spectre.rst - OpenGrok cross reference for /Linux-v6.1/Documentation/admin-guide/hw-vuln/spectre.rst

Lines Matching +full:wp +full:- +full:content
1 .. SPDX-License-Identifier: GPL-2.0
14 -------------------
22     - Intel Core, Atom, Pentium, and Xeon processors
24     - AMD Phenom, EPYC, and Zen processors
26     - IBM POWER and zSeries processors
28     - Higher end ARM processors
30     - Apple CPUs
32     - Higher end MIPS CPUs
34     - Likely most other high performance CPUs. Contact your CPU vendor for details.
40 ------------
45    CVE-2017-5753   Bounds check bypass      Spectre variant 1
46    CVE-2017-5715   Branch target injection  Spectre variant 2
47    CVE-2019-1125   Spectre v1 swapgs        Spectre variant 1 (swapgs)
51 -------
67 ---------------------------------------
73 memory accesses to invalid memory (with out-of-bound index) that are
83 only about user-controlled array bounds checks.  It can affect any
90 -------------------------------------------
112 The most useful gadgets take an attacker-controlled input parameter (such
126 On systems with simultaneous multi-threading (SMT), attacks are possible
141 Currently the only known real-world BHB attack vector is via
148 ----------------
176    the GS register to a user-space value, if the swapgs is speculatively
177    skipped, subsequent GS-related percpu accesses in the speculation
178    window will be done with the attacker-controlled GS value.  This
236    multi-threading (SMT) system.
276    kernel.  The kernel is entered via hyper-calls or other virtualization
280    (e.g. in registers) via hyper-calls to derive invalid pointers to
328 --------------------------
340   .. list-table::
342      * - 'Not affected'
343        - The processor is not vulnerable.
344      * - 'Vulnerable: __user pointer sanitization and usercopy barriers only; no swapgs barriers'
345        - The swapgs protections are disabled; otherwise it has
348      * - 'Mitigation: usercopy/swapgs barriers and __user pointer sanitization'
349        - Protection in the kernel on a case by case base with explicit
359 CPU has support for additional process-specific mitigation.
370 per process on a case-by-case base.
378   - Kernel status:
385   'Mitigation: Enhanced IBRS'               Hardware-focused mitigation
386   'Mitigation: Enhanced IBRS + Retpolines'  Hardware-focused + Retpolines
387   'Mitigation: Enhanced IBRS + LFENCE'      Hardware-focused + LFENCE
390   - Firmware status: Show if Indirect Branch Restricted Speculation (IBRS) is
397   - Indirect branch prediction barrier (IBPB) status for protection between
404   'IBPB: always-on'     Use IBPB on all tasks
408   - Single threaded indirect branch prediction (STIBP) status for protection
419   - Return stack buffer (RSB) protection status:
425   - EIBRS Post-barrier Return Stack Buffer (PBRSB) protection status:
428   'PBRSB-eIBRS: SW sequence'   CPU is affected and protection of RSB on VMEXIT enabled
429   'PBRSB-eIBRS: Vulnerable'    CPU is vulnerable
430   'PBRSB-eIBRS: Not affected'  CPU is not affected by PBRSB
438 -----------------------------------------------------------------
452    Copy-from-user code has an LFENCE barrier to prevent the access_ok()
453    check from being mis-speculated.  The barrier is done by the
473    -mindirect-branch=thunk-extern -mindirect-branch-register options.
475    to support -mretpoline-external-thunk option.  The kernel config
479    On Intel Skylake-era systems the mitigation covers most, but not all,
509    (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
543    To mitigate guest-to-guest attacks in the same CPU hardware thread,
549    To mitigate guest-to-guest attacks from sibling thread when SMT is
559 ---------------------------------------------
627 For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt
630 --------------------------
642    For security-sensitive programs that have secrets (e.g. crypto
645    (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
652    (See :ref:`Documentation/userspace-api/spec_ctrl.rst <set_spec_ctrl>`).
681 ---------------------
687 …hannels <https://newsroom.intel.com/wp-content/uploads/sites/11/2018/01/Intel-Analysis-of-Speculat…
691 …s check bypass <https://software.intel.com/security-software-guidance/software-guidance/bounds-che…
695 …ion <https://software.intel.com/security-software-guidance/insights/deep-dive-retpoline-branch-tar…
699 …ctors <https://software.intel.com/security-software-guidance/insights/deep-dive-single-thread-indi…
705 [5] `AMD64 technology indirect branch control extension <https://developer.amd.com/wp-content/resou…
709 …lation on AMD processors <https://developer.amd.com/wp-content/resources/Managing-Speculation-on-A…
715 …he speculation side-channels <https://developer.arm.com/support/arm-security-updates/speculative-p…
719 …developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/latest-updates/…
725 [9] `Retpoline: a software construct for preventing branch-target-injection <https://support.google…
731 …el vulnerabilities <https://www.mips.com/blog/mips-response-on-speculative-execution-and-side-chan…
745 …rn Stack Buffer <https://www.usenix.org/system/files/conference/woot18/woot18-paper-koruyeh.pdf>`_.