Home
last modified time | relevance | path

Searched refs:mitigation (Results 1 – 25 of 69) sorted by relevance

123

/linux-6.15/Documentation/admin-guide/hw-vuln/
H A Dgather_data_sampling.rst29 Without mitigation, GDS can infer stale data across virtually all
41 The hardware enforces the mitigation for SGX. Likewise, VMMs should ensure
43 allowed this, a guest could theoretically disable GDS mitigation, mount an
53 and mitigation support.
55 IA32_MCU_OPT_CTRL[GDS_MITG_DIS] R/W Disables the mitigation
73 The mitigation can be disabled by setting "gather_data_sampling=off" or
77 where the microcode hasn't been updated to include the mitigation.
92 mitigation.
95 mitigation. AVX disabled as mitigation.
106 GDS Default mitigation
[all …]
H A Dindirect-target-selection.rst49 update for mitigation.
59 the mitigation is to not allow indirect branches in the lower half.
90 safe thunks. Unless user requested the RSB-stuffing mitigation.
121 off Disable ITS mitigation.
124 part of ITS. Otherwise, mitigation is not deployed. This option is
129 Otherwise, deploy the default mitigation. When retpoline mitigation
133 force Force the ITS bug and deploy the default mitigation.
139 The sysfs file showing ITS mitigation status is:
143 Note, microcode mitigation status is not reported in this file.
152 - System is vulnerable and no mitigation has been applied.
[all …]
H A Dspecial-register-buffer-data-sampling.rst87 the mitigation for RDRAND and RDSEED instructions executed outside of Intel
89 disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not
97 Along with the mitigation for this issue, Intel added a new thread-scope
103 disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX
104 enclave on that logical processor. Opting out of the mitigation for a
113 The kernel command line allows control over the SRBDS mitigation at boot time
131 Vulnerable Processor vulnerable and mitigation disabled
133 mitigation
134 Mitigation: Microcode Processor is vulnerable and mitigation is in
145 SRBDS Default mitigation
[all …]
H A Dmds.rst26 Not all processors are affected by all variants of MDS, but the mitigation
103 - The processor is vulnerable, but no mitigation enabled
106 mitigation is enabled on a best effort basis.
110 selects a best effort mitigation mode. This mode invokes the mitigation
139 enables the mitigation by default. The mitigation can be controlled at boot
160 Virtualization mitigation
172 If the L1D flush mitigation is disabled then the MDS mitigation is
173 invoked explicit when the host MDS mitigation is enabled.
181 mitigation is enabled.
254 CPUs. This is the complete mitigation.
[all …]
H A Dsrso.rst6 This is a mitigation for the speculative return stack overflow (SRSO)
39 The sysfs file showing SRSO mitigation status is:
60 The "Safe RET" mitigation (see below) has been applied to protect the
71 the Spectre v2 mitigation is selected:
87 Combined microcode/software mitigation. It complements the
135 Considering the performance implications of each mitigation type, the
148 disable the mitigation with spec_rstack_overflow=off.
152 microcode patch for one's system. This mitigation comes also at
158 The mitigation works by ensuring all RET instructions speculate to
175 Checking the safe RET mitigation actually works
[all …]
H A Dprocessor_mmio_stale_data.rst10 provided to untrusted guests may need mitigation. These vulnerabilities are
110 section, mitigation largely remains the same for all the variants, i.e. to
166 additional mitigation is needed on such CPUs.
177 Same mitigation as MDS when affected by MDS/TAA, otherwise no mitigation
204 complete mitigation.
205 off Disables mitigation completely.
209 command line, then the kernel selects the appropriate mitigation.
226 - The processor is vulnerable, but no mitigation enabled
229 mitigation is enabled on a best effort basis.
232 based mitigation mechanism is not advertised via CPUID, the kernel
[all …]
H A Dreg-file-data-sampling.rst36 mitigation strategy to force the CPU to clear the affected buffers before an
52 vulnerability and mitigation capability:
60 The kernel command line allows to control RFDS mitigation at boot time with the
64 on If the CPU is vulnerable, enable mitigation; CPU buffer clearing
66 off Disables mitigation.
86 - The processor is vulnerable, but no mitigation enabled
90 - The processor is vulnerable and the CPU buffer clearing mitigation is
H A Dtsx_async_abort.rst102 mitigation is enabled on a best effort basis.
105 based mitigation mechanism is not advertised via CPUID, the kernel
106 selects a best effort mitigation mode. This mode invokes the mitigation
126 enables the mitigation by default.
132 Virtualization mitigation
152 off This option disables the TAA mitigation on affected platforms.
158 systems which are MDS-affected and deploy MDS mitigation,
171 effect as the same mitigation is used for both vulnerabilities.
247 untrusted code which is supplied externally, then the mitigation can be
260 explicitly enable the mitigation.
[all …]
H A Dl1tf.rst78 The Linux kernel contains a mitigation for this attack vector, PTE
92 PTE inversion mitigation for L1TF, to attack physical host memory.
