sphinx.addnodesdocument)}( rawsourcechildren]( translations LanguagesNode)}(hhh](h pending_xref)}(hhh]docutils.nodesTextChinese (Simplified)}parenthsba attributes}(ids]classes]names]dupnames]backrefs] refdomainstdreftypedoc reftarget,/translations/zh_CN/admin-guide/hw-vuln/l1tfmodnameN classnameN refexplicitutagnamehhh ubh)}(hhh]hChinese (Traditional)}hh2sbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget,/translations/zh_TW/admin-guide/hw-vuln/l1tfmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hItalian}hhFsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget,/translations/it_IT/admin-guide/hw-vuln/l1tfmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hJapanese}hhZsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget,/translations/ja_JP/admin-guide/hw-vuln/l1tfmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hKorean}hhnsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget,/translations/ko_KR/admin-guide/hw-vuln/l1tfmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hSpanish}hhsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftarget,/translations/sp_SP/admin-guide/hw-vuln/l1tfmodnameN classnameN refexplicituh1hhh ubeh}(h]h ]h"]h$]h&]current_languageEnglishuh1h hh _documenthsourceNlineNubhsection)}(hhh](htitle)}(hL1TF - L1 Terminal Faulth]hL1TF - L1 Terminal Fault}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhhF/var/lib/git/docbuild/linux/Documentation/admin-guide/hw-vuln/l1tf.rsthKubh paragraph)}(hX L1 Terminal Fault is a hardware vulnerability which allows unprivileged speculative access to data which is available in the Level 1 Data Cache when the page table entry controlling the virtual address, which is used for the access, has the Present bit cleared or other reserved bits set.h]hX L1 Terminal Fault is a hardware vulnerability which allows unprivileged speculative access to data which is available in the Level 1 Data Cache when the page table entry controlling the virtual address, which is used for the access, has the Present bit cleared or other reserved bits set.}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hhh](h)}(hAffected processorsh]hAffected processors}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhhhhK ubh)}(haThis vulnerability affects a wide range of Intel processors. The vulnerability is not present on:h]haThis vulnerability affects a wide range of Intel processors. The vulnerability is not present on:}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK hhhhubh block_quote)}(hX- Processors from AMD, Centaur and other non Intel vendors - Older processor models, where the CPU family is < 6 - A range of Intel ATOM processors (Cedarview, Cloverview, Lincroft, Penwell, Pineview, Silvermont, Airmont, Merrifield) - The Intel XEON PHI family - Intel processors which have the ARCH_CAP_RDCL_NO bit set in the IA32_ARCH_CAPABILITIES MSR. If the bit is set the CPU is not affected by the Meltdown vulnerability either. These CPUs should become available by end of 2018. h]h bullet_list)}(hhh](h list_item)}(h9Processors from AMD, Centaur and other non Intel vendors h]h)}(h8Processors from AMD, Centaur and other non Intel vendorsh]h8Processors from AMD, Centaur and other non Intel vendors}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhubah}(h]h ]h"]h$]h&]uh1hhhubh)}(h4Older processor models, where the CPU family is < 6 h]h)}(h3Older processor models, where the CPU family is < 6h]h3Older processor models, where the CPU family is < 6}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1hhhubh)}(hwA range of Intel ATOM processors (Cedarview, Cloverview, Lincroft, Penwell, Pineview, Silvermont, Airmont, Merrifield) h]h)}(hvA range of Intel ATOM processors (Cedarview, Cloverview, Lincroft, Penwell, Pineview, Silvermont, Airmont, Merrifield)h]hvA range of Intel ATOM processors (Cedarview, Cloverview, Lincroft, Penwell, Pineview, Silvermont, Airmont, Merrifield)}(hj'hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj#ubah}(h]h ]h"]h$]h&]uh1hhhubh)}(hThe Intel XEON PHI family h]h)}(hThe Intel XEON PHI familyh]hThe Intel XEON PHI family}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj;ubah}(h]h ]h"]h$]h&]uh1hhhubh)}(hIntel processors which have the ARCH_CAP_RDCL_NO bit set in the IA32_ARCH_CAPABILITIES MSR. If the bit is set the CPU is not affected by the Meltdown vulnerability either. These CPUs should become available by end of 2018. h]h)}(hIntel processors which have the ARCH_CAP_RDCL_NO bit set in the IA32_ARCH_CAPABILITIES MSR. If the bit is set the CPU is not affected by the Meltdown vulnerability either. These CPUs should become available by end of 2018.h]hIntel processors which have the ARCH_CAP_RDCL_NO bit set in the IA32_ARCH_CAPABILITIES MSR. If the bit is set the CPU is not affected by the Meltdown vulnerability either. These CPUs should become available by end of 2018.}(hjWhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjSubah}(h]h ]h"]h$]h&]uh1hhhubeh}(h]h ]h"]h$]h&]bullet-uh1hhhhKhhubah}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(h{Whether a processor is affected or not can be read out from the L1TF vulnerability file in sysfs. See :ref:`l1tf_sys_info`.h](hfWhether a processor is affected or not can be read out from the L1TF vulnerability file in sysfs. See }(hjyhhhNhNubh)}(h:ref:`l1tf_sys_info`h]hinline)}(hjh]h l1tf_sys_info}(hjhhhNhNubah}(h]h ](xrefstdstd-refeh"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]refdocadmin-guide/hw-vuln/l1tf refdomainjreftyperef refexplicitrefwarn reftarget l1tf_sys_infouh1hhhhKhjyubh.}(hjyhhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhKhhhhubeh}(h]affected-processorsah ]h"]affected processorsah$]h&]uh1hhhhhhhhK ubh)}(hhh](h)}(h Related CVEsh]h Related CVEs}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhK!ubh)}(h@The following CVE entries are related to the L1TF vulnerability:h]h@The following CVE entries are related to the L1TF vulnerability:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK#hjhhubh)}(hX3============= ================= ============================== CVE-2018-3615 L1 Terminal Fault SGX related aspects CVE-2018-3620 L1 Terminal Fault OS, SMM related aspects CVE-2018-3646 L1 Terminal Fault Virtualization related aspects ============= ================= ============================== h]htable)}(hhh]htgroup)}(hhh](hcolspec)}(hhh]h}(h]h ]h"]h$]h&]colwidthK uh1jhjubj)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1jhjubj)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1jhjubhtbody)}(hhh](hrow)}(hhh](hentry)}(hhh]h)}(h CVE-2018-3615h]h CVE-2018-3615}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK&hjubah}(h]h ]h"]h$]h&]uh1jhj ubj)}(hhh]h)}(hL1 Terminal Faulth]hL1 Terminal Fault}(hj+hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK&hj(ubah}(h]h ]h"]h$]h&]uh1jhj ubj)}(hhh]h)}(hSGX related aspectsh]hSGX related aspects}(hjBhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK&hj?ubah}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]uh1j hjubj )}(hhh](j)}(hhh]h)}(h CVE-2018-3620h]h CVE-2018-3620}(hjbhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK'hj_ubah}(h]h ]h"]h$]h&]uh1jhj\ubj)}(hhh]h)}(hL1 Terminal Faulth]hL1 Terminal Fault}(hjyhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK'hjvubah}(h]h ]h"]h$]h&]uh1jhj\ubj)}(hhh]h)}(hOS, SMM related aspectsh]hOS, SMM related aspects}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK'hjubah}(h]h ]h"]h$]h&]uh1jhj\ubeh}(h]h ]h"]h$]h&]uh1j hjubj )}(hhh](j)}(hhh]h)}(h CVE-2018-3646h]h CVE-2018-3646}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK(hjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hhh]h)}(hL1 Terminal Faulth]hL1 Terminal Fault}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK(hjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hhh]h)}(hVirtualization related aspectsh]hVirtualization related aspects}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK(hjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]colsKuh1jhjubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hhhhK%hjhhubeh}(h] related-cvesah ]h"] related cvesah$]h&]uh1hhhhhhhhK!ubh)}(hhh](h)}(hProblemh]hProblem}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhK,ubh)}(hXjIf an instruction accesses a virtual address for which the relevant page table entry (PTE) has the Present bit cleared or other reserved bits set, then speculative execution ignores the invalid PTE and loads the referenced data if it is present in the Level 1 Data Cache, as if the page referenced by the address bits in the PTE was still present and accessible.h]hXjIf an instruction accesses a virtual address for which the relevant page table entry (PTE) has the Present bit cleared or other reserved bits set, then speculative execution ignores the invalid PTE and loads the referenced data if it is present in the Level 1 Data Cache, as if the page referenced by the address bits in the PTE was still present and accessible.}(hj*hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK.hjhhubh)}(hXDWhile this is a purely speculative mechanism and the instruction will raise a page fault when it is retired eventually, the pure act of loading the data and making it available to other speculative instructions opens up the opportunity for side channel attacks to unprivileged malicious code, similar to the Meltdown attack.h]hXDWhile this is a purely speculative mechanism and the instruction will raise a page fault when it is retired eventually, the pure act of loading the data and making it available to other speculative instructions opens up the opportunity for side channel attacks to unprivileged malicious code, similar to the Meltdown attack.}(hj8hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK4hjhhubh)}(hXPWhile Meltdown breaks the user space to kernel space protection, L1TF allows to attack any physical memory address in the system and the attack works across all protection domains. It allows an attack of SGX and also works from inside virtual machines because the speculation bypasses the extended page table (EPT) protection mechanism.h]hXPWhile Meltdown breaks the user space to kernel space protection, L1TF allows to attack any physical memory address in the system and the attack works across all protection domains. It allows an attack of SGX and also works from inside virtual machines because the speculation bypasses the extended page table (EPT) protection mechanism.}(hjFhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK:hjhhubeh}(h]problemah ]h"]problemah$]h&]uh1hhhhhhhhK,ubh)}(hhh](h)}(hAttack scenariosh]hAttack scenarios}(hj_hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj\hhhhhKBubh)}(hhh](h)}(h1. Malicious user spaceh]h1. Malicious user space}(hjphhhNhNubah}(h]h ]h"]h$]h&]uh1hhjmhhhhhKEubh)}(hXOperating Systems store arbitrary information in the address bits of a PTE which is marked non present. This allows a malicious user space application to attack the physical memory to which these PTEs resolve. In some cases user-space can maliciously influence the information encoded in the address bits of the PTE, thus making attacks more deterministic and more practical. The Linux kernel contains a mitigation for this attack vector, PTE inversion, which is permanently enabled and has no performance impact. The kernel ensures that the address bits of PTEs, which are not marked present, never point to cacheable physical memory space. A system with an up to date kernel is protected against attacks from malicious user space applications. h](h)}(hXwOperating Systems store arbitrary information in the address bits of a PTE which is marked non present. This allows a malicious user space application to attack the physical memory to which these PTEs resolve. In some cases user-space can maliciously influence the information encoded in the address bits of the PTE, thus making attacks more deterministic and more practical.h]hXwOperating Systems store arbitrary information in the address bits of a PTE which is marked non present. This allows a malicious user space application to attack the physical memory to which these PTEs resolve. In some cases user-space can maliciously influence the information encoded in the address bits of the PTE, thus making attacks more deterministic and more practical.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKGhj~ubh)}(hX The Linux kernel contains a mitigation for this attack vector, PTE inversion, which is permanently enabled and has no performance impact. The kernel ensures that the address bits of PTEs, which are not marked present, never point to cacheable physical memory space.h]hX The Linux kernel contains a mitigation for this attack vector, PTE inversion, which is permanently enabled and has no performance impact. The kernel ensures that the address bits of PTEs, which are not marked present, never point to cacheable physical memory space.