
H A Dspectre_v2.c140 printf("Error: couldn't determine spectre_v2 mitigation state?\n"); in spectre_v2_test()
201 printf("Possible mismatch between reported & actual mitigation\n"); in spectre_v2_test()
210 printf("Possible mismatch between reported & actual mitigation\n"); in spectre_v2_test()
217 printf("Possible mismatch between reported & actual mitigation\n"); in spectre_v2_test()
227 printf("OK - Measured branch prediction rates match reported spectre v2 mitigation.\n"); in spectre_v2_test()
/linux/Documentation/userspace-api/
H A Dspec_ctrl.rst9 The kernel provides mitigation for such vulnerabilities in various
34 0 PR_SPEC_PRCTL Mitigation can be controlled per task by
36 1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is
38 2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is
48 If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is
/linux/drivers/net/wireless/broadcom/b43legacy/
H A Dsysfs.c78 count = sysfs_emit(buf, "0 (No Interference Mitigation)\n"); in b43legacy_attr_interfmode_show()
82 "1 (Non-WLAN Interference Mitigation)\n"); in b43legacy_attr_interfmode_show()
85 count = sysfs_emit(buf, "2 (WLAN Interference Mitigation)\n"); in b43legacy_attr_interfmode_show()
131 b43legacyerr(wldev->wl, "Interference Mitigation not " in b43legacy_attr_interfmode_store()

1234567