Lines Matching full:mitigation
143 For a full mitigation against BHB attacks it is recommended to set BHI_DIS_S or
330 mitigation status of the system for Spectre: whether the system is
333 The sysfs file showing Spectre variant 1 mitigation status is:
347 * - 'Mitigation: usercopy/swapgs barriers and __user pointer sanitization'
357 retpoline mitigation or if the CPU has hardware mitigation, and if the
358 CPU has support for additional process-specific mitigation.
371 The sysfs file showing Spectre variant 2 mitigation status is:
381 'Mitigation: None' Vulnerable, no mitigation
382 'Mitigation: Retpolines' Use Retpoline thunks
383 'Mitigation: LFENCE' Use LFENCE instructions
384 'Mitigation: Enhanced IBRS' Hardware-focused mitigation
385 'Mitigation: Enhanced IBRS + Retpolines' Hardware-focused + Retpolines
386 'Mitigation: Enhanced IBRS + LFENCE' Hardware-focused + LFENCE
449 Full mitigation might require a microcode update from the CPU
453 Turning on mitigation for Spectre variant 1 and Spectre variant 2
456 1. Kernel mitigation
480 For Spectre variant 2 mitigation, the compiler turns indirect calls or
487 To turn on retpoline mitigation on a vulnerable CPU, the kernel
495 On Intel Skylake-era systems the mitigation covers most, but not all,
498 On CPUs with hardware mitigation for Spectre variant 2 (e.g. IBRS
516 The retpoline mitigation is turned on by default on vulnerable
529 2. User program mitigation
535 For Spectre variant 2 mitigation, individual user programs
561 3. VM mitigation
587 The kernel also allows guests to use any microcode based mitigation
592 Mitigation control on the kernel command line
609 Mitigation selection guide
675 …t injection mitigation <https://software.intel.com/security-software-guidance/insights/deep-dive-r…