| /linux/Documentation/admin-guide/hw-vuln/ |
| H A D | attack_vector_controls.rst | 6 Attack vector controls provide a simple method to configure only the mitigations
13 their command line parameters as mitigations will continue to be correctly
19 There are 5 sets of attack-vector mitigations currently supported by the kernel:
40 systems, consider disabling user-to-kernel mitigations.
44 mitigations are therefore mostly relevant if unknown userspace applications may
47 *user-to-kernel mitigations are enabled by default*
60 user-to-user mitigations.
67 *user-to-user mitigations are enabled by default*
79 If no untrusted VMs are being run, consider disabling guest-to-host mitigations.
81 *guest-to-host mitigations are enabled by default if KVM support is present*
[all …]
|
| H A D | index.rst | 6 possible mitigations along with guidance for selecting mitigations if they
|
| H A D | cross-thread-rsb.rst | 12 The Spectre v2 mitigations protect the Linux kernel, as it fills the return
75 Both mitigations are required to fully address this issue.
80 Use existing Spectre v2 mitigations that will fill the RSB on context switch.
|
| H A D | l1tf.rst | 108 mitigations are not enabled by default in the Linux kernel because they
111 deployment scenario. The mitigations, their protection scope and impact
114 The default mitigations and the rationale for choosing them are explained
124 mitigations are active. The relevant sysfs file is:
367 The kernel command line allows to control the L1TF mitigations at boot
371 full Provides all available mitigations for the L1TF
372 vulnerability. Disables SMT and enables all mitigations in
406 off Disables hypervisor mitigations and doesn't emit any
463 guaranteed to have the L1TF mitigations in place the system is fully
497 mitigations can be employed:
[all …]
|
| H A D | vmscape.rst | 44 from a malicious guest. This is because Spectre-v2 mitigations are applied at
91 IBPB is issued on every VM-exit. This occurs when other mitigations like
|
| H A D | multihit.rst | 71 mitigations are active. The relevant sysfs file is:
127 The kernel command line allows to control the iTLB multihit mitigations at
142 was not booted with the "mitigations=off" command line parameter.
|
| H A D | tsx_async_abort.rst | 16 (bit 5) is 0 in the IA32_ARCH_CAPABILITIES MSR, the existing MDS mitigations
148 The kernel command line allows to control the TAA mitigations at boot time with
191 Although there are mitigations for all known security
265 Default mitigations
|
| H A D | processor_mmio_stale_data.rst | 15 changes, depending on the platform and usage model. Some of these mitigations
194 mitigations at boot time with the option "mmio_stale_data=". The valid
213 which mitigations are active. The relevant sysfs file is:
242 * - 'Unknown: No mitigations'
|
| H A D | rsb.rst | 4 RSB-related mitigations
21 mitigations. It's meant to be as concise as possible, focused only on
22 the current kernel mitigations: what are the RSB-related attack vectors
98 speculation. Collectively, we refer to these mitigations as "RAP
|
| H A D | l1d_flush.rst | 44 The kernel command line allows to control the L1D flush mitigations at boot
|
| H A D | spectre.rst | 322 based mitigations (such as IBPB or STIBP on x86) within the guest.
331 vulnerable, and which mitigations are active.
581 The above mitigations are turned on by default on vulnerable CPUs.
595 In general the kernel selects reasonable default mitigations for the
598 Spectre default mitigations can be disabled or changed at the kernel
616 execute externally supplied untrusted code, then the mitigations can
641 All Spectre variant 2 mitigations can be forced on
|
| H A D | gather_data_sampling.rst | 74 "mitigations=off" on the kernel command line. Not specifying either will default
|
| H A D | special-register-buffer-data-sampling.rst | 105 particular logical processor does not affect the RDRAND and RDSEED mitigations
|
| /linux/drivers/gpu/drm/i915/ |
| H A D | i915_mitigations.c | 15 static unsigned long mitigations __read_mostly = ~0UL;
27 return READ_ONCE(mitigations) & BIT(CLEAR_RESIDUALS); in i915_mitigate_clear_residuals()
37 BUILD_BUG_ON(ARRAY_SIZE(names) >= BITS_PER_TYPE(mitigations)); in mitigations_set()
94 WRITE_ONCE(mitigations, new); in mitigations_set()
100 unsigned long local = READ_ONCE(mitigations); in mitigations_get()
132 module_param_cb_unsafe(mitigations, &ops, NULL, 0600);
133 MODULE_PARM_DESC(mitigations,
|
| /linux/tools/testing/selftests/x86/bugs/ |
| H A D | common.py | 58 def sysfs_has_either(bugs, mitigations): argument
60 for mitigation in mitigations:
65 def sysfs_has_none(bugs, mitigations): argument
66 return not sysfs_has_either(bugs, mitigations)
68 def sysfs_has_all(bugs, mitigations): argument
70 for mitigation in mitigations:
|
| /linux/Documentation/tee/ |
| H A D | op-tee.rst | 109 well as mitigations at the firmware and platform level.
111 There are additional attack vectors/mitigations for the kernel that should be
129 recovery mode, it should be ensured that the same mitigations are applied
|
| /linux/drivers/platform/x86/amd/ |
| H A D | Kconfig | 24 bool "AMD Wifi RF Band mitigations (WBRF)"
|
| /linux/Documentation/process/ |
| H A D | embargoed-hardware-issues.rst | 17 issues, software mitigations can depend on microcode or firmware updates,
185 has been successfully used to develop mitigations for various hardware
258 ends. At that point, the prepared mitigations are published into the
260 mitigations are published in public and available to everyone at the same
266 mitigations. Extending embargo time artificially to meet conference talk
|
| H A D | threat-model.rst | 32 attempt to implement reasonable mitigations. These are best-effort measures
125 protections or mitigations. Example: write access to procfs or debugfs.
|
| H A D | security-bugs.rst | 65 * **mitigations**: very often during a bug analysis, some ways of mitigating
238 testing (e.g., verifying versions, configuration options, mitigations, or
|
| /linux/Documentation/PCI/ |
| H A D | boot-interrupts.rst | 76 Intel. Changes made through the mitigations below have been applied to
86 The mitigations take the form of PCI quirks. The preference has been to
|
| /linux/Documentation/gpu/ |
| H A D | drm-compute.rst | 22 Since this is undesirable, there need to be mitigations to prevent a workload
|
| /linux/Documentation/arch/x86/ |
| H A D | tsx_async_abort.rst | 24 a) TSX disable - one of the mitigations is to disable TSX. A new MSR
|
| H A D | mds.rst | 110 According to current knowledge additional mitigations inside the kernel
|
| /linux/Documentation/scsi/ |
| H A D | aacraid.rst | 155 - Performance tuning, card failover and bug mitigations.
|