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKNhj~ubh)}(hgA system with an up to date kernel is protected against attacks from malicious user space applications.h]hgA system with an up to date kernel is protected against attacks from malicious user space applications.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKShj~ubeh}(h]h ]h"]h$]h&]uh1hhhhKGhjmhhubeh}(h]malicious-user-spaceah ]h"]1. malicious user spaceah$]h&]uh1hhj\hhhhhKEubh)}(hhh](h)}(h'2. Malicious guest in a virtual machineh]h'2. Malicious guest in a virtual machine}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhKWubh)}(hX The fact that L1TF breaks all domain protections allows malicious guest OSes, which can control the PTEs directly, and malicious guest user space applications, which run on an unprotected guest kernel lacking the PTE inversion mitigation for L1TF, to attack physical host memory. A special aspect of L1TF in the context of virtualization is symmetric multi threading (SMT). The Intel implementation of SMT is called HyperThreading. The fact that Hyperthreads on the affected processors share the L1 Data Cache (L1D) is important for this. As the flaw allows only to attack data which is present in L1D, a malicious guest running on one Hyperthread can attack the data which is brought into the L1D by the context which runs on the sibling Hyperthread of the same physical core. This context can be host OS, host user space or a different guest. If the processor does not support Extended Page Tables, the attack is only possible, when the hypervisor does not sanitize the content of the effective (shadow) page tables. While solutions exist to mitigate these attack vectors fully, these mitigations are not enabled by default in the Linux kernel because they can affect performance significantly. The kernel provides several mechanisms which can be utilized to address the problem depending on the deployment scenario. The mitigations, their protection scope and impact are described in the next sections. The default mitigations and the rationale for choosing them are explained at the end of this document. See :ref:`default_mitigations`. h](h)}(hXThe fact that L1TF breaks all domain protections allows malicious guest OSes, which can control the PTEs directly, and malicious guest user space applications, which run on an unprotected guest kernel lacking the PTE inversion mitigation for L1TF, to attack physical host memory.h]hXThe fact that L1TF breaks all domain protections allows malicious guest OSes, which can control the PTEs directly, and malicious guest user space applications, which run on an unprotected guest kernel lacking the PTE inversion mitigation for L1TF, to attack physical host memory.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKYhjubh)}(hX4A special aspect of L1TF in the context of virtualization is symmetric multi threading (SMT). The Intel implementation of SMT is called HyperThreading. The fact that Hyperthreads on the affected processors share the L1 Data Cache (L1D) is important for this. As the flaw allows only to attack data which is present in L1D, a malicious guest running on one Hyperthread can attack the data which is brought into the L1D by the context which runs on the sibling Hyperthread of the same physical core. This context can be host OS, host user space or a different guest.h]hX4A special aspect of L1TF in the context of virtualization is symmetric multi threading (SMT). The Intel implementation of SMT is called HyperThreading. The fact that Hyperthreads on the affected processors share the L1 Data Cache (L1D) is important for this. As the flaw allows only to attack data which is present in L1D, a malicious guest running on one Hyperthread can attack the data which is brought into the L1D by the context which runs on the sibling Hyperthread of the same physical core. This context can be host OS, host user space or a different guest.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK^hjubh)}(hIf the processor does not support Extended Page Tables, the attack is only possible, when the hypervisor does not sanitize the content of the effective (shadow) page tables.h]hIf the processor does not support Extended Page Tables, the attack is only possible, when the hypervisor does not sanitize the content of the effective (shadow) page tables.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKghjubh)}(hXWhile solutions exist to mitigate these attack vectors fully, these mitigations are not enabled by default in the Linux kernel because they can affect performance significantly. The kernel provides several mechanisms which can be utilized to address the problem depending on the deployment scenario. The mitigations, their protection scope and impact are described in the next sections.h]hXWhile solutions exist to mitigate these attack vectors fully, these mitigations are not enabled by default in the Linux kernel because they can affect performance significantly. The kernel provides several mechanisms which can be utilized to address the problem depending on the deployment scenario. The mitigations, their protection scope and impact are described in the next sections.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKkhjubh)}(hThe default mitigations and the rationale for choosing them are explained at the end of this document. See :ref:`default_mitigations`.h](hkThe default mitigations and the rationale for choosing them are explained at the end of this document. See }(hjhhhNhNubh)}(h:ref:`default_mitigations`h]j)}(hjh]hdefault_mitigations}(hjhhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]refdocj refdomainjreftyperef refexplicitrefwarnjdefault_mitigationsuh1hhhhKrhjubh.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhKrhjubeh}(h]h ]h"]h$]h&]uh1hhhhKYhjhhubhtarget)}(h.. _l1tf_sys_info:h]h}(h]h ]h"]h$]h&]refid l1tf-sys-infouh1j?hKuhjhhhhubeh}(h]$malicious-guest-in-a-virtual-machineah ]h"]'2. malicious guest in a virtual machineah$]h&]uh1hhj\hhhhhKWubeh}(h]attack-scenariosah ]h"]attack scenariosah$]h&]uh1hhhhhhhhKBubh)}(hhh](h)}(hL1TF system informationh]hL1TF system information}(hj`hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj]hhhhhKxubh)}(hThe Linux kernel provides a sysfs interface to enumerate the current L1TF status of the system: whether the system is vulnerable, and which mitigations are active. The relevant sysfs file is:h]hThe Linux kernel provides a sysfs interface to enumerate the current L1TF status of the system: whether the system is vulnerable, and which mitigations are active. The relevant sysfs file is:}(hjnhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKzhj]hhubh)}(h,/sys/devices/system/cpu/vulnerabilities/l1tfh]h,/sys/devices/system/cpu/vulnerabilities/l1tf}(hj|hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK~hj]hhubh)}(h%The possible values in this file are:h]h%The possible values in this file are:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj]hhubh)}(h=========================== =============================== 'Not affected' The processor is not vulnerable 'Mitigation: PTE Inversion' The host protection is active =========================== =============================== h]j)}(hhh]j)}(hhh](j)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1jhjubj)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1jhjubj)}(hhh](j )}(hhh](j)}(hhh]h)}(h'Not affected'h]h‘Not affected’}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hhh]h)}(hThe processor is not vulnerableh]hThe processor is not vulnerable}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1j hjubj )}(hhh](j)}(hhh]h)}(h'Mitigation: PTE Inversion'h]h‘Mitigation: PTE Inversion’}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hhh]h)}(hThe host protection is activeh]hThe host protection is active}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]colsKuh1jhjubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hhhhKhj]hhubh)}(hIf KVM/VMX is enabled and the processor is vulnerable then the following information is appended to the 'Mitigation: PTE Inversion' part:h]hIf KVM/VMX is enabled and the processor is vulnerable then the following information is appended to the ‘Mitigation: PTE Inversion’ part:}(hj@hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj]hhubh)}(hX)- SMT status: ===================== ================ 'VMX: SMT vulnerable' SMT is enabled 'VMX: SMT disabled' SMT is disabled ===================== ================ - L1D Flush mode: ================================ ==================================== 'L1D vulnerable' L1D flushing is disabled 'L1D conditional cache flushes' L1D flush is conditionally enabled 'L1D cache flushes' L1D flush is unconditionally enabled ================================ ==================================== h]h)}(hhh](h)}(hSMT status: ===================== ================ 'VMX: SMT vulnerable' SMT is enabled 'VMX: SMT disabled' SMT is disabled ===================== ================ h](h)}(h SMT status:h]h SMT status:}(hjYhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjUubj)}(hhh]j)}(hhh](j)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1jhjjubj)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1jhjjubj)}(hhh](j )}(hhh](j)}(hhh]h)}(h'VMX: SMT vulnerable'h]h‘VMX: SMT vulnerable’}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hhh]h)}(hSMT is enabledh]hSMT is enabled}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1j hjubj )}(hhh](j)}(hhh]h)}(h'VMX: SMT disabled'h]h‘VMX: SMT disabled’}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hhh]h)}(hSMT is disabledh]hSMT is disabled}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1jhjjubeh}(h]h ]h"]h$]h&]colsKuh1jhjgubah}(h]h ]h"]h$]h&]uh1jhjUubeh}(h]h ]h"]h$]h&]uh1hhjRubh)}(hXhL1D Flush mode: ================================ ==================================== 'L1D vulnerable' L1D flushing is disabled 'L1D conditional cache flushes' L1D flush is conditionally enabled 'L1D cache flushes' L1D flush is unconditionally enabled ================================ ==================================== h](h)}(hL1D Flush mode:h]hL1D Flush mode:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubj)}(hhh]j)}(hhh](j)}(hhh]h}(h]h ]h"]h$]h&]colwidthK uh1jhj ubj)}(hhh]h}(h]h ]h"]h$]h&]colwidthK$uh1jhj ubj)}(hhh](j )}(hhh](j)}(hhh]h)}(h'L1D vulnerable'h]h‘L1D vulnerable’}(hj@hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj=ubah}(h]h ]h"]h$]h&]uh1jhj:ubj)}(hhh]h)}(hL1D flushing is disabledh]hL1D flushing is disabled}(hjWhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjTubah}(h]h ]h"]h$]h&]uh1jhj:ubeh}(h]h ]h"]h$]h&]uh1j hj7ubj )}(hhh](j)}(hhh]h)}(h'L1D conditional cache flushes'h]h#‘L1D conditional cache flushes’}(hjwhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjtubah}(h]h ]h"]h$]h&]uh1jhjqubj)}(hhh]h)}(h"L1D flush is conditionally enabledh]h"L1D flush is conditionally enabled}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjqubeh}(h]h ]h"]h$]h&]uh1j hj7ubj )}(hhh](j)}(hhh]h)}(h'L1D cache flushes'h]h‘L1D cache flushes’}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hhh]h)}(h$L1D flush is unconditionally enabledh]h$L1D flush is unconditionally enabled}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1j hj7ubeh}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]colsKuh1jhjubah}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]uh1hhjRubeh}(h]h ]h"]h$]h&]jqjruh1hhhhKhjNubah}(h]h ]h"]h$]h&]uh1hhhhKhj]hhubh)}(hIThe resulting grade of protection is discussed in the following sections.h]hIThe resulting grade of protection is discussed in the following sections.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj]hhubeh}(h](l1tf-system-informationjLeh ]h"](l1tf system information l1tf_sys_infoeh$]h&]uh1hhhhhhhhKxexpect_referenced_by_name}jjAsexpect_referenced_by_id}jLjAsubh)}(hhh](h)}(hHost mitigation mechanismh]hHost mitigation mechanism}(hj"hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhKubh)}(hkThe kernel is unconditionally protected against L1TF attacks from malicious user space running on the host.h]hkThe kernel is unconditionally protected against L1TF attacks from malicious user space running on the host.