From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linutronix.de (193.142.43.55:993) by crypto-ml.lab.linutronix.de with IMAP4-SSL for ; 02 Nov 2019 09:12:17 -0000 Received: from us-smtp-delivery-1.mimecast.com ([205.139.110.120] helo=us-smtp-1.mimecast.com) by Galois.linutronix.de with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1iQpSB-0002LI-5e for speck@linutronix.de; Sat, 02 Nov 2019 10:12:16 +0100 Received: by mail-wr1-f72.google.com with SMTP id j17so6832849wru.13 for ; Sat, 02 Nov 2019 02:12:10 -0700 (PDT) Received: from [192.168.42.35] (mob-109-112-30-158.net.vodafone.it. [109.112.30.158]) by smtp.gmail.com with ESMTPSA id j22sm13638540wrd.41.2019.11.02.02.12.08 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sat, 02 Nov 2019 02:12:08 -0700 (PDT) Subject: [MODERATED] Re: [PATCH] NX documentation References: <20191102011217.GA4934@guptapadev.amr> From: Paolo Bonzini Message-ID: Date: Sat, 2 Nov 2019 10:12:03 +0100 MIME-Version: 1.0 In-Reply-To: <20191102011217.GA4934@guptapadev.amr> Content-Type: multipart/mixed; boundary="711NhrarKNjTCSojqgMhXSYvbehHR3Xa2"; protected-headers="v1" To: speck@linutronix.de List-ID: This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156) --711NhrarKNjTCSojqgMhXSYvbehHR3Xa2 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable Thanks, queued with these fixes on top. I'll be sending v9 shortly. diff --git a/Documentation/admin-guide/hw-vuln/multihit.rst b/Documentati= on/admin-guide/hw-vuln/multihit.rst index c2c9cef23e20..26e478a3570f 100644 --- a/Documentation/admin-guide/hw-vuln/multihit.rst +++ b/Documentation/admin-guide/hw-vuln/multihit.rst @@ -1,8 +1,9 @@ iTLB multihit =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D + iTLB multihit is an erratum where some processors may incur a machine ch= eck -error possibly resulting in an unrecoverable cpu hang when an instructio= n fetch -encounters a TLB multi-hit in the instruction TLB. This can occur when t= he page +error, possibly resulting in an unrecoverable CPU hang, when an instruct= ion fetch +hits multiple entries in the instruction TLB. This can occur when the pa= ge size is changed along with either the physical address or cache type. A malicious guest running on a virtualized system can exploit this erratum= to perform a denial of service attack. @@ -14,6 +15,8 @@ Affected processors Variations of this erratum are present on most Intel Core and Xeon proce= ssor models. The erratum is not present on: =20 + - non-Intel processors + - Some Atoms (Airmont, Bonnell, Goldmont, GoldmontPlus, Saltwell, Sil= vermont) =20 - Intel processors that have the PSCHANGE_MC_NO bit set in the @@ -97,7 +100,8 @@ and will be set on CPU's which are mitigated against t= his issue. Mitigation mechanism ------------------------- =20 -This erratum can be mitigated by restricting the use of large pages. +This erratum can be mitigated by restricting the use of large page sizes= to +non-executable pages. =20 =20 Mitigation control on the kernel command line and KVM - module parameter= @@ -120,7 +124,8 @@ The valid arguments for these options are: =20 off Mitigation is disabled. =20 - auto Enable mitigation only if the platform is affected. + auto Enable mitigation only if the platform is affected and the= kernel + was not booted with the "mitigations=3Doff" command line p= arameter. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D =20 =20 @@ -143,5 +148,5 @@ Mitigation selection guide 3. Virtualization with untrusted guests ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ If the guest comes from an untrusted source, the guest host kernel wi= ll need - to apply the iTLB multihit mitigation via the kernel command line or = kvm + to apply iTLB multihit mitigation via the kernel command line or kvm module parameter. --711NhrarKNjTCSojqgMhXSYvbehHR3Xa2--