-
Notifications
You must be signed in to change notification settings - Fork 21
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
4,343 changed files
with
65,299 additions
and
35,613 deletions.
The diff you're trying to view is too large. We only load the first 3000 changed files.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -6,3 +6,12 @@ Description: | |
| OP-TEE bus provides reference to registered drivers under this directory. The <uuid> | ||
| matches Trusted Application (TA) driver and corresponding TA in secure OS. Drivers | ||
| are free to create needed API under optee-ta-<uuid> directory. | ||
|
|
||
| What: /sys/bus/tee/devices/optee-ta-<uuid>/need_supplicant | ||
| Date: November 2023 | ||
| KernelVersion: 6.7 | ||
| Contact: [email protected] | ||
| Description: | ||
| Allows to distinguish whether an OP-TEE based TA/device requires user-space | ||
| tee-supplicant to function properly or not. This attribute will be present for | ||
| devices which depend on tee-supplicant to be running. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -52,6 +52,9 @@ Description: | |
|
|
||
| echo 0 > /sys/class/devfreq/.../trans_stat | ||
|
|
||
| If the transition table is bigger than PAGE_SIZE, reading | ||
| this will return an -EFBIG error. | ||
|
|
||
| What: /sys/class/devfreq/.../available_frequencies | ||
| Date: October 2012 | ||
| Contact: Nishanth Menon <[email protected]> | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| What: /sys/class/<iface>/queues/rx-<queue>/rps_cpus | ||
| What: /sys/class/net/<iface>/queues/rx-<queue>/rps_cpus | ||
| Date: March 2010 | ||
| KernelVersion: 2.6.35 | ||
| Contact: [email protected] | ||
|
|
@@ -8,31 +8,31 @@ Description: | |
| network device queue. Possible values depend on the number | ||
| of available CPU(s) in the system. | ||
|
|
||
| What: /sys/class/<iface>/queues/rx-<queue>/rps_flow_cnt | ||
| What: /sys/class/net/<iface>/queues/rx-<queue>/rps_flow_cnt | ||
| Date: April 2010 | ||
| KernelVersion: 2.6.35 | ||
| Contact: [email protected] | ||
| Description: | ||
| Number of Receive Packet Steering flows being currently | ||
| processed by this particular network device receive queue. | ||
|
|
||
| What: /sys/class/<iface>/queues/tx-<queue>/tx_timeout | ||
| What: /sys/class/net/<iface>/queues/tx-<queue>/tx_timeout | ||
| Date: November 2011 | ||
| KernelVersion: 3.3 | ||
| Contact: [email protected] | ||
| Description: | ||
| Indicates the number of transmit timeout events seen by this | ||
| network interface transmit queue. | ||
|
|
||
| What: /sys/class/<iface>/queues/tx-<queue>/tx_maxrate | ||
| What: /sys/class/net/<iface>/queues/tx-<queue>/tx_maxrate | ||
| Date: March 2015 | ||
| KernelVersion: 4.1 | ||
| Contact: [email protected] | ||
| Description: | ||
| A Mbps max-rate set for the queue, a value of zero means disabled, | ||
| default is disabled. | ||
|
|
||
| What: /sys/class/<iface>/queues/tx-<queue>/xps_cpus | ||
| What: /sys/class/net/<iface>/queues/tx-<queue>/xps_cpus | ||
| Date: November 2010 | ||
| KernelVersion: 2.6.38 | ||
| Contact: [email protected] | ||
|
|
@@ -42,7 +42,7 @@ Description: | |
| network device transmit queue. Possible vaules depend on the | ||
| number of available CPU(s) in the system. | ||
|
|
||
| What: /sys/class/<iface>/queues/tx-<queue>/xps_rxqs | ||
| What: /sys/class/net/<iface>/queues/tx-<queue>/xps_rxqs | ||
| Date: June 2018 | ||
| KernelVersion: 4.18.0 | ||
| Contact: [email protected] | ||
|
|
@@ -53,7 +53,7 @@ Description: | |
| number of available receive queue(s) in the network device. | ||
| Default is disabled. | ||
|
|
||
| What: /sys/class/<iface>/queues/tx-<queue>/byte_queue_limits/hold_time | ||
| What: /sys/class/net/<iface>/queues/tx-<queue>/byte_queue_limits/hold_time | ||
| Date: November 2011 | ||
| KernelVersion: 3.3 | ||
| Contact: [email protected] | ||
|
|
@@ -62,15 +62,15 @@ Description: | |
| of this particular network device transmit queue. | ||
| Default value is 1000. | ||
|
|
||
| What: /sys/class/<iface>/queues/tx-<queue>/byte_queue_limits/inflight | ||
| What: /sys/class/net/<iface>/queues/tx-<queue>/byte_queue_limits/inflight | ||
| Date: November 2011 | ||
| KernelVersion: 3.3 | ||
| Contact: [email protected] | ||
| Description: | ||
| Indicates the number of bytes (objects) in flight on this | ||
| network device transmit queue. | ||
|
|
||
| What: /sys/class/<iface>/queues/tx-<queue>/byte_queue_limits/limit | ||
