Lines Matching +full:i +full:- +full:leak +full:- +full:current
1 L1TF - L1 Terminal Fault
10 -------------------
15 - Processors from AMD, Centaur and other non Intel vendors
17 - Older processor models, where the CPU family is < 6
19 - A range of Intel ATOM processors (Cedarview, Cloverview, Lincroft,
22 - The Intel XEON PHI family
24 - Intel processors which have the ARCH_CAP_RDCL_NO bit set in the
33 ------------
38 CVE-2018-3615 L1 Terminal Fault SGX related aspects
39 CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects
40 CVE-2018-3646 L1 Terminal Fault Virtualization related aspects
44 -------
66 ----------------
74 In some cases user-space can maliciously influence the information
120 -----------------------
122 The Linux kernel provides a sysfs interface to enumerate the current L1TF
138 - SMT status:
145 - L1D Flush mode:
159 -------------------------
166 ---------------------------
188 - conditional ('cond')
189 - unconditional ('always')
194 interesting data to an attacker, but they can leak information about the
230 which the host OS executes, i.e. interrupts, soft interrupts and kernel
232 declared as non-interesting for an attacker without deep inspection of
244 https://www.kernel.org/doc/Documentation/admin-guide/cgroup-v1/cpusets.rst
271 https://www.kernel.org/doc/Documentation/core-api/irq/irq-affinity.rst
294 core only one - the so called primary (hyper) thread is
306 - /sys/devices/system/cpu/smt/control
307 - /sys/devices/system/cpu/smt/active
322 online a non-primary sibling is rejected
335 - on
336 - off
337 - forceoff
341 This file reports whether SMT is enabled and active, i.e. if on any
357 EPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter.
365 ---------------------------------------------
373 the hypervisors, i.e. unconditional L1D flushing
378 insecure configuration, i.e. SMT enabled or L1D flush
383 (i.e. sysfs control of SMT is disabled.)
386 mitigation, i.e. conditional L1D flushing
391 insecure configuration, i.e. SMT enabled or L1D flush
395 i.e. conditional L1D flushing.
400 insecure configuration, i.e. SMT enabled or L1D flush
418 Mitigation control for KVM - module parameter
419 -------------------------------------------------------------
424 The option/parameter is "kvm-intel.vmentry_l1d_flush=". It takes the
431 VMENTER can leak host memory which is considered
432 interesting for an attacker. This still can leak host memory
445 line, then 'always' is enforced and the kvm-intel.vmentry_l1d_flush
451 --------------------------
491 EPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter.
499 - L1D flushing on VMENTER:
507 - Guest confinement:
515 - Interrupt isolation:
531 - Disabling SMT:
538 parameters 'nosmt', 'l1tf', 'kvm-intel.vmentry_l1d_flush' and at run
543 - Disabling EPT:
550 EPT can be disabled in the hypervisor via the 'kvm-intel.ept'
562 - Flush the L1D cache on every switch from the nested hypervisor to the
566 - Flush the L1D cache on every switch from the nested virtual machine to
571 - Instruct the nested hypervisor to not perform any L1D cache flush. This
578 -------------------
582 - PTE inversion to protect against malicious user space. This is done
586 - L1D conditional flushing on VMENTER when EPT is enabled for
594 - Force disabling SMT can break existing setups, especially with
597 - If regular users run untrusted guests on their machine, then L1TF is
599 guest, e.g. spam-bots or attacks on the local network.
604 - It's technically extremely unlikely and from today's knowledge even
610 - The administrators of cloud and hosting setups have to carefully