158 Host mitigation mechanism
165 Guest mitigation mechanisms
386 mitigation, i.e. conditional L1D flushing
421 The KVM hypervisor mitigation mechanism, flushing the L1D cache when
435 never Disables the mitigation
502 is only potent in combination with other mitigation methods.
535 above mitigation methods.
546 not depending on any of the above mitigation methods. SMT can stay
[all …]
H A Dspectre.rst333 The sysfs file showing Spectre variant 1 mitigation status is:
357 retpoline mitigation or if the CPU has hardware mitigation, and if the
358 CPU has support for additional process-specific mitigation.
371 The sysfs file showing Spectre variant 2 mitigation status is:
449 Full mitigation might require a microcode update from the CPU
453 Turning on mitigation for Spectre variant 1 and Spectre variant 2
456 1. Kernel mitigation
516 The retpoline mitigation is turned on by default on vulnerable
529 2. User program mitigation
535 For Spectre variant 2 mitigation, individual user programs
[all …]
H A Dmultihit.rst88 - The processor is vulnerable, but no mitigation enabled
125 The KVM hypervisor mitigation mechanism for marking huge pages as
133 force Mitigation is enabled. In this case, the mitigation implements
141 auto Enable mitigation only if the platform is affected and the kernel
166 to apply iTLB multihit mitigation via the kernel command line or kvm
H A Dl1d_flush.rst39 mechanism is used, software fallback for the mitigation, is not supported.
63 cores or by disabling SMT. See the relevant chapter in the L1TF mitigation
/linux-6.15/tools/testing/selftests/x86/bugs/
H A Dcommon.py52 def sysfs_has(bug, mitigation): argument
54 if mitigation in status:
60 for mitigation in mitigations:
61 if sysfs_has(bug, mitigation):
70 for mitigation in mitigations:
71 if not sysfs_has(bug, mitigation):
91 def basic_checks_sufficient(bug, mitigation): argument
92 if not mitigation:
95 elif mitigation == "Not affected":
98 elif mitigation == "Vulnerable":
[all …]
H A Dits_sysfs.py16 mitigation = get_sysfs(bug) variable
24 if mitigation == ITS_MITIGATION_ALIGNED_THUNKS:
34 if mitigation == ITS_MITIGATION_RETPOLINE_STUFF:
43 if mitigation == ITS_MITIGATION_VMEXIT_ONLY:
49 if mitigation == ITS_MITIGATION_VULNERABLE:
55 bug_status_unknown(bug, mitigation)
62 if not basic_checks_sufficient(bug, mitigation):
H A Dits_permutations.py17 mitigation = c.get_sysfs(bug) variable
19 if not mitigation or "Not affected" in mitigation:
H A Dits_ret_alignment.py31 mitigation = c.get_sysfs(bug) variable
32 if not mitigation or "Aligned branch/return thunks" not in mitigation:
H A Dits_indirect_alignment.py32 mitigation = c.get_sysfs(bug) variable
33 if not mitigation or "Aligned branch/return thunks" not in mitigation:
/linux-6.15/tools/testing/selftests/powerpc/security/
H A Dmitigation-patching.sh9 local mitigation="$1"
14 orig=$(cat "$mitigation")
21 echo 0 > "$mitigation"
22 echo 1 > "$mitigation"
27 echo "$orig" > "$mitigation"
H A DMakefile4 TEST_PROGS := mitigation-patching.sh
/linux-6.15/Documentation/arch/x86/
H A Dtsx_async_abort.rst3 TSX Async Abort (TAA) mitigation
33 Kernel internal mitigation modes
54 not provided then the kernel selects an appropriate mitigation depending on the
58 TAA mitigation, VERW behavior and TSX feature for various combinations of
66 …A_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
81 …A_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
96 …A_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
H A Dmds.rst1 Microarchitectural Data Sampling (MDS) mitigation
73 All variants have the same mitigation strategy at least for the single CPU
82 command. The latter is issued when L1TF mitigation is enabled so the extra
101 The mitigation is invoked on kernel/userspace, hypervisor/guest and C-state
115 Kernel internal mitigation modes
133 line then the kernel selects the appropriate mitigation mode depending on
143 on affected CPUs when the mitigation is not disabled on the kernel
144 command line. The mitigation is enabled through the feature flag
147 The mitigation is invoked just before transitioning to userspace after
189 switched depending on the chosen mitigation mode and the SMT state of
[all …]
/linux-6.15/Documentation/userspace-api/
H A Dspec_ctrl.rst9 The kernel provides mitigation for such vulnerabilities in various
36 1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is
38 2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is
48 If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is
/linux-6.15/Documentation/driver-api/thermal/
H A Dcpu-idle-cooling.rst90 the duty cycle percentage. When no mitigation is happening the cooling
93 When the mitigation begins, depending on the governor's policy, a
133 mitigation begins. It is platform dependent and will depend on the
138 for thermal mitigation, otherwise we end up consuming more energy.
194 potentially invert the mitigation effect
/linux-6.15/drivers/thermal/mediatek/
H A DKconfig8 mechaisms for thermal mitigation.
/linux-6.15/drivers/platform/x86/amd/
H A DKconfig26 WBRF(Wifi Band RFI mitigation) mechanism allows Wifi drivers

123