On Mon 2019-01-14 00:12:59, Jiri Kosina wrote: > On Mon, 14 Jan 2019, Pavel Machek wrote: > > > That one really is Intel-specific (not even all x86s are affectd). Same > > for Meltdown. > > At least for Meltdown, your claim is simply not correct. You are right, there may be few ARM chips affected by meltdown. I don't know about any non-Intel affected by l1tf. ...and its documentation is just plain wrong, explaining I'm protected when I'm not... commit f372cd79be31382ae6030a1f15638cc7fe9eeb9f Author: Pavel Date: Thu Jan 3 00:48:40 2019 +0100 Ok, I guess L1TF was a lot of fun, and there was not time for a good documentation. There's admin guide that is written as an advertisment, and unfortunately is slightly "inaccurate" at places (to the point of lying). Plus, I believe it should go to x86/ directory, as this is really Intel issue, and not anything ARM (or RISC-V) people need to know. Signed-off-by: Pavel Machek diff --git a/Documentation/admin-guide/l1tf.rst b/Documentation/admin-guide/l1tf.rst index 9af9773..05c5422 100644 --- a/Documentation/admin-guide/l1tf.rst +++ b/Documentation/admin-guide/l1tf.rst @@ -1,10 +1,11 @@ L1TF - L1 Terminal Fault ======================== -L1 Terminal Fault is a hardware vulnerability which allows unprivileged -speculative access to data which is available in the Level 1 Data Cache -when the page table entry controlling the virtual address, which is used -for the access, has the Present bit cleared or other reserved bits set. +L1 Terminal Fault is a hardware vulnerability on most recent Intel x86 +CPUs which allows unprivileged speculative access to data which is +available in the Level 1 Data Cache when the page table entry +controlling the virtual address, which is used for the access, has the +Present bit cleared or other reserved bits set. Affected processors ------------------- @@ -76,12 +77,14 @@ Attack scenarios deterministic and more practical. The Linux kernel contains a mitigation for this attack vector, PTE - inversion, which is permanently enabled and has no performance - impact. The kernel ensures that the address bits of PTEs, which are not - marked present, never point to cacheable physical memory space. - - A system with an up to date kernel is protected against attacks from - malicious user space applications. + inversion, which is permanently enabled and has no measurable + performance impact in most configurations. The kernel ensures that + the address bits of PTEs, which are not marked present, never point + to cacheable physical memory space. On x86-32, this physical memory + needs to be limited to 2GiB to make mitigation effective. + + Mitigation is present in kernels v4.19 and newer, and in + recent -stable kernels. 2. Malicious guest in a virtual machine ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ -- (english) http://www.livejournal.com/~pavelmachek (cesky, pictures) http://atrey.karlin.mff.cuni.cz/~pavel/picture/horses/blog.html