Lines Matching +full:auto +full:- +full:detects

1 .. SPDX-License-Identifier: GPL-2.0
14 -------------------
22 - Intel Core, Atom, Pentium, and Xeon processors
24 - AMD Phenom, EPYC, and Zen processors
26 - IBM POWER and zSeries processors
28 - Higher end ARM processors
30 - Apple CPUs
32 - Higher end MIPS CPUs
34 - Likely most other high performance CPUs. Contact your CPU vendor for details.
40 ------------
45 CVE-2017-5753 Bounds check bypass Spectre variant 1
46 CVE-2017-5715 Branch target injection Spectre variant 2
47 CVE-2019-1125 Spectre v1 swapgs Spectre variant 1 (swapgs)
51 -------
67 ---------------------------------------
73 memory accesses to invalid memory (with out-of-bound index) that are
83 only about user-controlled array bounds checks. It can affect any
90 -------------------------------------------
112 The most useful gadgets take an attacker-controlled input parameter (such
126 On systems with simultaneous multi-threading (SMT), attacks are possible
135 ----------------
163 the GS register to a user-space value, if the swapgs is speculatively
164 skipped, subsequent GS-related percpu accesses in the speculation
165 window will be done with the attacker-controlled GS value. This
223 multi-threading (SMT) system.
263 kernel. The kernel is entered via hyper-calls or other virtualization
267 (e.g. in registers) via hyper-calls to derive invalid pointers to
315 --------------------------
327 .. list-table::
329 * - 'Not affected'
330 - The processor is not vulnerable.
331 * - 'Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers'
332 - The swapgs protections are disabled; otherwise it has
335 * - 'Mitigation: usercopy/swapgs barriers and __user pointer sanitization'
336 - Protection in the kernel on a case by case base with explicit
346 CPU has support for additional process-specific mitigation.
357 per process on a case-by-case base.
365 - Kernel status:
370 'Mitigation: Full generic retpoline' Software-focused mitigation
371 'Mitigation: Full AMD retpoline' AMD-specific software mitigation
372 'Mitigation: Enhanced IBRS' Hardware-focused mitigation
375 - Firmware status: Show if Indirect Branch Restricted Speculation (IBRS) is
382 - Indirect branch prediction barrier (IBPB) status for protection between
389 'IBPB: always-on' Use IBPB on all tasks
393 - Single threaded indirect branch prediction (STIBP) status for protection
404 - Return stack buffer (RSB) protection status:
415 -----------------------------------------------------------------
429 Copy-from-user code has an LFENCE barrier to prevent the access_ok()
430 check from being mis-speculated. The barrier is done by the
450 -mindirect-branch=thunk-extern -mindirect-branch-register options.
452 to support -mretpoline-external-thunk option. The kernel config
456 On Intel Skylake-era systems the mitigation covers most, but not all,
486 (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
493 on x86. All sand-boxed SECCOMP programs have indirect branch
521 To mitigate guest-to-guest attacks in the same CPU hardware thread,
527 To mitigate guest-to-guest attacks from sibling thread when SMT is
537 ---------------------------------------------
569 auto
570 kernel detects whether your CPU model is
573 Selecting 'on' will, and 'auto' may, choose a
592 AMD-specific minimal thunk
595 spectre_v2=auto.
636 auto
644 spectre_v2_user=auto.
653 --------------------------
665 For security-sensitive programs that have secrets (e.g. crypto
668 (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
675 (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
705 ---------------------
711 …annels <https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculati…
715 …s check bypass <https://software.intel.com/security-software-guidance/software-guidance/bounds-che…
719 …ion <https://software.intel.com/security-software-guidance/insights/deep-dive-retpoline-branch-tar…
723 …ctors <https://software.intel.com/security-software-guidance/insights/deep-dive-single-thread-indi…
729 [5] `AMD64 technology indirect branch control extension <https://developer.amd.com/wp-content/resou…
733 …processors <https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSp…
739 …he speculation side-channels <https://developer.arm.com/support/arm-security-updates/speculative-p…
743 …developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/latest-updates/…
749 [9] `Retpoline: a software construct for preventing branch-target-injection <https://support.google…
755 …el vulnerabilities <https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-chan…
769 …rn Stack Buffer <https://www.usenix.org/system/files/conference/woot18/woot18-paper-koruyeh.pdf>`_.