l1tf.rst - OpenGrok cross reference for /Linux-v6.1/Documentation/admin-guide/hw-vuln/l1tf.rst

Lines Matching full:smt
95    multi threading (SMT). The Intel implementation of SMT is called
138   - SMT status:
141     'VMX: SMT vulnerable'  SMT is enabled
142     'VMX: SMT disabled'    SMT is disabled
205    **Note**, that L1D flush does not prevent the SMT problem because the
218    To address the SMT problem, it is possible to make a guest or a group of
223    If only a single guest or related guests run on sibling SMT threads on
227    Host memory is attackable, when one of the sibling SMT threads runs in
238    scenario. Disabling SMT might be a viable alternative for particular
275 4. SMT control
278    To prevent the SMT issues of L1TF it might be necessary to disable SMT
279    completely. Disabling SMT can have a significant performance impact, but
281    The impact of disabling SMT needs also to be weighted against the impact
284    The kernel provides a sysfs interface to retrieve the status of SMT and
286    control SMT.
301 		 undo the SMT disable via the sysfs interface.
306    - /sys/devices/system/cpu/smt/control
307    - /sys/devices/system/cpu/smt/active
309    /sys/devices/system/cpu/smt/control:
311      This file allows to read out the SMT control state and provides the
312      ability to disable or (re)enable SMT. The possible states are:
315 	on		SMT is supported by the CPU and enabled. All
319 	off		SMT is supported by the CPU and disabled. Only
320 			the so called primary SMT threads can be onlined
327 	notsupported	The processor does not support SMT. It's therefore
328 			not affected by the SMT implications of L1TF.
332      The possible states which can be written into this file to control SMT
339    /sys/devices/system/cpu/smt/active:
341      This file reports whether SMT is enabled and active, i.e. if on any
344    SMT control is also possible at boot time via the l1tf kernel command
352   with SMT enabled, because the effective page tables for guests are
360 address the performance impact of disabling SMT or EPT.
372 		vulnerability. Disables SMT and enables all mitigations in
375 		SMT control and L1D flush control via the sysfs interface
378 		insecure configuration, i.e. SMT enabled or L1D flush
381   full,force	Same as 'full', but disables SMT and L1D flush runtime
383 		(i.e. sysfs control of SMT is disabled.)
385   flush		Leaves SMT enabled and enables the default hypervisor
388 		SMT control and L1D flush control via the sysfs interface
391 		insecure configuration, i.e. SMT enabled or L1D flush
394   flush,nosmt	Disables SMT and enables the default hypervisor mitigation,
397 		SMT control and L1D flush control via the sysfs interface
400 		insecure configuration, i.e. SMT enabled or L1D flush
475 3.1. SMT not supported or disabled
478   If SMT is not supported by the processor or disabled in the BIOS or by
488   the system is fully protected. SMT can stay enabled and L1D flushing on
493 3.3. SMT and EPT supported and active
496   If SMT and EPT are supported and active then various degrees of
531   - Disabling SMT:
533     Disabling SMT and enforcing the L1D flushing provides the maximum
537     SMT control and L1D flushing can be tuned by the command line
546     not depending on any of the above mitigation methods. SMT can stay
589   The kernel does not by default enforce the disabling of SMT, which leaves
590   SMT systems vulnerable when running untrusted guests with EPT enabled.
594   - Force disabling SMT can break existing setups, especially with