}(hj0hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjhhubeh}(h]host-mitigation-mechanismah ]h"]host mitigation mechanismah$]h&]uh1hhhhhhhhKubh)}(hhh](h)}(hGuest mitigation mechanismsh]hGuest mitigation mechanisms}(hjIhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjFhhhhhKubj@)}(h.. _l1d_flush:h]h}(h]h ]h"]h$]h&]jK l1d-flushuh1j?hKhjFhhhhubh)}(hhh](h)}(h1. L1D flush on VMENTERh]h1. L1D flush on VMENTER}(hjehhhNhNubah}(h]h ]h"]h$]h&]uh1hhjbhhhhhKubh)}(hXTo make sure that a guest cannot attack data which is present in the L1D the hypervisor flushes the L1D before entering the guest. Flushing the L1D evicts not only the data which should not be accessed by a potentially malicious guest, it also flushes the guest data. Flushing the L1D has a performance impact as the processor has to bring the flushed guest data back into the L1D. Depending on the frequency of VMEXIT/VMENTER and the type of computations in the guest performance degradation in the range of 1% to 50% has been observed. For scenarios where guest VMEXIT/VMENTER are rare the performance impact is minimal. Virtio and mechanisms like posted interrupts are designed to confine the VMEXITs to a bare minimum, but specific configurations and application scenarios might still suffer from a high VMEXIT rate. The kernel provides two L1D flush modes: - conditional ('cond') - unconditional ('always') The conditional mode avoids L1D flushing after VMEXITs which execute only audited code paths before the corresponding VMENTER. These code paths have been verified that they cannot expose secrets or other interesting data to an attacker, but they can leak information about the address space layout of the hypervisor. Unconditional mode flushes L1D on all VMENTER invocations and provides maximum protection. It has a higher overhead than the conditional mode. The overhead cannot be quantified correctly as it depends on the workload scenario and the resulting number of VMEXITs. The general recommendation is to enable L1D flush on VMENTER. The kernel defaults to conditional mode on affected processors. **Note**, that L1D flush does not prevent the SMT problem because the sibling thread will also bring back its data into the L1D which makes it attackable again. L1D flush can be controlled by the administrator via the kernel command line and sysfs control files. See :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`. h](h)}(hTo make sure that a guest cannot attack data which is present in the L1D the hypervisor flushes the L1D before entering the guest.h]hTo make sure that a guest cannot attack data which is present in the L1D the hypervisor flushes the L1D before entering the guest.}(hjwhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjsubh)}(hXFlushing the L1D evicts not only the data which should not be accessed by a potentially malicious guest, it also flushes the guest data. Flushing the L1D has a performance impact as the processor has to bring the flushed guest data back into the L1D. Depending on the frequency of VMEXIT/VMENTER and the type of computations in the guest performance degradation in the range of 1% to 50% has been observed. For scenarios where guest VMEXIT/VMENTER are rare the performance impact is minimal. Virtio and mechanisms like posted interrupts are designed to confine the VMEXITs to a bare minimum, but specific configurations and application scenarios might still suffer from a high VMEXIT rate.h]hXFlushing the L1D evicts not only the data which should not be accessed by a potentially malicious guest, it also flushes the guest data. Flushing the L1D has a performance impact as the processor has to bring the flushed guest data back into the L1D. Depending on the frequency of VMEXIT/VMENTER and the type of computations in the guest performance degradation in the range of 1% to 50% has been observed. For scenarios where guest VMEXIT/VMENTER are rare the performance impact is minimal. Virtio and mechanisms like posted interrupts are designed to confine the VMEXITs to a bare minimum, but specific configurations and application scenarios might still suffer from a high VMEXIT rate.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjsubhdefinition_list)}(hhh]hdefinition_list_item)}(h[The kernel provides two L1D flush modes: - conditional ('cond') - unconditional ('always') h](hterm)}(h(The kernel provides two L1D flush modes:h]h(The kernel provides two L1D flush modes:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhjubh definition)}(hhh]h)}(hhh](h)}(hconditional ('cond')h]h)}(hjh]hconditional (‘cond’)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1hhjubh)}(hunconditional ('always') h]h)}(hunconditional ('always')h]hunconditional (‘always’)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1hhjubeh}(h]h ]h"]h$]h&]jqjruh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1jhhhKhjubah}(h]h ]h"]h$]h&]uh1jhjsubh)}(hX<The conditional mode avoids L1D flushing after VMEXITs which execute only audited code paths before the corresponding VMENTER. These code paths have been verified that they cannot expose secrets or other interesting data to an attacker, but they can leak information about the address space layout of the hypervisor.h]hX<The conditional mode avoids L1D flushing after VMEXITs which execute only audited code paths before the corresponding VMENTER. These code paths have been verified that they cannot expose secrets or other interesting data to an attacker, but they can leak information about the address space layout of the hypervisor.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjsubh)}(hXUnconditional mode flushes L1D on all VMENTER invocations and provides maximum protection. It has a higher overhead than the conditional mode. The overhead cannot be quantified correctly as it depends on the workload scenario and the resulting number of VMEXITs.h]hXUnconditional mode flushes L1D on all VMENTER invocations and provides maximum protection. It has a higher overhead than the conditional mode. The overhead cannot be quantified correctly as it depends on the workload scenario and the resulting number of VMEXITs.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjsubh)}(h}The general recommendation is to enable L1D flush on VMENTER. The kernel defaults to conditional mode on affected processors.h]h}The general recommendation is to enable L1D flush on VMENTER. The kernel defaults to conditional mode on affected processors.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjsubh)}(h**Note**, that L1D flush does not prevent the SMT problem because the sibling thread will also bring back its data into the L1D which makes it attackable again.h](hstrong)}(h**Note**h]hNote}(hj-hhhNhNubah}(h]h ]h"]h$]h&]uh1j+hj'ubh, that L1D flush does not prevent the SMT problem because the sibling thread will also bring back its data into the L1D which makes it attackable again.}(hj'hhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhKhjsubh)}(hL1D flush can be controlled by the administrator via the kernel command line and sysfs control files. See :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`.h](hjL1D flush can be controlled by the administrator via the kernel command line and sysfs control files. See }(hjEhhhNhNubh)}(h&:ref:`mitigation_control_command_line`h]j)}(hjOh]hmitigation_control_command_line}(hjQhhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhjMubah}(h]h ]h"]h$]h&]refdocj refdomainj[reftyperef refexplicitrefwarnjmitigation_control_command_lineuh1hhhhKhjEubh and }(hjEhhhNhNubh)}(h:ref:`mitigation_control_kvm`h]j)}(hjsh]hmitigation_control_kvm}(hjuhhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhjqubah}(h]h ]h"]h$]h&]refdocj refdomainjreftyperef refexplicitrefwarnjmitigation_control_kvmuh1hhhhKhjEubh.}(hjEhhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhKhjsubeh}(h]h ]h"]h$]h&]uh1hhhhKhjbhhubj@)}(h.. _guest_confinement:h]h}(h]h ]h"]h$]h&]jKguest-confinementuh1j?hKhjbhhhhubeh}(h](l1d-flush-on-vmenterjaeh ]h"](1. l1d flush on vmenter l1d_flusheh$]h&]uh1hhjFhhhhhKj}jjWsj}jajWsubh)}(hhh](h)}(h52. Guest VCPU confinement to dedicated physical coresh]h52. Guest VCPU confinement to dedicated physical cores}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhKubh)}(hX9To address the SMT problem, it is possible to make a guest or a group of guests affine to one or more physical cores. The proper mechanism for that is to utilize exclusive cpusets to ensure that no other guest or host tasks can run on these cores. If only a single guest or related guests run on sibling SMT threads on the same physical core then they can only attack their own memory and restricted parts of the host memory. Host memory is attackable, when one of the sibling SMT threads runs in host OS (hypervisor) context and the other in guest context. The amount of valuable information from the host OS context depends on the context which the host OS executes, i.e. interrupts, soft interrupts and kernel threads. The amount of valuable data from these contexts cannot be declared as non-interesting for an attacker without deep inspection of the code. **Note**, that assigning guests to a fixed set of physical cores affects the ability of the scheduler to do load balancing and might have negative effects on CPU utilization depending on the hosting scenario. Disabling SMT might be a viable alternative for particular scenarios. For further information about confining guests to a single or to a group of cores consult the cpusets documentation: https://www.kernel.org/doc/Documentation/admin-guide/cgroup-v1/cpusets.rst h](h)}(hTo address the SMT problem, it is possible to make a guest or a group of guests affine to one or more physical cores. The proper mechanism for that is to utilize exclusive cpusets to ensure that no other guest or host tasks can run on these cores.h]hTo address the SMT problem, it is possible to make a guest or a group of guests affine to one or more physical cores. The proper mechanism for that is to utilize exclusive cpusets to ensure that no other guest or host tasks can run on these cores.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubh)}(hIf only a single guest or related guests run on sibling SMT threads on the same physical core then they can only attack their own memory and restricted parts of the host memory.h]hIf only a single guest or related guests run on sibling SMT threads on the same physical core then they can only attack their own memory and restricted parts of the host memory.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubh)}(hXHost memory is attackable, when one of the sibling SMT threads runs in host OS (hypervisor) context and the other in guest context. The amount of valuable information from the host OS context depends on the context which the host OS executes, i.e. interrupts, soft interrupts and kernel threads. The amount of valuable data from these contexts cannot be declared as non-interesting for an attacker without deep inspection of the code.h]hXHost memory is attackable, when one of the sibling SMT threads runs in host OS (hypervisor) context and the other in guest context. The amount of valuable information from the host OS context depends on the context which the host OS executes, i.e. interrupts, soft interrupts and kernel threads. The amount of valuable data from these contexts cannot be declared as non-interesting for an attacker without deep inspection of the code.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubh)}(hX**Note**, that assigning guests to a fixed set of physical cores affects the ability of the scheduler to do load balancing and might have negative effects on CPU utilization depending on the hosting scenario. Disabling SMT might be a viable alternative for particular scenarios.h](j,)}(h**Note**h]hNote}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1j+hjubhX, that assigning guests to a fixed set of physical cores affects the ability of the scheduler to do load balancing and might have negative effects on CPU utilization depending on the hosting scenario. Disabling SMT might be a viable alternative for particular scenarios.