| What: /sys/class/net/<iface>/queues/tx-<queue>/byte_queue_limits/limit | ||
| Date: November 2011 | ||
| KernelVersion: 3.3 | ||
| Contact: [email protected] | ||
|
|
@@ -79,7 +79,7 @@ Description: | |
| on this network device transmit queue. This value is clamped | ||
| to be within the bounds defined by limit_max and limit_min. | ||
|
|
||
| What: /sys/class/<iface>/queues/tx-<queue>/byte_queue_limits/limit_max | ||
| What: /sys/class/net/<iface>/queues/tx-<queue>/byte_queue_limits/limit_max | ||
| Date: November 2011 | ||
| KernelVersion: 3.3 | ||
| Contact: [email protected] | ||
|
|
@@ -88,7 +88,7 @@ Description: | |
| queued on this network device transmit queue. See | ||
| include/linux/dynamic_queue_limits.h for the default value. | ||
|
|
||
| What: /sys/class/<iface>/queues/tx-<queue>/byte_queue_limits/limit_min | ||
| What: /sys/class/net/<iface>/queues/tx-<queue>/byte_queue_limits/limit_min | ||
| Date: November 2011 | ||
| KernelVersion: 3.3 | ||
| Contact: [email protected] | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -513,17 +513,18 @@ Description: information about CPUs heterogeneity. | |
| cpu_capacity: capacity of cpuX. | ||
|
|
||
| What: /sys/devices/system/cpu/vulnerabilities | ||
| /sys/devices/system/cpu/vulnerabilities/gather_data_sampling | ||
| /sys/devices/system/cpu/vulnerabilities/itlb_multihit | ||
| /sys/devices/system/cpu/vulnerabilities/l1tf | ||
| /sys/devices/system/cpu/vulnerabilities/mds | ||
| /sys/devices/system/cpu/vulnerabilities/meltdown | ||
| /sys/devices/system/cpu/vulnerabilities/mmio_stale_data | ||
| /sys/devices/system/cpu/vulnerabilities/retbleed | ||
| /sys/devices/system/cpu/vulnerabilities/spec_store_bypass | ||
| /sys/devices/system/cpu/vulnerabilities/spectre_v1 | ||
| /sys/devices/system/cpu/vulnerabilities/spectre_v2 | ||
| /sys/devices/system/cpu/vulnerabilities/spec_store_bypass | ||
| /sys/devices/system/cpu/vulnerabilities/l1tf | ||
| /sys/devices/system/cpu/vulnerabilities/mds | ||
| /sys/devices/system/cpu/vulnerabilities/srbds | ||
| /sys/devices/system/cpu/vulnerabilities/tsx_async_abort | ||
| /sys/devices/system/cpu/vulnerabilities/itlb_multihit | ||
| /sys/devices/system/cpu/vulnerabilities/mmio_stale_data | ||
| /sys/devices/system/cpu/vulnerabilities/retbleed | ||
| Date: January 2018 | ||
| Contact: Linux kernel mailing list <[email protected]> | ||
| Description: Information about CPU vulnerabilities | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -60,3 +60,14 @@ Description: Module taint flags: | |
| C staging driver module | ||
| E unsigned module | ||
| == ===================== | ||
|
|
||
| What: /sys/module/grant_table/parameters/free_per_iteration | ||
| Date: July 2023 | ||
| KernelVersion: 6.5 but backported to all supported stable branches | ||
| Contact: Xen developer discussion <[email protected]> | ||
| Description: Read and write number of grant entries to attempt to free per iteration. | ||
|
|
||
| Note: Future versions of Xen and Linux may provide a better | ||
| interface for controlling the rate of deferred grant reclaim | ||
| or may not need it at all. | ||
| Users: Qubes OS (https://www.qubes-os.org) | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,5 +1,5 @@ | ||
| ABI removed symbols | ||
| =================== | ||
|
|
||
| .. kernel-abi:: $srctree/Documentation/ABI/removed | ||
| .. kernel-abi:: ABI/removed | ||
| :rst: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
109 changes: 109 additions & 0 deletions
109
Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,109 @@ | ||
| .. SPDX-License-Identifier: GPL-2.0 | ||
| GDS - Gather Data Sampling | ||
| ========================== | ||
|
|
||
| Gather Data Sampling is a hardware vulnerability which allows unprivileged | ||
| speculative access to data which was previously stored in vector registers. | ||
|
|
||
| Problem | ||
| ------- | ||
| When a gather instruction performs loads from memory, different data elements | ||
| are merged into the destination vector register. However, when a gather | ||
| instruction that is transiently executed encounters a fault, stale data from | ||
| architectural or internal vector registers may get transiently forwarded to the | ||
| destination vector register instead. This will allow a malicious attacker to | ||
| infer stale data using typical side channel techniques like cache timing | ||
| attacks. GDS is a purely sampling-based attack. | ||
|
|
