Searched refs:mitigation (Results 1 – 25 of 52) sorted by relevance
123
/Linux-v6.6/Documentation/admin-guide/hw-vuln/ |
D | gather_data_sampling.rst | 29 Without mitigation, GDS can infer stale data across virtually all 38 Because of this, it is important to ensure that the mitigation stays enabled in 41 The hardware enforces the mitigation for SGX. Likewise, VMMs should ensure 42 that guests are not allowed to disable the GDS mitigation. If a host erred and 43 allowed this, a guest could theoretically disable GDS mitigation, mount an 53 and mitigation support. 55 IA32_MCU_OPT_CTRL[GDS_MITG_DIS] R/W Disables the mitigation 73 The mitigation can be disabled by setting "gather_data_sampling=off" or 75 to the mitigation being enabled. Specifying "gather_data_sampling=force" will 76 use the microcode mitigation when available or disable AVX on affected systems [all …]
|
D | mds.rst | 26 Not all processors are affected by all variants of MDS, but the mitigation 103 - The processor is vulnerable, but no mitigation enabled 107 The mitigation is enabled on a best effort basis. See :ref:`vmwerv` 109 - The processor is vulnerable and the CPU buffer clearing mitigation is 124 Best effort mitigation mode 128 mitigation mechanism is not advertised via CPUID the kernel selects a best 129 effort mitigation mode. This mode invokes the mitigation instructions 147 enables the mitigation by default. The mitigation can be controlled at boot 156 The mitigation for MDS clears the affected CPU buffers on return to user 168 Virtualization mitigation [all …]
|
D | special-register-buffer-data-sampling.rst | 87 the mitigation for RDRAND and RDSEED instructions executed outside of Intel 89 disable the mitigation using this opt-out mechanism, RDRAND and RDSEED do not 97 Along with the mitigation for this issue, Intel added a new thread-scope 103 disables the mitigation for RDRAND and RDSEED executed outside of an Intel SGX 104 enclave on that logical processor. Opting out of the mitigation for a 108 Note that inside of an Intel SGX enclave, the mitigation is applied regardless 113 The kernel command line allows control over the SRBDS mitigation at boot time 117 off This option disables SRBDS mitigation for RDRAND and RDSEED on 131 Vulnerable Processor vulnerable and mitigation disabled 133 mitigation [all …]
|
D | srso.rst | 6 This is a mitigation for the speculative return stack overflow (SRSO) 39 The sysfs file showing SRSO mitigation status is: 60 Note that User->User mitigation is controlled by how the IBPB aspect in 61 the Spectre v2 mitigation is selected: 77 Software-only mitigation. It complements the extended IBPB microcode 112 Considering the performance implications of each mitigation type, the 125 disable the mitigation with spec_rstack_overflow=off. 127 Similarly, 'Mitigation: IBPB' is another full mitigation type employing 129 microcode patch for one's system. This mitigation comes also at 135 The mitigation works by ensuring all RET instructions speculate to [all …]
|
D | tsx_async_abort.rst | 99 …- The CPU is affected by this vulnerability and the microcode and kernel mitigation are not applie… 111 Best effort mitigation mode 115 mitigation mechanism is not advertised via CPUID the kernel selects a best 116 effort mitigation mode. This mode invokes the mitigation instructions 133 enables the mitigation by default. 136 The mitigation can be controlled at boot time via a kernel command line option. 139 Virtualization mitigation 159 off This option disables the TAA mitigation on affected platforms. 163 full TAA mitigation is enabled. If TSX is enabled, on an affected 165 systems which are MDS-affected and deploy MDS mitigation, [all …]
|
D | processor_mmio_stale_data.rst | 10 provided to untrusted guests may need mitigation. These vulnerabilities are 110 section, mitigation largely remains the same for all the variants, i.e. to 117 specific variants of Processor MMIO Stale Data vulnerabilities and mitigation 153 same mitigation strategy to force the CPU to clear the affected buffers before 166 additional mitigation is needed on such CPUs. 168 For CPUs not affected by MDS or TAA, mitigation is needed only for the attacker 177 Same mitigation as MDS when affected by MDS/TAA, otherwise no mitigation 188 Same mitigation as MDS when processor is also affected by MDS/TAA, otherwise 200 full If the CPU is vulnerable, enable mitigation; CPU buffer clearing 204 complete mitigation. [all …]
|
D | spectre.rst | 144 For a full mitigation against BHB attacks, it's recommended to use 331 mitigation status of the system for Spectre: whether the system is 334 The sysfs file showing Spectre variant 1 mitigation status is: 358 retpoline mitigation or if the CPU has hardware mitigation, and if the 359 CPU has support for additional process-specific mitigation. 372 The sysfs file showing Spectre variant 2 mitigation status is: 382 'Mitigation: None' Vulnerable, no mitigation 385 'Mitigation: Enhanced IBRS' Hardware-focused mitigation 433 Full mitigation might require a microcode update from the CPU 437 Turning on mitigation for Spectre variant 1 and Spectre variant 2 [all …]
|