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhKhjubh)}(htFor further information about confining guests to a single or to a group of cores consult the cpusets documentation:h]htFor further information about confining guests to a single or to a group of cores consult the cpusets documentation:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubh)}(hJhttps://www.kernel.org/doc/Documentation/admin-guide/cgroup-v1/cpusets.rsth]h reference)}(hj" h]hJhttps://www.kernel.org/doc/Documentation/admin-guide/cgroup-v1/cpusets.rst}(hj& hhhNhNubah}(h]h ]h"]h$]h&]refurij" uh1j$ hj ubah}(h]h ]h"]h$]h&]uh1hhhhKhjubeh}(h]h ]h"]h$]h&]uh1hhhhKhjhhubj@)}(h.. _interrupt_isolation:h]h}(h]h ]h"]h$]h&]jKinterrupt-isolationuh1j?hKhjhhhhubeh}(h](2guest-vcpu-confinement-to-dedicated-physical-coresjeh ]h"](52. guest vcpu confinement to dedicated physical coresguest_confinementeh$]h&]uh1hhjFhhhhhKj}jQ jsj}jjsubh)}(hhh](h)}(h3. Interrupt affinityh]h3. Interrupt affinity}(hjY hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjV hhhhhKubh)}(hXEInterrupts can be made affine to logical CPUs. This is not universally true because there are types of interrupts which are truly per CPU interrupts, e.g. the local timer interrupt. Aside of that multi queue devices affine their interrupts to single CPUs or groups of CPUs per queue without allowing the administrator to control the affinities. Moving the interrupts, which can be affinity controlled, away from CPUs which run untrusted guests, reduces the attack vector space. Whether the interrupts with are affine to CPUs, which run untrusted guests, provide interesting data for an attacker depends on the system configuration and the scenarios which run on the system. While for some of the interrupts it can be assumed that they won't expose interesting information beyond exposing hints about the host OS memory layout, there is no way to make general assumptions. Interrupt affinity can be controlled by the administrator via the /proc/irq/$NR/smp_affinity[_list] files. Limited documentation is available at: https://www.kernel.org/doc/Documentation/core-api/irq/irq-affinity.rst h](h)}(hXXInterrupts can be made affine to logical CPUs. This is not universally true because there are types of interrupts which are truly per CPU interrupts, e.g. the local timer interrupt. Aside of that multi queue devices affine their interrupts to single CPUs or groups of CPUs per queue without allowing the administrator to control the affinities.h]hXXInterrupts can be made affine to logical CPUs. This is not universally true because there are types of interrupts which are truly per CPU interrupts, e.g. the local timer interrupt. Aside of that multi queue devices affine their interrupts to single CPUs or groups of CPUs per queue without allowing the administrator to control the affinities.}(hjk hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjg ubh)}(hMoving the interrupts, which can be affinity controlled, away from CPUs which run untrusted guests, reduces the attack vector space.h]hMoving the interrupts, which can be affinity controlled, away from CPUs which run untrusted guests, reduces the attack vector space.}(hjy hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjg ubh)}(hXWhether the interrupts with are affine to CPUs, which run untrusted guests, provide interesting data for an attacker depends on the system configuration and the scenarios which run on the system. While for some of the interrupts it can be assumed that they won't expose interesting information beyond exposing hints about the host OS memory layout, there is no way to make general assumptions.h]hXWhether the interrupts with are affine to CPUs, which run untrusted guests, provide interesting data for an attacker depends on the system configuration and the scenarios which run on the system. While for some of the interrupts it can be assumed that they won’t expose interesting information beyond exposing hints about the host OS memory layout, there is no way to make general assumptions.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjg ubh)}(hInterrupt affinity can be controlled by the administrator via the /proc/irq/$NR/smp_affinity[_list] files. Limited documentation is available at:h]hInterrupt affinity can be controlled by the administrator via the /proc/irq/$NR/smp_affinity[_list] files. Limited documentation is available at:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM hjg ubh)}(hFhttps://www.kernel.org/doc/Documentation/core-api/irq/irq-affinity.rsth]j% )}(hj h]hFhttps://www.kernel.org/doc/Documentation/core-api/irq/irq-affinity.rst}(hj hhhNhNubah}(h]h ]h"]h$]h&]refurij uh1j$ hj ubah}(h]h ]h"]h$]h&]uh1hhhhMhjg ubeh}(h]h ]h"]h$]h&]uh1hhhhKhjV hhubj@)}(h.. _smt_control:h]h}(h]h ]h"]h$]h&]jK smt-controluh1j?hMhjV hhhhubeh}(h](interrupt-affinityjJ eh ]h"](3. interrupt affinityinterrupt_isolationeh$]h&]uh1hhjFhhhhhKj}j j@ sj}jJ j@ subh)}(hhh](h)}(h4. SMT controlh]h4. SMT control}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hhhhhMubh)}(hX1 To prevent the SMT issues of L1TF it might be necessary to disable SMT completely. Disabling SMT can have a significant performance impact, but the impact depends on the hosting scenario and the type of workloads. The impact of disabling SMT needs also to be weighted against the impact of other mitigation solutions like confining guests to dedicated cores. The kernel provides a sysfs interface to retrieve the status of SMT and to control it. It also provides a kernel command line interface to control SMT. The kernel command line interface consists of the following options: =========== ========================================================== nosmt Affects the bring up of the secondary CPUs during boot. The kernel tries to bring all present CPUs online during the boot process. "nosmt" makes sure that from each physical core only one - the so called primary (hyper) thread is activated. Due to a design flaw of Intel processors related to Machine Check Exceptions the non primary siblings have to be brought up at least partially and are then shut down again. "nosmt" can be undone via the sysfs interface. nosmt=force Has the same effect as "nosmt" but it does not allow to undo the SMT disable via the sysfs interface. =========== ========================================================== The sysfs interface provides two files: - /sys/devices/system/cpu/smt/control - /sys/devices/system/cpu/smt/active /sys/devices/system/cpu/smt/control: This file allows to read out the SMT control state and provides the ability to disable or (re)enable SMT. The possible states are: ============== =================================================== on SMT is supported by the CPU and enabled. All logical CPUs can be onlined and offlined without restrictions. off SMT is supported by the CPU and disabled. Only the so called primary SMT threads can be onlined and offlined without restrictions. An attempt to online a non-primary sibling is rejected forceoff Same as 'off' but the state cannot be controlled. Attempts to write to the control file are rejected. notsupported The processor does not support SMT. It's therefore not affected by the SMT implications of L1TF. Attempts to write to the control file are rejected. ============== =================================================== The possible states which can be written into this file to control SMT state are: - on - off - forceoff /sys/devices/system/cpu/smt/active: This file reports whether SMT is enabled and active, i.e. if on any physical core two or more sibling threads are online. SMT control is also possible at boot time via the l1tf kernel command line parameter in combination with L1D flush control. See :ref:`mitigation_control_command_line`. h](h)}(hXfTo prevent the SMT issues of L1TF it might be necessary to disable SMT completely. Disabling SMT can have a significant performance impact, but the impact depends on the hosting scenario and the type of workloads. The impact of disabling SMT needs also to be weighted against the impact of other mitigation solutions like confining guests to dedicated cores.h]hXfTo prevent the SMT issues of L1TF it might be necessary to disable SMT completely. Disabling SMT can have a significant performance impact, but the impact depends on the hosting scenario and the type of workloads. The impact of disabling SMT needs also to be weighted against the impact of other mitigation solutions like confining guests to dedicated cores.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj ubh)}(hThe kernel provides a sysfs interface to retrieve the status of SMT and to control it. It also provides a kernel command line interface to control SMT.h]hThe kernel provides a sysfs interface to retrieve the status of SMT and to control it. It also provides a kernel command line interface to control SMT.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj ubh)}(hDThe kernel command line interface consists of the following options:h]hDThe kernel command line interface consists of the following options:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM hj ubh)}(hX;=========== ========================================================== nosmt Affects the bring up of the secondary CPUs during boot. The kernel tries to bring all present CPUs online during the boot process. "nosmt" makes sure that from each physical core only one - the so called primary (hyper) thread is activated. Due to a design flaw of Intel processors related to Machine Check Exceptions the non primary siblings have to be brought up at least partially and are then shut down again. "nosmt" can be undone via the sysfs interface. nosmt=force Has the same effect as "nosmt" but it does not allow to undo the SMT disable via the sysfs interface. =========== ========================================================== h]j)}(hhh]j)}(hhh](j)}(hhh]h}(h]h ]h"]h$]h&]colwidthK uh1jhj ubj)}(hhh]h}(h]h ]h"]h$]h&]colwidthK;uh1jhj ubj)}(hhh](j )}(hhh](j)}(hhh]h)}(hnosmth]hnosmt}(hj= hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM#hj: ubah}(h]h ]h"]h$]h&]uh1jhj7 ubj)}(hhh]h)}(hXAffects the bring up of the secondary CPUs during boot. The kernel tries to bring all present CPUs online during the boot process. "nosmt" makes sure that from each physical core only one - the so called primary (hyper) thread is activated. Due to a design flaw of Intel processors related to Machine Check Exceptions the non primary siblings have to be brought up at least partially and are then shut down again. "nosmt" can be undone via the sysfs interface.h]hXAffects the bring up of the secondary CPUs during boot. The kernel tries to bring all present CPUs online during the boot process. “nosmt” makes sure that from each physical core only one - the so called primary (hyper) thread is activated. Due to a design flaw of Intel processors related to Machine Check Exceptions the non primary siblings have to be brought up at least partially and are then shut down again. “nosmt” can be undone via the sysfs interface.}(hjT hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM#hjQ ubah}(h]h ]h"]h$]h&]uh1jhj7 ubeh}(h]h ]h"]h$]h&]uh1j hj4 ubj )}(hhh](j)}(hhh]h)}(h nosmt=forceh]h nosmt=force}(hjt hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM,hjq ubah}(h]h ]h"]h$]h&]uh1jhjn ubj)}(hhh]h)}(heHas the same effect as "nosmt" but it does not allow to undo the SMT disable via the sysfs interface.h]hiHas the same effect as “nosmt” but it does not allow to undo the SMT disable via the sysfs interface.