fa4bff1650
Pull x86 MDS mitigations from Thomas Gleixner: "Microarchitectural Data Sampling (MDS) is a hardware vulnerability which allows unprivileged speculative access to data which is available in various CPU internal buffers. This new set of misfeatures has the following CVEs assigned: CVE-2018-12126 MSBDS Microarchitectural Store Buffer Data Sampling CVE-2018-12130 MFBDS Microarchitectural Fill Buffer Data Sampling CVE-2018-12127 MLPDS Microarchitectural Load Port Data Sampling CVE-2019-11091 MDSUM Microarchitectural Data Sampling Uncacheable Memory MDS attacks target microarchitectural buffers which speculatively forward data under certain conditions. Disclosure gadgets can expose this data via cache side channels. Contrary to other speculation based vulnerabilities the MDS vulnerability does not allow the attacker to control the memory target address. As a consequence the attacks are purely sampling based, but as demonstrated with the TLBleed attack samples can be postprocessed successfully. The mitigation is to flush the microarchitectural buffers on return to user space and before entering a VM. It's bolted on the VERW instruction and requires a microcode update. As some of the attacks exploit data structures shared between hyperthreads, full protection requires to disable hyperthreading. The kernel does not do that by default to avoid breaking unattended updates. The mitigation set comes with documentation for administrators and a deeper technical view" * 'x86-mds-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (23 commits) x86/speculation/mds: Fix documentation typo Documentation: Correct the possible MDS sysfs values x86/mds: Add MDSUM variant to the MDS documentation x86/speculation/mds: Add 'mitigations=' support for MDS x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off x86/speculation/mds: Fix comment x86/speculation/mds: Add SMT warning message x86/speculation: Move arch_smt_update() call to after mitigation decisions x86/speculation/mds: Add mds=full,nosmt cmdline option Documentation: Add MDS vulnerability documentation Documentation: Move L1TF to separate directory x86/speculation/mds: Add mitigation mode VMWERV x86/speculation/mds: Add sysfs reporting for MDS x86/speculation/mds: Add mitigation control for MDS x86/speculation/mds: Conditionally clear CPU buffers on idle entry x86/kvm/vmx: Add MDS protection when L1D Flush is not active x86/speculation/mds: Clear CPU buffers on exit to user x86/speculation/mds: Add mds_clear_cpu_buffers() x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests x86/speculation/mds: Add BUG_MSBDS_ONLY ...
142 lines
3.3 KiB
ReStructuredText
142 lines
3.3 KiB
ReStructuredText
.. The Linux Kernel documentation master file, created by
|
|
sphinx-quickstart on Fri Feb 12 13:51:46 2016.
|
|
You can adapt this file completely to your liking, but it should at least
|
|
contain the root `toctree` directive.
|
|
|
|
.. _linux_doc:
|
|
|
|
The Linux Kernel documentation
|
|
==============================
|
|
|
|
This is the top level of the kernel's documentation tree. Kernel
|
|
documentation, like the kernel itself, is very much a work in progress;
|
|
that is especially true as we work to integrate our many scattered
|
|
documents into a coherent whole. Please note that improvements to the
|
|
documentation are welcome; join the linux-doc list at vger.kernel.org if
|
|
you want to help out.
|
|
|
|
Licensing documentation
|
|
-----------------------
|
|
|
|
The following describes the license of the Linux kernel source code
|
|
(GPLv2), how to properly mark the license of individual files in the source
|
|
tree, as well as links to the full license text.
|
|
|
|
* :ref:`kernel_licensing`
|
|
|
|
User-oriented documentation
|
|
---------------------------
|
|
|
|
The following manuals are written for *users* of the kernel — those who are
|
|
trying to get it to work optimally on a given system.
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
admin-guide/index
|
|
|
|
Firmware-related documentation
|
|
------------------------------
|
|
The following holds information on the kernel's expectations regarding the
|
|
platform firmwares.
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
firmware-guide/index
|
|
|
|
Application-developer documentation
|
|
-----------------------------------
|
|
|
|
The user-space API manual gathers together documents describing aspects of
|
|
the kernel interface as seen by application developers.
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
userspace-api/index
|
|
|
|
|
|
Introduction to kernel development
|
|
----------------------------------
|
|
|
|
These manuals contain overall information about how to develop the kernel.
|
|
The kernel community is quite large, with thousands of developers
|
|
contributing over the course of a year. As with any large community,
|
|
knowing how things are done will make the process of getting your changes
|
|
merged much easier.
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
process/index
|
|
dev-tools/index
|
|
doc-guide/index
|
|
kernel-hacking/index
|
|
trace/index
|
|
maintainer/index
|
|
|
|
Kernel API documentation
|
|
------------------------
|
|
|
|
These books get into the details of how specific kernel subsystems work
|
|
from the point of view of a kernel developer. Much of the information here
|
|
is taken directly from the kernel source, with supplemental material added
|
|
as needed (or at least as we managed to add it — probably *not* all that is
|
|
needed).
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
driver-api/index
|
|
core-api/index
|
|
media/index
|
|
networking/index
|
|
input/index
|
|
hwmon/index
|
|
gpu/index
|
|
security/index
|
|
sound/index
|
|
crypto/index
|
|
filesystems/index
|
|
vm/index
|
|
bpf/index
|
|
misc-devices/index
|
|
|
|
Architecture-specific documentation
|
|
-----------------------------------
|
|
|
|
These books provide programming details about architecture-specific
|
|
implementation.
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
x86/index
|
|
sh/index
|
|
x86/index
|
|
|
|
Filesystem Documentation
|
|
------------------------
|
|
|
|
The documentation in this section are provided by specific filesystem
|
|
subprojects.
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
filesystems/ext4/index
|
|
|
|
Translations
|
|
------------
|
|
|
|
.. toctree::
|
|
:maxdepth: 2
|
|
|
|
translations/index
|
|
|
|
Indices and tables
|
|
==================
|
|
|
|
* :ref:`genindex`
|