| /linux/Documentation/admin-guide/hw-vuln/ |
| H A D | attack_vector_controls.rst | 39 If no untrusted userspace applications are being run, such as with single-user
45 be run by untrusted users.
59 If no untrusted userspace applications are being run, consider disabling
79 If no untrusted VMs are being run, consider disabling guest-to-host mitigations.
93 If no untrusted VMs, or only a single VM is being run, consider disabling
125 techniques are used to prevent untrusted workloads from running on SMT siblings.
|
| H A D | l1tf.rst | 258 which run untrusted guests, reduces the attack vector space.
260 Whether the interrupts with are affine to CPUs, which run untrusted
472 3. Virtualization with untrusted guests
521 affinity to the CPUs which run the untrusted guests can depending on
590 SMT systems vulnerable when running untrusted guests with EPT enabled.
597 - If regular users run untrusted guests on their machine, then L1TF is
598 just an add on to other malware which might be embedded in an untrusted
601 There is no technical way to prevent a user from running untrusted code
|
| H A D | core-scheduling.rst | 167 core. But there could be small window of time during which untrusted tasks run
204 Another approach to resolve these would be to make every untrusted task on the
205 system to not trust every other untrusted task. While this could reduce
206 parallelism of the untrusted tasks, it would still solve the above issues while
|
| H A D | multihit.rst | 163 3. Virtualization with untrusted guests
165 If the guest comes from an untrusted source, the guest host kernel will need
|
| H A D | tsx_async_abort.rst | 247 untrusted code which is supplied externally, then the mitigation can be
254 If there are untrusted applications or guests on the system, enabling TSX
|
| H A D | spectre.rst | 318 If SMT is used, Spectre variant 2 attacks from an untrusted guest
584 in use, an untrusted guest running in the sibling thread can have
616 execute externally supplied untrusted code, then the mitigations can
627 3. Sandbox untrusted programs
633 This prevents untrusted programs from polluting the branch target
|
| H A D | processor_mmio_stale_data.rst | 10 provided to untrusted guests may need mitigation. These vulnerabilities are
145 is more critical, or the untrusted software has no MMIO access). Note that
|
| H A D | rsb.rst | 55 untrusted and trusted domains. But this has a performance impact and
|
| /linux/Documentation/admin-guide/namespaces/ |
| H A D | resource-control.rst | 14 groups to limit the maximum memory usable by any untrusted user.
|
| /linux/Documentation/ABI/testing/ |
| H A D | securityfs-secrets-coco | 12 and therefore are not readable by the untrusted host.
|
| H A D | sysfs-class-bdi | 123 affordable for given relatively slow (or untrusted) device. Turning
|
| /linux/Documentation/security/ |
| H A D | snp-tdx-threat-model.rst | 111 coming from there is generally considered untrusted, unless userspace is
190 guest Linux kernel towards an untrusted host that is not covered by the
201 data should also be considered untrusted until its integrity and
|
| /linux/Documentation/userspace-api/ |
| H A D | check_exec.rst | 79 careful to not let untrusted users control this configuration.
139 The threat is malicious scripts run by untrusted users (but trusted code).
|
| H A D | landlock.rst | 804 issues, especially when untrusted processes can manipulate them (cf.
|
| /linux/Documentation/arch/x86/ |
| H A D | mds.rst | 65 There is one exception, which is untrusted BPF. The functionality of
66 untrusted BPF is limited, but it needs to be thoroughly investigated
|
| H A D | exception-tables.rst | 10 mode memory whose address has been passed by an untrusted program.
|
| /linux/drivers/iommu/ |
| H A D | iommu.c | 1862 struct device *untrusted = NULL; in iommu_get_default_domain_type() local
1884 if (dev_is_pci(gdev->dev) && to_pci_dev(gdev->dev)->untrusted) { in iommu_get_default_domain_type()
1891 untrusted = gdev->dev; in iommu_get_default_domain_type()
1907 if (untrusted) { in iommu_get_default_domain_type()
1910 untrusted, in iommu_get_default_domain_type()
|
| H A D | dma-iommu.c | 593 return dev_is_pci(dev) && to_pci_dev(dev)->untrusted; in dev_is_untrusted()
|
| /linux/Documentation/admin-guide/aoe/ |
| H A D | aoe.rst | 53 untrusted networks should be ignored as a matter of security. See
|
| /linux/Documentation/networking/ |
| H A D | ipvlan.rst | 132 (c) If the slave device is to be put into the hostile / untrusted network
|
| /linux/Documentation/filesystems/ |
| H A D | overlayfs.rst | 399 Do not use metacopy=on with untrusted upper/lower directories. Otherwise
404 for untrusted layers like from a pen drive.
505 an untrusted lower layer can be used to supply validated file content
506 for all metacopy files. If additionally the untrusted lower
|
| /linux/Documentation/virt/hyperv/ |
| H A D | coco.rst | 238 the untrusted host partition and the untrusted hypervisor. Instead, the guest
|
| /linux/Documentation/bpf/standardization/ |
| H A D | instruction-set.rst | 10 that can run untrusted programs in a privileged context such as an
|
| /linux/Documentation/admin-guide/LSM/ |
| H A D | ipe.rst | 120 To illustrate, consider a scenario where an untrusted binary, possibly
|
| /linux/Documentation/admin-guide/ |
| H A D | cgroup-v2.rst | 3436 child's own (possibly untrusted) configuration. However, untrusted
3439 swappability when overcommitting untrusted jobs.
|