diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:25:20 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-05-07 02:25:20 +0000 |
commit | 8372e24aca862ae1fdd54a442fba92dc9b4b6161 (patch) | |
tree | 5fb60c5cd3d6bb6496650d1605a3c51d09be2bf1 /Documentation/admin-guide/hw-vuln/spectre.rst | |
parent | Adding debian version 6.1.85-1. (diff) | |
download | linux-8372e24aca862ae1fdd54a442fba92dc9b4b6161.tar.xz linux-8372e24aca862ae1fdd54a442fba92dc9b4b6161.zip |
Merging upstream version 6.1.90.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'Documentation/admin-guide/hw-vuln/spectre.rst')
-rw-r--r-- | Documentation/admin-guide/hw-vuln/spectre.rst | 22 |
1 files changed, 9 insertions, 13 deletions
diff --git a/Documentation/admin-guide/hw-vuln/spectre.rst b/Documentation/admin-guide/hw-vuln/spectre.rst index 9edb2860a..e0a1be97f 100644 --- a/Documentation/admin-guide/hw-vuln/spectre.rst +++ b/Documentation/admin-guide/hw-vuln/spectre.rst @@ -439,12 +439,12 @@ The possible values in this file are: - System is protected by retpoline * - BHI: BHI_DIS_S - System is protected by BHI_DIS_S - * - BHI: SW loop; KVM SW loop + * - BHI: SW loop, KVM SW loop - System is protected by software clearing sequence - * - BHI: Syscall hardening - - Syscalls are hardened against BHI - * - BHI: Syscall hardening; KVM: SW loop - - System is protected from userspace attacks by syscall hardening; KVM is protected by software clearing sequence + * - BHI: Vulnerable + - System is vulnerable to BHI + * - BHI: Vulnerable, KVM: SW loop + - System is vulnerable; KVM is protected by software clearing sequence Full mitigation might require a microcode update from the CPU vendor. When the necessary microcode is not available, the kernel will @@ -661,18 +661,14 @@ kernel command line. spectre_bhi= [X86] Control mitigation of Branch History Injection - (BHI) vulnerability. Syscalls are hardened against BHI - regardless of this setting. This setting affects the deployment + (BHI) vulnerability. This setting affects the deployment of the HW BHI control and the SW BHB clearing sequence. on - unconditionally enable. + (default) Enable the HW or SW mitigation as + needed. off - unconditionally disable. - auto - enable if hardware mitigation - control(BHI_DIS_S) is available, otherwise - enable alternate mitigation in KVM. + Disable the mitigation. For spectre_v2_user see Documentation/admin-guide/kernel-parameters.txt |