D | l1tf.rst | 78 The Linux kernel contains a mitigation for this attack vector, PTE 92 PTE inversion mitigation for L1TF, to attack physical host memory. 158 Host mitigation mechanism 165 Guest mitigation mechanisms 282 of other mitigation solutions like confining guests to dedicated cores. 351 Disabling EPT for virtual machines provides full mitigation for L1TF even 354 significant performance impact especially when the Meltdown mitigation 359 There is ongoing research and development for new mitigation mechanisms to 386 mitigation, i.e. conditional L1D flushing 394 flush,nosmt Disables SMT and enables the default hypervisor mitigation, [all …]
|
D | multihit.rst | 88 - The processor is vulnerable, but no mitigation enabled 125 The KVM hypervisor mitigation mechanism for marking huge pages as 133 force Mitigation is enabled. In this case, the mitigation implements 141 auto Enable mitigation only if the platform is affected and the kernel 166 to apply iTLB multihit mitigation via the kernel command line or kvm
|
D | l1d_flush.rst | 39 mechanism is used, software fallback for the mitigation, is not supported. 63 cores or by disabling SMT. See the relevant chapter in the L1TF mitigation
|
D | cross-thread-rsb.rst | 88 mitigation that covers this path is not enabled by default. 90 The mitigation for the KVM_CAP_X86_DISABLE_EXITS capability can be turned on
|
/Linux-v6.6/tools/testing/selftests/powerpc/security/ |
D | mitigation-patching.sh | 9 local mitigation="$1" 14 orig=$(cat "$mitigation") 21 echo 0 > "$mitigation" 22 echo 1 > "$mitigation" 27 echo "$orig" > "$mitigation"
|
D | Makefile | 4 TEST_PROGS := mitigation-patching.sh
|
/Linux-v6.6/Documentation/arch/x86/ |
D | tsx_async_abort.rst | 3 TSX Async Abort (TAA) mitigation 33 Kernel internal mitigation modes 54 not provided then the kernel selects an appropriate mitigation depending on the 58 TAA mitigation, VERW behavior and TSX feature for various combinations of 66 …A_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation 81 …A_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation 96 …A_NO MDS_NO TSX_CTRL_MSR TSX state VERW can clear TAA mitigation TAA mitigation
|
D | mds.rst | 1 Microarchitectural Data Sampling (MDS) mitigation 73 All variants have the same mitigation strategy at least for the single CPU 82 command. The latter is issued when L1TF mitigation is enabled so the extra 98 The mitigation is invoked on kernel/userspace, hypervisor/guest and C-state 112 Kernel internal mitigation modes 130 line then the kernel selects the appropriate mitigation mode depending on 140 on affected CPUs when the mitigation is not disabled on the kernel 144 The mitigation is invoked in prepare_exit_to_usermode() which covers 173 switched depending on the chosen mitigation mode and the SMT state of 187 The mitigation is hooked into all variants of halt()/mwait(), but does
|
D | buslock.rst | 104 that mitigation is not needed. 125 This is an effective mitigation in cases where a minimal impact can be
|
/Linux-v6.6/Documentation/userspace-api/ |
D | spec_ctrl.rst | 9 The kernel provides mitigation for such vulnerabilities in various 36 1 PR_SPEC_ENABLE The speculation feature is enabled, mitigation is 38 2 PR_SPEC_DISABLE The speculation feature is disabled, mitigation is 48 If PR_SPEC_PRCTL is set, then the per-task control of the mitigation is
|
/Linux-v6.6/Documentation/driver-api/thermal/ |
D | cpu-idle-cooling.rst | 90 the duty cycle percentage. When no mitigation is happening the cooling 93 When the mitigation begins, depending on the governor's policy, a 133 mitigation begins. It is platform dependent and will depend on the 138 for thermal mitigation, otherwise we end up consuming more energy. 194 potentially invert the mitigation effect
|
/Linux-v6.6/drivers/thermal/mediatek/ |
D | Kconfig | 8 mechaisms for thermal mitigation.
|
/Linux-v6.6/Documentation/virt/kvm/arm/ |
D | hypercalls.rst | 47 firmware support for the workaround. The mitigation status for the 51 available to the guest and required for the mitigation.
|
/Linux-v6.6/drivers/thermal/qcom/ |
D | Kconfig | 40 hardware(LMh). LMh allows for hardware-enforced mitigation for cpus based on
|
/Linux-v6.6/Documentation/admin-guide/ |
D | kernel-parameters.txt | 1640 mitigation. 1647 The mitigation may have a performance impact but can be 1648 disabled. On systems without the microcode mitigation 1649 disabling AVX serves as a mitigation. 1652 microcode mitigation. No effect if the microcode 1653 mitigation is present. Known to cause crashes in 1656 off: Disable GDS mitigation. 2525 Default: enabled on cores which need mitigation. 2680 never: Disables the mitigation 2690 Control mitigation for L1D based snooping vulnerability. [all …]
|
/Linux-v6.6/Documentation/networking/ |
D | napi.rst | 211 IRQ mitigation 215 a similar mechanism can be used for IRQ mitigation. 230 not the case with IRQ mitigation, however, so the budget can be adjusted
|
D | driver.rst | 120 mitigation scheme to let TX packets "hang out" in the TX
|
/Linux-v6.6/Documentation/accel/qaic/ |
D | qaic.rst | 13 While the AIC100 DMA Bridge hardware implements an IRQ storm mitigation 33 This mitigation in QAIC is very effective. The same lprnet usecase that
|
123