Ping? Jonathan, can you pick this up? Pavel On Thu 2019-01-03 00:51:52, Pavel Machek wrote: > Hi! > > > The next round of speculation-related issues including the scary L1TF > > hardware bug was a way more "pleasant" experience to work on. While for > > obvious reasons the mitigation development happened behind closed doors in > > a smaller group of people, we were at least able to collaborate in a way > > which is somehow close to what we are used to. > > Ok, I guess L1TF was a lot of fun, and there was not time for a good > documentation. > > There's admin guide that is written as an advertisment, and > unfortunately is slightly "inaccurate" at places (to the point of > lying). > > Plus, I believe it should go to x86/ directory, as this is really > Intel issue, and not anything ARM (or RISC-V) people need to > know. (But we already have some urls in printk messages that may need > fixing up..?) > > Signed-off-by: Pavel Machek <pavel@xxxxxx> > > diff --git a/Documentation/admin-guide/l1tf.rst b/Documentation/admin-guide/l1tf.rst > index b85dd80..05c5422 100644 > --- a/Documentation/admin-guide/l1tf.rst > +++ b/Documentation/admin-guide/l1tf.rst > @@ -1,10 +1,11 @@ > L1TF - L1 Terminal Fault > ======================== > > -L1 Terminal Fault is a hardware vulnerability which allows unprivileged > -speculative access to data which is available in the Level 1 Data Cache > -when the page table entry controlling the virtual address, which is used > -for the access, has the Present bit cleared or other reserved bits set. > +L1 Terminal Fault is a hardware vulnerability on most recent Intel x86 > +CPUs which allows unprivileged speculative access to data which is > +available in the Level 1 Data Cache when the page table entry > +controlling the virtual address, which is used for the access, has the > +Present bit cleared or other reserved bits set. > > Affected processors > ------------------- > @@ -76,12 +77,14 @@ Attack scenarios > deterministic and more practical. > > The Linux kernel contains a mitigation for this attack vector, PTE > - inversion, which is permanently enabled and has no performance > - impact. The kernel ensures that the address bits of PTEs, which are not > - marked present, never point to cacheable physical memory space. > + inversion, which is permanently enabled and has no measurable > + performance impact in most configurations. The kernel ensures that > + the address bits of PTEs, which are not marked present, never point > + to cacheable physical memory space. On x86-32, this physical memory > + needs to be limited to 2GiB to make mitigation effective. > > - A system with an up to date kernel is protected against attacks from > - malicious user space applications. > + Mitigation is present in kernels v4.19 and newer, and in > + recent -stable kernels. > > 2. Malicious guest in a virtual machine > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > @@ -405,6 +408,9 @@ time with the option "l1tf=". The valid arguments for this option are: > > off Disables hypervisor mitigations and doesn't emit any > warnings. > + It also drops the swap size and available RAM limit restrictions > + on both hypervisor and bare metal. > + > ============ ============================================================= > > The default is 'flush'. For details about L1D flushing see :ref:`l1d_flush`. > @@ -576,7 +582,8 @@ Default mitigations > The kernel default mitigations for vulnerable processors are: > > - PTE inversion to protect against malicious user space. This is done > - unconditionally and cannot be controlled. > + unconditionally and cannot be controlled. The swap storage is limited > + to ~16TB. > > - L1D conditional flushing on VMENTER when EPT is enabled for > a guest. > > > > -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html
Attachment:
signature.asc
Description: Digital signature