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM,hj ubah}(h]h ]h"]h$]h&]uh1jhjn ubeh}(h]h ]h"]h$]h&]uh1j hj4 ubeh}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]colsKuh1jhj ubah}(h]h ]h"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]uh1hhhhM"hj ubh)}(h'The sysfs interface provides two files:h]h'The sysfs interface provides two files:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM0hj ubh)}(hhh](h)}(h#/sys/devices/system/cpu/smt/controlh]h)}(hj h]h#/sys/devices/system/cpu/smt/control}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM2hj ubah}(h]h ]h"]h$]h&]uh1hhj ubh)}(h#/sys/devices/system/cpu/smt/active h]h)}(h"/sys/devices/system/cpu/smt/activeh]h"/sys/devices/system/cpu/smt/active}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM3hj ubah}(h]h ]h"]h$]h&]uh1hhj ubeh}(h]h ]h"]h$]h&]jqjruh1hhhhM2hj ubh)}(h$/sys/devices/system/cpu/smt/control:h]h$/sys/devices/system/cpu/smt/control:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM5hj ubh)}(hXThis file allows to read out the SMT control state and provides the ability to disable or (re)enable SMT. The possible states are: ============== =================================================== on SMT is supported by the CPU and enabled. All logical CPUs can be onlined and offlined without restrictions. off SMT is supported by the CPU and disabled. Only the so called primary SMT threads can be onlined and offlined without restrictions. An attempt to online a non-primary sibling is rejected forceoff Same as 'off' but the state cannot be controlled. Attempts to write to the control file are rejected. notsupported The processor does not support SMT. It's therefore not affected by the SMT implications of L1TF. Attempts to write to the control file are rejected. ============== =================================================== The possible states which can be written into this file to control SMT state are: - on - off - forceoff h](h)}(hThis file allows to read out the SMT control state and provides the ability to disable or (re)enable SMT. The possible states are:h]hThis file allows to read out the SMT control state and provides the ability to disable or (re)enable SMT. The possible states are:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM7hj ubh)}(hXl============== =================================================== on SMT is supported by the CPU and enabled. All logical CPUs can be onlined and offlined without restrictions. off SMT is supported by the CPU and disabled. Only the so called primary SMT threads can be onlined and offlined without restrictions. An attempt to online a non-primary sibling is rejected forceoff Same as 'off' but the state cannot be controlled. Attempts to write to the control file are rejected. notsupported The processor does not support SMT. It's therefore not affected by the SMT implications of L1TF. Attempts to write to the control file are rejected. ============== =================================================== h]j)}(hhh]j)}(hhh](j)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1jhj+ ubj)}(hhh]h}(h]h ]h"]h$]h&]colwidthK3uh1jhj+ ubj)}(hhh](j )}(hhh](j)}(hhh]h)}(honh]hon}(hjK hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM;hjH ubah}(h]h ]h"]h$]h&]uh1jhjE ubj)}(hhh]h)}(hkSMT is supported by the CPU and enabled. All logical CPUs can be onlined and offlined without restrictions.h]hkSMT is supported by the CPU and enabled. All logical CPUs can be onlined and offlined without restrictions.}(hjb hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM;hj_ ubah}(h]h ]h"]h$]h&]uh1jhjE ubeh}(h]h ]h"]h$]h&]uh1j hjB ubj )}(hhh](j)}(hhh]h)}(hoffh]hoff}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM?hj ubah}(h]h ]h"]h$]h&]uh1jhj| ubj)}(hhh]h)}(hSMT is supported by the CPU and disabled. Only the so called primary SMT threads can be onlined and offlined without restrictions. An attempt to online a non-primary sibling is rejectedh]hSMT is supported by the CPU and disabled. Only the so called primary SMT threads can be onlined and offlined without restrictions. An attempt to online a non-primary sibling is rejected}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM?hj ubah}(h]h ]h"]h$]h&]uh1jhj| ubeh}(h]h ]h"]h$]h&]uh1j hjB ubj )}(hhh](j)}(hhh]h)}(hforceoffh]hforceoff}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMDhj ubah}(h]h ]h"]h$]h&]uh1jhj ubj)}(hhh]h)}(heSame as 'off' but the state cannot be controlled. Attempts to write to the control file are rejected.h]hiSame as ‘off’ but the state cannot be controlled. Attempts to write to the control file are rejected.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMDhj ubah}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]uh1j hjB ubj )}(hhh](j)}(hhh]h)}(h notsupportedh]h notsupported}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMGhj ubah}(h]h ]h"]h$]h&]uh1jhj ubj)}(hhh]h)}(hThe processor does not support SMT. It's therefore not affected by the SMT implications of L1TF. Attempts to write to the control file are rejected.h]hThe processor does not support SMT. It’s therefore not affected by the SMT implications of L1TF. Attempts to write to the control file are rejected.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMGhj ubah}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]uh1j hjB ubeh}(h]h ]h"]h$]h&]uh1jhj+ ubeh}(h]h ]h"]h$]h&]colsKuh1jhj( ubah}(h]h ]h"]h$]h&]uh1jhj$ ubah}(h]h ]h"]h$]h&]uh1hhhhM:hj ubh)}(hQThe possible states which can be written into this file to control SMT state are:h]hQThe possible states which can be written into this file to control SMT state are:}(hj: hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMLhj ubh)}(hhh](h)}(honh]h)}(hjM h]hon}(hjO hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMOhjK ubah}(h]h ]h"]h$]h&]uh1hhjH ubh)}(hoffh]h)}(hjd h]hoff}(hjf hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMPhjb ubah}(h]h ]h"]h$]h&]uh1hhjH ubh)}(h forceoff h]h)}(hforceoffh]hforceoff}(hj} hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMQhjy ubah}(h]h ]h"]h$]h&]uh1hhjH ubeh}(h]h ]h"]h$]h&]jqjruh1hhhhMOhj ubeh}(h]h ]h"]h$]h&]uh1hhhhM7hj ubh)}(h#/sys/devices/system/cpu/smt/active:h]h#/sys/devices/system/cpu/smt/active:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMShj ubh)}(hzThis file reports whether SMT is enabled and active, i.e. if on any physical core two or more sibling threads are online. h]h)}(hyThis file reports whether SMT is enabled and active, i.e. if on any physical core two or more sibling threads are online.h]hyThis file reports whether SMT is enabled and active, i.e. if on any physical core two or more sibling threads are online.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMUhj ubah}(h]h ]h"]h$]h&]uh1hhhhMUhj ubh)}(hSMT control is also possible at boot time via the l1tf kernel command line parameter in combination with L1D flush control. See :ref:`mitigation_control_command_line`.h](hSMT control is also possible at boot time via the l1tf kernel command line parameter in combination with L1D flush control. See }(hj hhhNhNubh)}(h&:ref:`mitigation_control_command_line`h]j)}(hj h]hmitigation_control_command_line}(hj hhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]refdocj refdomainj reftyperef refexplicitrefwarnjmitigation_control_command_lineuh1hhhhMXhj ubh.}(hj hhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhMXhj ubeh}(h]h ]h"]h$]h&]uh1hhhhMhj hhubeh}(h](j id1eh ]h"](4. smt control smt_controleh$]h&]uh1hhjFhhhhhMj}j j sj}j j subh)}(hhh](h)}(h5. Disabling EPTh]h5. Disabling EPT}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hhhhhM]ubh)}(hXsDisabling EPT for virtual machines provides full mitigation for L1TF even with SMT enabled, because the effective page tables for guests are managed and sanitized by the hypervisor. Though disabling EPT has a significant performance impact especially when the Meltdown mitigation KPTI is enabled. EPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter. h](h)}(hX(Disabling EPT for virtual machines provides full mitigation for L1TF even with SMT enabled, because the effective page tables for guests are managed and sanitized by the hypervisor. Though disabling EPT has a significant performance impact especially when the Meltdown mitigation KPTI is enabled.h]hX(Disabling EPT for virtual machines provides full mitigation for L1TF even with SMT enabled, because the effective page tables for guests are managed and sanitized by the hypervisor. Though disabling EPT has a significant performance impact especially when the Meltdown mitigation KPTI is enabled.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM_hj ubh)}(hHEPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter.h]hLEPT can be disabled in the hypervisor via the ‘kvm-intel.ept’ parameter.}(hj) hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMehj ubeh}(h]h ]h"]h$]h&]uh1hhhhM_hj hhubh)}(hThere is ongoing research and development for new mitigation mechanisms to address the performance impact of disabling SMT or EPT.h]hThere is ongoing research and development for new mitigation mechanisms to address the performance impact of disabling SMT or EPT.}(hj= hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMghj hhubj@)}(h$.. _mitigation_control_command_line:h]h}(h]h ]h"]h$]h&]jKmitigation-control-command-lineuh1j?hMjhj hhhhubeh}(h] disabling-eptah ]h"]5. disabling eptah$]h&]uh1hhjFhhhhhM]ubeh}(h]guest-mitigation-mechanismsah ]h"]guest mitigation mechanismsah$]h&]uh1hhhhhhhhKubh)}(hhh](h)}(h-Mitigation control on the kernel command lineh]h-Mitigation control on the kernel command line}(hji hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjf hhhhhMmubh)}(hThe kernel command line allows to control the L1TF mitigations at boot time with the option "l1tf=". The valid arguments for this option are:h]hThe kernel command line allows to control the L1TF mitigations at boot time with the option “l1tf=”. The valid arguments for this option are:}(hjw hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMohjf hhubh)}(hX ============ ============================================================= full Provides all available mitigations for the L1TF vulnerability. Disables SMT and enables all mitigations in the hypervisors, i.e. unconditional L1D flushing SMT control and L1D flush control via the sysfs interface is still possible after boot. Hypervisors will issue a warning when the first VM is started in a potentially insecure configuration, i.e. SMT enabled or L1D flush disabled. full,force Same as 'full', but disables SMT and L1D flush runtime control. Implies the 'nosmt=force' command line option. (i.e. sysfs control of SMT is disabled.) flush Leaves SMT enabled and enables the default hypervisor mitigation, i.e. conditional L1D flushing SMT control and L1D flush control via the sysfs interface is still possible after boot. Hypervisors will issue a warning when the first VM is started in a potentially insecure configuration, i.e. SMT enabled or L1D flush disabled. flush,nosmt Disables SMT and enables the default hypervisor mitigation, i.e. conditional L1D flushing. SMT control and L1D flush control via the sysfs interface is still possible after boot. Hypervisors will issue a warning when the first VM is started in a potentially insecure configuration, i.e. SMT enabled or L1D flush disabled. flush,nowarn Same as 'flush', but hypervisors will not warn when a VM is started in a potentially insecure configuration. off Disables hypervisor mitigations and doesn't emit any warnings. It also drops the swap size and available RAM limit restrictions on both hypervisor and bare metal. ============ ============================================================= h]j)}(hhh]j)}(hhh](j)}(hhh]h}(h]h ]h"]h$]h&]colwidthK uh1jhj ubj)}(hhh]h}(h]h ]h"]h$]h&]colwidthK@uh1jhj ubj)}(hhh](j )}(hhh](j)}(hhh]h)}(hfullh]hfull}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMshj ubah}(h]h ]h"]h$]h&]uh1jhj ubj)}(hhh](h)}(hProvides all available mitigations for the L1TF vulnerability. Disables SMT and enables all mitigations in the hypervisors, i.e. unconditional L1D flushingh]hProvides all available mitigations for the L1TF vulnerability. Disables SMT and enables all mitigations in the hypervisors, i.e. unconditional L1D flushing}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMshj ubh)}(hSMT control and L1D flush control via the sysfs interface is still possible after boot. Hypervisors will issue a warning when the first VM is started in a potentially insecure configuration, i.e. SMT enabled or L1D flush disabled.h]hSMT control and L1D flush control via the sysfs interface is still possible after boot. Hypervisors will issue a warning when the first VM is started in a potentially insecure configuration, i.e. SMT enabled or L1D flush disabled.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMwhj ubeh}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]uh1j hj ubj )}(hhh](j)}(hhh]h)}(h full,forceh]h full,force}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM}hj ubah}(h]h ]h"]h$]h&]uh1jhj ubj)}(hhh]h)}(hSame as 'full', but disables SMT and L1D flush runtime control. Implies the 'nosmt=force' command line option. (i.e. sysfs control of SMT is disabled.)h]hSame as ‘full’, but disables SMT and L1D flush runtime control. Implies the ‘nosmt=force’ command line option. (i.e. sysfs control of SMT is disabled.)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM}hjubah}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]uh1j hj ubj )}(hhh](j)}(hhh]h)}(hflushh]hflush}(hj(hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj%ubah}(h]h ]h"]h$]h&]uh1jhj"ubj)}(hhh](h)}(h_Leaves SMT enabled and enables the default hypervisor mitigation, i.e. conditional L1D flushingh]h_Leaves SMT enabled and enables the default hypervisor mitigation, i.e. conditional L1D flushing}(hj?hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj<ubh)}(hSMT control and L1D flush control via the sysfs interface is still possible after boot. Hypervisors will issue a warning when the first VM is started in a potentially insecure configuration, i.e. SMT enabled or L1D flush disabled.h]hSMT control and L1D flush control via the sysfs interface is still possible after boot. Hypervisors will issue a warning when the first VM is started in a potentially insecure configuration, i.e. SMT enabled or L1D flush disabled.