||
| The attacker uses gather instructions to infer the stale vector register data. | ||
| The victim does not need to do anything special other than use the vector | ||
| registers. The victim does not need to use gather instructions to be | ||
| vulnerable. | ||
|
|
||
| Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks | ||
| are possible. | ||
|
|
||
| Attack scenarios | ||
| ---------------- | ||
| Without mitigation, GDS can infer stale data across virtually all | ||
| permission boundaries: | ||
|
|
||
| Non-enclaves can infer SGX enclave data | ||
| Userspace can infer kernel data | ||
| Guests can infer data from hosts | ||
| Guest can infer guest from other guests | ||
| Users can infer data from other users | ||
|
|
||
| Because of this, it is important to ensure that the mitigation stays enabled in | ||
| lower-privilege contexts like guests and when running outside SGX enclaves. | ||
|
|
||
| The hardware enforces the mitigation for SGX. Likewise, VMMs should ensure | ||
| that guests are not allowed to disable the GDS mitigation. If a host erred and | ||
| allowed this, a guest could theoretically disable GDS mitigation, mount an | ||
| attack, and re-enable it. | ||
|
|
||
| Mitigation mechanism | ||
| -------------------- | ||
| This issue is mitigated in microcode. The microcode defines the following new | ||
| bits: | ||
|
|
||
| ================================ === ============================ | ||
| IA32_ARCH_CAPABILITIES[GDS_CTRL] R/O Enumerates GDS vulnerability | ||
| and mitigation support. | ||
| IA32_ARCH_CAPABILITIES[GDS_NO] R/O Processor is not vulnerable. | ||
| IA32_MCU_OPT_CTRL[GDS_MITG_DIS] R/W Disables the mitigation | ||
| 0 by default. | ||
| IA32_MCU_OPT_CTRL[GDS_MITG_LOCK] R/W Locks GDS_MITG_DIS=0. Writes | ||
| to GDS_MITG_DIS are ignored | ||
| Can't be cleared once set. | ||
| ================================ === ============================ | ||
|
|
||
| GDS can also be mitigated on systems that don't have updated microcode by | ||
| disabling AVX. This can be done by setting gather_data_sampling="force" or | ||
| "clearcpuid=avx" on the kernel command-line. | ||
|
|
||
| If used, these options will disable AVX use by turning off XSAVE YMM support. | ||
| However, the processor will still enumerate AVX support. Userspace that | ||
| does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM | ||
| support will break. | ||
|
|
||
| Mitigation control on the kernel command line | ||
| --------------------------------------------- | ||
| The mitigation can be disabled by setting "gather_data_sampling=off" or | ||
| "mitigations=off" on the kernel command line. Not specifying either will default | ||
| to the mitigation being enabled. Specifying "gather_data_sampling=force" will | ||
| use the microcode mitigation when available or disable AVX on affected systems | ||
| where the microcode hasn't been updated to include the mitigation. | ||
|
|
||
| GDS System Information | ||
| ------------------------ | ||
| The kernel provides vulnerability status information through sysfs. For | ||
| GDS this can be accessed by the following sysfs file: | ||
|
|
||
| /sys/devices/system/cpu/vulnerabilities/gather_data_sampling | ||
|
|
||
| The possible values contained in this file are: | ||
|
|
||
| ============================== ============================================= | ||
| Not affected Processor not vulnerable. | ||
| Vulnerable Processor vulnerable and mitigation disabled. | ||
| Vulnerable: No microcode Processor vulnerable and microcode is missing | ||
| mitigation. | ||
| Mitigation: AVX disabled, | ||
| no microcode Processor is vulnerable and microcode is missing | ||
| mitigation. AVX disabled as mitigation. | ||
| Mitigation: Microcode Processor is vulnerable and mitigation is in | ||
| effect. | ||
| Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in | ||
| effect and cannot be disabled. | ||
| Unknown: Dependent on | ||
| hypervisor status Running on a virtual guest processor that is | ||
| affected but with no way to know if host | ||
| processor is mitigated or vulnerable. | ||
| ============================== ============================================= | ||
|
|
||
| GDS Default mitigation | ||
| ---------------------- | ||
| The updated microcode will enable the mitigation by default. The kernel's | ||
| default action is to leave the mitigation enabled. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.