}(hjMhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj<ubeh}(h]h ]h"]h$]h&]uh1jhj"ubeh}(h]h ]h"]h$]h&]uh1j hj ubj )}(hhh](j)}(hhh]h)}(h flush,nosmth]h flush,nosmt}(hjmhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjjubah}(h]h ]h"]h$]h&]uh1jhjgubj)}(hhh](h)}(hZDisables SMT and enables the default hypervisor mitigation, i.e. conditional L1D flushing.h]hZDisables SMT and enables the default hypervisor mitigation, i.e. conditional L1D flushing.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubh)}(hSMT control and L1D flush control via the sysfs interface is still possible after boot. Hypervisors will issue a warning when the first VM is started in a potentially insecure configuration, i.e. SMT enabled or L1D flush disabled.h]hSMT control and L1D flush control via the sysfs interface is still possible after boot. Hypervisors will issue a warning when the first VM is started in a potentially insecure configuration, i.e. SMT enabled or L1D flush disabled.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubeh}(h]h ]h"]h$]h&]uh1jhjgubeh}(h]h ]h"]h$]h&]uh1j hj ubj )}(hhh](j)}(hhh]h)}(h flush,nowarnh]h flush,nowarn}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hhh]h)}(hlSame as 'flush', but hypervisors will not warn when a VM is started in a potentially insecure configuration.h]hpSame as ‘flush’, but hypervisors will not warn when a VM is started in a potentially insecure configuration.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1j hj ubj )}(hhh](j)}(hhh]h)}(hoffh]hoff}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hhh]h)}(hDisables hypervisor mitigations and doesn't emit any warnings. It also drops the swap size and available RAM limit restrictions on both hypervisor and bare metal.h]hDisables hypervisor mitigations and doesn’t emit any warnings. It also drops the swap size and available RAM limit restrictions on both hypervisor and bare metal.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1j hj ubeh}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]colsKuh1jhj ubah}(h]h ]h"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]uh1hhhhMrhjf hhubh)}(hLThe default is 'flush'. For details about L1D flushing see :ref:`l1d_flush`.h](h?The default is ‘flush’. For details about L1D flushing see }(hj3hhhNhNubh)}(h:ref:`l1d_flush`h]j)}(hj=h]h l1d_flush}(hj?hhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhj;ubah}(h]h ]h"]h$]h&]refdocj refdomainjIreftyperef refexplicitrefwarnj l1d_flushuh1hhhhMhj3ubh.}(hj3hhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhMhjf hhubj@)}(h.. _mitigation_control_kvm:h]h}(h]h ]h"]h$]h&]jKmitigation-control-kvmuh1j?hMhjf hhhhubeh}(h](-mitigation-control-on-the-kernel-command-linejU eh ]h"](-mitigation control on the kernel command linemitigation_control_command_lineeh$]h&]uh1hhhhhhhhMmj}jvjK sj}jU jK subh)}(hhh](h)}(h-Mitigation control for KVM - module parameterh]h-Mitigation control for KVM - module parameter}(hj~hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj{hhhhhMubh)}(hThe KVM hypervisor mitigation mechanism, flushing the L1D cache when entering a guest, can be controlled with a module parameter.h]hThe KVM hypervisor mitigation mechanism, flushing the L1D cache when entering a guest, can be controlled with a module parameter.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj{hhubh)}(hYThe option/parameter is "kvm-intel.vmentry_l1d_flush=". It takes the following arguments:h]h]The option/parameter is “kvm-intel.vmentry_l1d_flush=”. It takes the following arguments:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj{hhubh)}(hX============ ============================================================== always L1D cache flush on every VMENTER. cond Flush L1D on VMENTER only when the code between VMEXIT and VMENTER can leak host memory which is considered interesting for an attacker. This still can leak host memory which allows e.g. to determine the hosts address space layout. never Disables the mitigation ============ ============================================================== h]j)}(hhh]j)}(hhh](j)}(hhh]h}(h]h ]h"]h$]h&]colwidthK uh1jhjubj)}(hhh]h}(h]h ]h"]h$]h&]colwidthK>uh1jhjubj)}(hhh](j )}(hhh](j)}(hhh]h)}(halwaysh]halways}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hhh]h)}(h!L1D cache flush on every VMENTER.h]h!L1D cache flush on every VMENTER.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1j hjubj )}(hhh](j)}(hhh]h)}(hcondh]hcond}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubah}(h]h ]h"]h$]h&]uh1jhjubj)}(hhh]h)}(hFlush L1D on VMENTER only when the code between VMEXIT and VMENTER can leak host memory which is considered interesting for an attacker. This still can leak host memory which allows e.g. to determine the hosts address space layout.h]hFlush L1D on VMENTER only when the code between VMEXIT and VMENTER can leak host memory which is considered interesting for an attacker. This still can leak host memory which allows e.g. to determine the hosts address space layout.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1j hjubj )}(hhh](j)}(hhh]h)}(hneverh]hnever}(hj=hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj:ubah}(h]h ]h"]h$]h&]uh1jhj7ubj)}(hhh]h)}(hDisables the mitigationh]hDisables the mitigation}(hjThhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjQubah}(h]h ]h"]h$]h&]uh1jhj7ubeh}(h]h ]h"]h$]h&]uh1j hjubeh}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]colsKuh1jhjubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1hhhhMhj{hhubh)}(hThe parameter can be provided on the kernel command line, as a module parameter when loading the modules and at runtime modified via the sysfs file:h]hThe parameter can be provided on the kernel command line, as a module parameter when loading the modules and at runtime modified via the sysfs file:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj{hhubh)}(h2/sys/module/kvm_intel/parameters/vmentry_l1d_flushh]h2/sys/module/kvm_intel/parameters/vmentry_l1d_flush}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj{hhubh)}(hThe default is 'cond'. If 'l1tf=full,force' is given on the kernel command line, then 'always' is enforced and the kvm-intel.vmentry_l1d_flush module parameter is ignored and writes to the sysfs file are rejected.h]hThe default is ‘cond’. If ‘l1tf=full,force’ is given on the kernel command line, then ‘always’ is enforced and the kvm-intel.vmentry_l1d_flush module parameter is ignored and writes to the sysfs file are rejected.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj{hhubj@)}(h.. _mitigation_selection:h]h}(h]h ]h"]h$]h&]jKmitigation-selectionuh1j?hMhj{hhhhubeh}(h](+mitigation-control-for-kvm-module-parameterjoeh ]h"](-mitigation control for kvm - module parametermitigation_control_kvmeh$]h&]uh1hhhhhhhhMj}jjesj}jojesubh)}(hhh](h)}(hMitigation selection guideh]hMitigation selection guide}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhMubh)}(hhh](h)}(h1. No virtualization in useh]h1. No virtualization in use}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhMubh)}(hYThe system is protected by the kernel unconditionally and no further action is required. h]h)}(hXThe system is protected by the kernel unconditionally and no further action is required.h]hXThe system is protected by the kernel unconditionally and no further action is required.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubah}(h]h ]h"]h$]h&]uh1hhhhMhjhhubeh}(h]no-virtualization-in-useah ]h"]1. no virtualization in useah$]h&]uh1hhjhhhhhMubh)}(hhh](h)}(h%2. Virtualization with trusted guestsh]h%2. Virtualization with trusted guests}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hhhhhMubh)}(hXIf the guest comes from a trusted source and the guest OS kernel is guaranteed to have the L1TF mitigations in place the system is fully protected against L1TF and no further action is required. To avoid the overhead of the default L1D flushing on VMENTER the administrator can disable the flushing via the kernel command line and sysfs control files. See :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`. h](h)}(hIf the guest comes from a trusted source and the guest OS kernel is guaranteed to have the L1TF mitigations in place the system is fully protected against L1TF and no further action is required.h]hIf the guest comes from a trusted source and the guest OS kernel is guaranteed to have the L1TF mitigations in place the system is fully protected against L1TF and no further action is required.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubh)}(hTo avoid the overhead of the default L1D flushing on VMENTER the administrator can disable the flushing via the kernel command line and sysfs control files. See :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`.h](hTo avoid the overhead of the default L1D flushing on VMENTER the administrator can disable the flushing via the kernel command line and sysfs control files. See }(hj,hhhNhNubh)}(h&:ref:`mitigation_control_command_line`h]j)}(hj6h]hmitigation_control_command_line}(hj8hhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhj4ubah}(h]h ]h"]h$]h&]refdocj refdomainjBreftyperef refexplicitrefwarnjmitigation_control_command_lineuh1hhhhMhj,ubh and }(hj,hhhNhNubh)}(h:ref:`mitigation_control_kvm`h]j)}(hjZh]hmitigation_control_kvm}(hj\hhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhjXubah}(h]h ]h"]h$]h&]refdocj refdomainjfreftyperef refexplicitrefwarnjmitigation_control_kvmuh1hhhhMhj,ubh.}(hj,hhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhMhjubeh}(h]h ]h"]h$]h&]uh1hhhhMhj hhubeh}(h]"virtualization-with-trusted-guestsah ]h"]%2. virtualization with trusted guestsah$]h&]uh1hhjhhhhhMubh)}(hhh](h)}(h'3. Virtualization with untrusted guestsh]h'3. Virtualization with untrusted guests}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhMubh)}(hhh](h)}(h"3.1. SMT not supported or disabledh]h"3.1. SMT not supported or disabled}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhMubh)}(hXIf SMT is not supported by the processor or disabled in the BIOS or by the kernel, it's only required to enforce L1D flushing on VMENTER. Conditional L1D flushing is the default behaviour and can be tuned. See :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`. h](h)}(hIf SMT is not supported by the processor or disabled in the BIOS or by the kernel, it's only required to enforce L1D flushing on VMENTER.h]hIf SMT is not supported by the processor or disabled in the BIOS or by the kernel, it’s only required to enforce L1D flushing on VMENTER.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubh)}(hConditional L1D flushing is the default behaviour and can be tuned. See :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`.h](hHConditional L1D flushing is the default behaviour and can be tuned. See }(hjhhhNhNubh)}(h&:ref:`mitigation_control_command_line`h]j)}(hjh]hmitigation_control_command_line}(hjhhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]refdocj refdomainjreftyperef refexplicitrefwarnjmitigation_control_command_lineuh1hhhhMhjubh and }(hjhhhNhNubh)}(h:ref:`mitigation_control_kvm`h]j)}(hjh]hmitigation_control_kvm}(hjhhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]refdocj refdomainjreftyperef refexplicitrefwarnjmitigation_control_kvmuh1hhhhMhjubh.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhMhjubeh}(h]h ]h"]h$]h&]uh1hhhhMhjhhubeh}(h]smt-not-supported-or-disabledah ]h"]"3.1. smt not supported or disabledah$]h&]uh1hhjhhhhhMubh)}(hhh](h)}(h"3.2. EPT not supported or disabledh]h"3.2. EPT not supported or disabled}(hj+hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj(hhhhhMubh)}(hIf EPT is not supported by the processor or disabled in the hypervisor, the system is fully protected. SMT can stay enabled and L1D flushing on VMENTER is not required. EPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter. h](h)}(hIf EPT is not supported by the processor or disabled in the hypervisor, the system is fully protected. SMT can stay enabled and L1D flushing on VMENTER is not required.h]hIf EPT is not supported by the processor or disabled in the hypervisor, the system is fully protected. SMT can stay enabled and L1D flushing on VMENTER is not required.}(hj=hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj9ubh)}(hHEPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter.h]hLEPT can be disabled in the hypervisor via the ‘kvm-intel.ept’ parameter.}(hjKhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj9ubeh}(h]h ]h"]h$]h&]uh1hhhhMhj(hhubeh}(h]ept-not-supported-or-disabledah ]h"]"3.2. ept not supported or disabledah$]h&]uh1hhjhhhhhMubh)}(hhh](h)}(h%3.3. SMT and EPT supported and activeh]h%3.3. SMT and EPT supported and active}(hjjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjghhhhhMubh)}(hXIf SMT and EPT are supported and active then various degrees of mitigations can be employed: - L1D flushing on VMENTER: L1D flushing on VMENTER is the minimal protection requirement, but it is only potent in combination with other mitigation methods. Conditional L1D flushing is the default behaviour and can be tuned. See :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`. - Guest confinement: Confinement of guests to a single or a group of physical cores which are not running any other processes, can reduce the attack surface significantly, but interrupts, soft interrupts and kernel threads can still expose valuable data to a potential attacker. See :ref:`guest_confinement`. - Interrupt isolation: Isolating the guest CPUs from interrupts can reduce the attack surface further, but still allows a malicious guest to explore a limited amount of host physical memory. This can at least be used to gain knowledge about the host address space layout. The interrupts which have a fixed affinity to the CPUs which run the untrusted guests can depending on the scenario still trigger soft interrupts and schedule kernel threads which might expose valuable information. See :ref:`interrupt_isolation`. h](h)}(h\If SMT and EPT are supported and active then various degrees of mitigations can be employed:h]h\If SMT and EPT are supported and active then various degrees of mitigations can be employed:}(hj|hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjxubh)}(hhh](h)}(hX0L1D flushing on VMENTER: L1D flushing on VMENTER is the minimal protection requirement, but it is only potent in combination with other mitigation methods. Conditional L1D flushing is the default behaviour and can be tuned. See :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`. h](h)}(hL1D flushing on VMENTER:h]hL1D flushing on VMENTER:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubh)}(hL1D flushing on VMENTER is the minimal protection requirement, but it is only potent in combination with other mitigation methods.h]hL1D flushing on VMENTER is the minimal protection requirement, but it is only potent in combination with other mitigation methods.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubh)}(hConditional L1D flushing is the default behaviour and can be tuned. See :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`.h](hHConditional L1D flushing is the default behaviour and can be tuned. See }(hjhhhNhNubh)}(h&:ref:`mitigation_control_command_line`h]j)}(hjh]hmitigation_control_command_line}(hjhhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]refdocj refdomainjreftyperef refexplicitrefwarnjmitigation_control_command_lineuh1hhhhMhjubh and }(hjhhhNhNubh)}(h:ref:`mitigation_control_kvm`h]j)}(hjh]hmitigation_control_kvm}(hjhhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]refdocj refdomainjreftyperef refexplicitrefwarnjmitigation_control_kvmuh1hhhhMhjubh.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhMhjubeh}(h]h ]h"]h$]h&]uh1hhjubh)}(hX4Guest confinement: Confinement of guests to a single or a group of physical cores which are not running any other processes, can reduce the attack surface significantly, but interrupts, soft interrupts and kernel threads can still expose valuable data to a potential attacker. See :ref:`guest_confinement`. h](h)}(hGuest confinement:h]hGuest confinement:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj ubh)}(hXConfinement of guests to a single or a group of physical cores which are not running any other processes, can reduce the attack surface significantly, but interrupts, soft interrupts and kernel threads can still expose valuable data to a potential attacker. See :ref:`guest_confinement`.h](hXConfinement of guests to a single or a group of physical cores which are not running any other processes, can reduce the attack surface significantly, but interrupts, soft interrupts and kernel threads can still expose valuable data to a potential attacker. See }(hjhhhNhNubh)}(h:ref:`guest_confinement`h]j)}(hj%h]hguest_confinement}(hj'hhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhj#ubah}(h]h ]h"]h$]h&]refdocj refdomainj1reftyperef refexplicitrefwarnjguest_confinementuh1hhhhMhjubh.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhMhj ubeh}(h]h ]h"]h$]h&]uh1hhjubh)}(hXInterrupt isolation: Isolating the guest CPUs from interrupts can reduce the attack surface further, but still allows a malicious guest to explore a limited amount of host physical memory. This can at least be used to gain knowledge about the host address space layout. The interrupts which have a fixed affinity to the CPUs which run the untrusted guests can depending on the scenario still trigger soft interrupts and schedule kernel threads which might expose valuable information. See :ref:`interrupt_isolation`. h](h)}(hInterrupt isolation:h]hInterrupt isolation:}(hjWhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjSubh)}(hXIsolating the guest CPUs from interrupts can reduce the attack surface further, but still allows a malicious guest to explore a limited amount of host physical memory. This can at least be used to gain knowledge about the host address space layout. The interrupts which have a fixed affinity to the CPUs which run the untrusted guests can depending on the scenario still trigger soft interrupts and schedule kernel threads which might expose valuable information. See :ref:`interrupt_isolation`.h](hXIsolating the guest CPUs from interrupts can reduce the attack surface further, but still allows a malicious guest to explore a limited amount of host physical memory. This can at least be used to gain knowledge about the host address space layout. The interrupts which have a fixed affinity to the CPUs which run the untrusted guests can depending on the scenario still trigger soft interrupts and schedule kernel threads which might expose valuable information. See }(hjehhhNhNubh)}(h:ref:`interrupt_isolation`h]j)}(hjoh]hinterrupt_isolation}(hjqhhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhjmubah}(h]h ]h"]h$]h&]refdocj refdomainj{reftyperef refexplicitrefwarnjinterrupt_isolationuh1hhhhMhjeubh.}(hjehhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhMhjSubeh}(h]h ]h"]h$]h&]uh1hhjubeh}(h]h ]h"]h$]h&]jqjruh1hhhhMhjxubeh}(h]h ]h"]h$]h&]uh1hhhhMhjghhubh)}(hThe above three mitigation methods combined can provide protection to a certain degree, but the risk of the remaining attack surface has to be carefully analyzed. For full protection the following methods are available:h]hThe above three mitigation methods combined can provide protection to a certain degree, but the risk of the remaining attack surface has to be carefully analyzed. For full protection the following methods are available:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjghhubh)}(hX- Disabling SMT: Disabling SMT and enforcing the L1D flushing provides the maximum amount of protection. This mitigation is not depending on any of the above mitigation methods. SMT control and L1D flushing can be tuned by the command line parameters 'nosmt', 'l1tf', 'kvm-intel.vmentry_l1d_flush' and at run time with the matching sysfs control files. See :ref:`smt_control`, :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`. - Disabling EPT: Disabling EPT provides the maximum amount of protection as well. It is not depending on any of the above mitigation methods. SMT can stay enabled and L1D flushing is not required, but the performance impact is significant. EPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter. h]h)}(hhh](h)}(hXDisabling SMT: Disabling SMT and enforcing the L1D flushing provides the maximum amount of protection. This mitigation is not depending on any of the above mitigation methods. SMT control and L1D flushing can be tuned by the command line parameters 'nosmt', 'l1tf', 'kvm-intel.vmentry_l1d_flush' and at run time with the matching sysfs control files. See :ref:`smt_control`, :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`. h](h)}(hDisabling SMT:h]hDisabling SMT:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubh)}(hDisabling SMT and enforcing the L1D flushing provides the maximum amount of protection. This mitigation is not depending on any of the above mitigation methods.h]hDisabling SMT and enforcing the L1D flushing provides the maximum amount of protection. This mitigation is not depending on any of the above mitigation methods.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubh)}(hXSMT control and L1D flushing can be tuned by the command line parameters 'nosmt', 'l1tf', 'kvm-intel.vmentry_l1d_flush' and at run time with the matching sysfs control files. See :ref:`smt_control`, :ref:`mitigation_control_command_line` and :ref:`mitigation_control_kvm`.h](hSMT control and L1D flushing can be tuned by the command line parameters ‘nosmt’, ‘l1tf’, ‘kvm-intel.vmentry_l1d_flush’ and at run time with the matching sysfs control files. See }(hjhhhNhNubh)}(h:ref:`smt_control`h]j)}(hjh]h smt_control}(hjhhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]refdocj refdomainjreftyperef refexplicitrefwarnj smt_controluh1hhhhMhjubh, }(hjhhhNhNubh)}(h&:ref:`mitigation_control_command_line`h]j)}(hj h]hmitigation_control_command_line}(hjhhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhj ubah}(h]h ]h"]h$]h&]refdocj refdomainjreftyperef refexplicitrefwarnjmitigation_control_command_lineuh1hhhhMhjubh and }(hjhhhNhNubh)}(h:ref:`mitigation_control_kvm`h]j)}(hj0h]hmitigation_control_kvm}(hj2hhhNhNubah}(h]h ](jstdstd-refeh"]h$]h&]uh1jhj.ubah}(h]h ]h"]h$]h&]refdocj refdomainj<reftyperef refexplicitrefwarnjmitigation_control_kvmuh1hhhhMhjubh.}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhMhjubeh}(h]h ]h"]h$]h&]uh1hhjubh)}(hX9Disabling EPT: Disabling EPT provides the maximum amount of protection as well. It is not depending on any of the above mitigation methods. SMT can stay enabled and L1D flushing is not required, but the performance impact is significant. EPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter. h](h)}(hDisabling EPT:h]hDisabling EPT:}(hjbhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj^ubh)}(hDisabling EPT provides the maximum amount of protection as well. It is not depending on any of the above mitigation methods. SMT can stay enabled and L1D flushing is not required, but the performance impact is significant.h]hDisabling EPT provides the maximum amount of protection as well. It is not depending on any of the above mitigation methods. SMT can stay enabled and L1D flushing is not required, but the performance impact is significant.}(hjphhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM!hj^ubh)}(hHEPT can be disabled in the hypervisor via the 'kvm-intel.ept' parameter.h]hLEPT can be disabled in the hypervisor via the ‘kvm-intel.ept’ parameter.}(hj~hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM&hj^ubeh}(h]h ]h"]h$]h&]uh1hhjubeh}(h]h ]h"]h$]h&]jqjruh1hhhhMhjubah}(h]h ]h"]h$]h&]uh1hhhhMhjghhubeh}(h] smt-and-ept-supported-and-activeah ]h"]%3.3. smt and ept supported and activeah$]h&]uh1hhjhhhhhMubh)}(hhh](h)}(h3.4. Nested virtual machinesh]h3.4. Nested virtual machines}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhM*ubh)}(hXEWhen nested virtualization is in use, three operating systems are involved: the bare metal hypervisor, the nested hypervisor and the nested virtual machine. VMENTER operations from the nested hypervisor into the nested guest will always be processed by the bare metal hypervisor. If KVM is the bare metal hypervisor it will:h]hXEWhen nested virtualization is in use, three operating systems are involved: the bare metal hypervisor, the nested hypervisor and the nested virtual machine. VMENTER operations from the nested hypervisor into the nested guest will always be processed by the bare metal hypervisor. If KVM is the bare metal hypervisor it will:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM,hjhhubh)}(hX4- Flush the L1D cache on every switch from the nested hypervisor to the nested virtual machine, so that the nested hypervisor's secrets are not exposed to the nested virtual machine; - Flush the L1D cache on every switch from the nested virtual machine to the nested hypervisor; this is a complex operation, and flushing the L1D cache avoids that the bare metal hypervisor's secrets are exposed to the nested virtual machine; - Instruct the nested hypervisor to not perform any L1D cache flush. This is an optimization to avoid double L1D flushing. h]h)}(hhh](h)}(hFlush the L1D cache on every switch from the nested hypervisor to the nested virtual machine, so that the nested hypervisor's secrets are not exposed to the nested virtual machine; h]h)}(hFlush the L1D cache on every switch from the nested hypervisor to the nested virtual machine, so that the nested hypervisor's secrets are not exposed to the nested virtual machine;h]hFlush the L1D cache on every switch from the nested hypervisor to the nested virtual machine, so that the nested hypervisor’s secrets are not exposed to the nested virtual machine;}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM2hjubah}(h]h ]h"]h$]h&]uh1hhjubh)}(hFlush the L1D cache on every switch from the nested virtual machine to the nested hypervisor; this is a complex operation, and flushing the L1D cache avoids that the bare metal hypervisor's secrets are exposed to the nested virtual machine; h]h)}(hFlush the L1D cache on every switch from the nested virtual machine to the nested hypervisor; this is a complex operation, and flushing the L1D cache avoids that the bare metal hypervisor's secrets are exposed to the nested virtual machine;h]hFlush the L1D cache on every switch from the nested virtual machine to the nested hypervisor; this is a complex operation, and flushing the L1D cache avoids that the bare metal hypervisor’s secrets are exposed to the nested virtual machine;}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM6hjubah}(h]h ]h"]h$]h&]uh1hhjubh)}(hzInstruct the nested hypervisor to not perform any L1D cache flush. This is an optimization to avoid double L1D flushing. h]h)}(hxInstruct the nested hypervisor to not perform any L1D cache flush. This is an optimization to avoid double L1D flushing.h]hxInstruct the nested hypervisor to not perform any L1D cache flush. This is an optimization to avoid double L1D flushing.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM;hjubah}(h]h ]h"]h$]h&]uh1hhjubeh}(h]h ]h"]h$]h&]jqjruh1hhhhM2hjubah}(h]h ]h"]h$]h&]uh1hhhhM2hjhhubj@)}(h.. _default_mitigations:h]h}(h]h ]h"]h$]h&]jKdefault-mitigationsuh1j?hM?hjhhhhubeh}(h]nested-virtual-machinesah ]h"]3.4. nested virtual machinesah$]h&]uh1hhjhhhhhM*ubeh}(h]$virtualization-with-untrusted-guestsah ]h"]'3. virtualization with untrusted guestsah$]h&]uh1hhjhhhhhMubeh}(h](mitigation-selection-guidejeh ]h"](mitigation selection guidemitigation_selectioneh$]h&]uh1hhhhhhhhMj}jAjsj}jjsubh)}(hhh](h)}(hDefault mitigationsh]hDefault mitigations}(hjIhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjFhhhhhMBubh)}(hXThe kernel default mitigations for vulnerable processors are: - PTE inversion to protect against malicious user space. This is done unconditionally and cannot be controlled. The swap storage is limited to ~16TB. - L1D conditional flushing on VMENTER when EPT is enabled for a guest. The kernel does not by default enforce the disabling of SMT, which leaves SMT systems vulnerable when running untrusted guests with EPT enabled. The rationale for this choice is: - Force disabling SMT can break existing setups, especially with unattended updates. - If regular users run untrusted guests on their machine, then L1TF is just an add on to other malware which might be embedded in an untrusted guest, e.g. spam-bots or attacks on the local network. There is no technical way to prevent a user from running untrusted code on their machines blindly. - It's technically extremely unlikely and from today's knowledge even impossible that L1TF can be exploited via the most popular attack mechanisms like JavaScript because these mechanisms have no way to control PTEs. If this would be possible and not other mitigation would be possible, then the default might be different. - The administrators of cloud and hosting setups have to carefully analyze the risk for their scenarios and make the appropriate mitigation choices, which might even vary across their deployed machines and also result in other changes of their overall setup. There is no way for the kernel to provide a sensible default for this kind of scenarios.h](h)}(h=The kernel default mitigations for vulnerable processors are:h]h=The kernel default mitigations for vulnerable processors are:}(hj[hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMDhjWubh)}(hhh](h)}(hPTE inversion to protect against malicious user space. This is done unconditionally and cannot be controlled. The swap storage is limited to ~16TB. h]h)}(hPTE inversion to protect against malicious user space. This is done unconditionally and cannot be controlled. The swap storage is limited to ~16TB.h]hPTE inversion to protect against malicious user space. This is done unconditionally and cannot be controlled. The swap storage is limited to ~16TB.}(hjphhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMFhjlubah}(h]h ]h"]h$]h&]uh1hhjiubh)}(hEL1D conditional flushing on VMENTER when EPT is enabled for a guest. h]h)}(hDL1D conditional flushing on VMENTER when EPT is enabled for a guest.h]hDL1D conditional flushing on VMENTER when EPT is enabled for a guest.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMJhjubah}(h]h ]h"]h$]h&]uh1hhjiubeh}(h]h ]h"]h$]h&]jqjruh1hhhhMFhjWubh)}(hThe kernel does not by default enforce the disabling of SMT, which leaves SMT systems vulnerable when running untrusted guests with EPT enabled.h]hThe kernel does not by default enforce the disabling of SMT, which leaves SMT systems vulnerable when running untrusted guests with EPT enabled.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMMhjWubh)}(h!The rationale for this choice is:h]h!The rationale for this choice is:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMPhjWubh)}(hhh](h)}(hSForce disabling SMT can break existing setups, especially with unattended updates. h]h)}(hRForce disabling SMT can break existing setups, especially with unattended updates.h]hRForce disabling SMT can break existing setups, especially with unattended updates.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMRhjubah}(h]h ]h"]h$]h&]uh1hhjubh)}(hX(If regular users run untrusted guests on their machine, then L1TF is just an add on to other malware which might be embedded in an untrusted guest, e.g. spam-bots or attacks on the local network. There is no technical way to prevent a user from running untrusted code on their machines blindly. h](h)}(hIf regular users run untrusted guests on their machine, then L1TF is just an add on to other malware which might be embedded in an untrusted guest, e.g. spam-bots or attacks on the local network.h]hIf regular users run untrusted guests on their machine, then L1TF is just an add on to other malware which might be embedded in an untrusted guest, e.g. spam-bots or attacks on the local network.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMUhjubh)}(hbThere is no technical way to prevent a user from running untrusted code on their machines blindly.h]hbThere is no technical way to prevent a user from running untrusted code on their machines blindly.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMYhjubeh}(h]h ]h"]h$]h&]uh1hhjubh)}(hXBIt's technically extremely unlikely and from today's knowledge even impossible that L1TF can be exploited via the most popular attack mechanisms like JavaScript because these mechanisms have no way to control PTEs. If this would be possible and not other mitigation would be possible, then the default might be different. h]h)}(hXAIt's technically extremely unlikely and from today's knowledge even impossible that L1TF can be exploited via the most popular attack mechanisms like JavaScript because these mechanisms have no way to control PTEs. If this would be possible and not other mitigation would be possible, then the default might be different.h]hXEIt’s technically extremely unlikely and from today’s knowledge even impossible that L1TF can be exploited via the most popular attack mechanisms like JavaScript because these mechanisms have no way to control PTEs. If this would be possible and not other mitigation would be possible, then the default might be different.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM\hjubah}(h]h ]h"]h$]h&]uh1hhjubh)}(hXYThe administrators of cloud and hosting setups have to carefully analyze the risk for their scenarios and make the appropriate mitigation choices, which might even vary across their deployed machines and also result in other changes of their overall setup. There is no way for the kernel to provide a sensible default for this kind of scenarios.h]h)}(hXYThe administrators of cloud and hosting setups have to carefully analyze the risk for their scenarios and make the appropriate mitigation choices, which might even vary across their deployed machines and also result in other changes of their overall setup. There is no way for the kernel to provide a sensible default for this kind of scenarios.h]hXYThe administrators of cloud and hosting setups have to carefully analyze the risk for their scenarios and make the appropriate mitigation choices, which might even vary across their deployed machines and also result in other changes of their overall setup. There is no way for the kernel to provide a sensible default for this kind of scenarios.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMbhjubah}(h]h ]h"]h$]h&]uh1hhjubeh}(h]h ]h"]h$]h&]jqjruh1hhhhMRhjWubeh}(h]h ]h"]h$]h&]uh1hhhhMDhjFhhubeh}(h](j*id2eh ]h"](default mitigationsdefault_mitigationseh$]h&]uh1hhhhhhhhMBj}jAj sj}j*j subeh}(h]l1tf-l1-terminal-faultah ]h"]l1tf - l1 terminal faultah$]h&]uh1hhhhhhhhKubeh}(h]h ]h"]h$]h&]sourcehuh1hcurrent_sourceN current_lineNsettingsdocutils.frontendValues)}(hN generatorN datestampN source_linkN source_urlN toc_backlinksjfootnote_backlinksK sectnum_xformKstrip_commentsNstrip_elements_with_classesN strip_classesN report_levelK halt_levelKexit_status_levelKdebugNwarning_streamN tracebackinput_encoding utf-8-siginput_encoding_error_handlerstrictoutput_encodingutf-8output_encoding_error_handlerjperror_encodingutf-8error_encoding_error_handlerbackslashreplace language_codeenrecord_dependenciesNconfigN id_prefixhauto_id_prefixid dump_settingsNdump_internalsNdump_transformsNdump_pseudo_xmlNexpose_internalsNstrict_visitorN_disable_configN_sourceh _destinationN _config_files]7/var/lib/git/docbuild/linux/Documentation/docutils.confafile_insertion_enabled raw_enabledKline_length_limitM'pep_referencesN pep_base_urlhttps://peps.python.org/pep_file_url_templatepep-%04drfc_referencesN rfc_base_url&https://datatracker.ietf.org/doc/html/ tab_widthKtrim_footnote_reference_spacesyntax_highlightlong smart_quotessmartquotes_locales]character_level_inline_markupdoctitle_xform docinfo_xformKsectsubtitle_xform image_loadinglinkembed_stylesheetcloak_email_addressessection_self_linkenvNubreporterNindirect_targets]substitution_defs}substitution_names}refnames}refids}(jL]jAaja]jWaj]jajJ ]j@ aj ]j ajU ]jK ajo]jeaj]jaj*]j aunameids}(jKjHjjjjjYjVjZjWjjjRjOjjLjjjCj@jc j` jjajjjQ jjP jM j jJ j j j j j j j[ jX jvjU jujrjjojjjAjj@j=jjjjj8j5j%j"jdjajjj0j-jAj*j@j=u nametypes}(jKjjjYjZjjRjjjCjc jjjQ jP j j j j j[ jvjujjjAj@jjj8j%jdjj0jAj@uh}(jHhjhjjjVjjWj\jjmjOjjLj]jj]j@jj` jFjajbjjbjjjM jjJ jV j jV j j j j jX j jU jf jrjf joj{jj{jjj=jjjjj j5jj"jjaj(jjgj-jj*jFj=jFu footnote_refs} citation_refs} autofootnotes]autofootnote_refs]symbol_footnotes]symbol_footnote_refs] footnotes] citations]autofootnote_startKsymbol_footnote_startK id_counter collectionsCounter}j~KsRparse_messages]transform_messages](hsystem_message)}(hhh]h)}(hhh]h3Hyperlink target "l1tf-sys-info" is not referenced.}hjsbah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]levelKtypeINFOsourcehlineKuuh1jubj)}(hhh]h)}(hhh]h/Hyperlink target "l1d-flush" is not referenced.}hjsbah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]levelKtypejsourcehlineKuh1jubj)}(hhh]h)}(hhh]h7Hyperlink target "guest-confinement" is not referenced.}hjsbah}(h]h ]h"]h$]h&]uh1hhjubah}(h]h ]h"]h$]h&]levelKtypejsourcehlineKuh1jubj)}(hhh]h)}(hhh]h9Hyperlink target "interrupt-isolation" is not referenced.}hj1sbah}(h]h ]h"]h$]h&]uh1hhj.ubah}(h]h ]h"]h$]h&]levelKtypejsourcehlineKuh1jubj)}(hhh]h)}(hhh]h1Hyperlink target "smt-control" is not referenced.}hjKsbah}(h]h ]h"]h$]h&]uh1hhjHubah}(h]h ]h"]h$]h&]levelKtypejsourcehlineMuh1jubj)}(hhh]h)}(hhh]hEHyperlink target "mitigation-control-command-line" is not referenced.}hjesbah}(h]h ]h"]h$]h&]uh1hhjbubah}(h]h ]h"]h$]h&]levelKtypejsourcehlineMjuh1jubj)}(hhh]h)}(hhh]h