€•qtŒsphinx.addnodes”Œdocument”“”)”}”(Œ rawsource”Œ”Œchildren”]”(Œ translations”Œ LanguagesNode”“”)”}”(hhh]”(hŒ pending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ refdomain”Œstd”Œreftype”Œdoc”Œ reftarget”Œ0/translations/zh_CN/admin-guide/hw-vuln/multihit”Œmodname”NŒ classname”NŒ refexplicit”ˆuŒtagname”hhh ubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ0/translations/zh_TW/admin-guide/hw-vuln/multihit”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ0/translations/it_IT/admin-guide/hw-vuln/multihit”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ0/translations/ja_JP/admin-guide/hw-vuln/multihit”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ0/translations/ko_KR/admin-guide/hw-vuln/multihit”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ0/translations/pt_BR/admin-guide/hw-vuln/multihit”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ refdomain”h)Œreftype”h+Œ reftarget”Œ0/translations/sp_SP/admin-guide/hw-vuln/multihit”Œmodname”NŒ classname”NŒ refexplicit”ˆuh1hhh ubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h hhŒ _document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ iTLB multihit”h]”hŒ iTLB multihit”…””}”(hh¼h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhh·h²hh³ŒJ/var/lib/git/docbuild/linux/Documentation/admin-guide/hw-vuln/multihit.rst”h´KubhŒ paragraph”“”)”}”(hX¢iTLB multihit is an erratum where some processors may incur a machine check error, possibly resulting in an unrecoverable CPU lockup, when an instruction fetch hits multiple entries in the instruction TLB. This can occur when the page size is changed along with either the physical address or cache type. A malicious guest running on a virtualized system can exploit this erratum to perform a denial of service attack.”h]”hX¢iTLB multihit is an erratum where some processors may incur a machine check error, possibly resulting in an unrecoverable CPU lockup, when an instruction fetch hits multiple entries in the instruction TLB. This can occur when the page size is changed along with either the physical address or cache type. A malicious guest running on a virtualized system can exploit this erratum to perform a denial of service attack.”…””}”(hhÍh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khh·h²hubh¶)”}”(hhh]”(h»)”}”(hŒAffected processors”h]”hŒAffected processors”…””}”(hhÞh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhhÛh²hh³hÊh´K ubhÌ)”}”(hŒsVariations of this erratum are present on most Intel Core and Xeon processor models. The erratum is not present on:”h]”hŒsVariations of this erratum are present on most Intel Core and Xeon processor models. The erratum is not present on:”…””}”(hhìh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KhhÛh²hubhŒ block_quote”“”)”}”(hŒÅ- non-Intel processors - Some Atoms (Airmont, Bonnell, Goldmont, GoldmontPlus, Saltwell, Silvermont) - Intel processors that have the PSCHANGE_MC_NO bit set in the IA32_ARCH_CAPABILITIES MSR. ”h]”hŒ bullet_list”“”)”}”(hhh]”(hŒ list_item”“”)”}”(hŒnon-Intel processors ”h]”hÌ)”}”(hŒnon-Intel processors”h]”hŒnon-Intel processors”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khjubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubj)”}”(hŒLSome Atoms (Airmont, Bonnell, Goldmont, GoldmontPlus, Saltwell, Silvermont) ”h]”hÌ)”}”(hŒKSome Atoms (Airmont, Bonnell, Goldmont, GoldmontPlus, Saltwell, Silvermont)”h]”hŒKSome Atoms (Airmont, Bonnell, Goldmont, GoldmontPlus, Saltwell, Silvermont)”…””}”(hj#h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khjubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubj)”}”(hŒZIntel processors that have the PSCHANGE_MC_NO bit set in the IA32_ARCH_CAPABILITIES MSR. ”h]”hÌ)”}”(hŒXIntel processors that have the PSCHANGE_MC_NO bit set in the IA32_ARCH_CAPABILITIES MSR.”h]”hŒXIntel processors that have the PSCHANGE_MC_NO bit set in the IA32_ARCH_CAPABILITIES MSR.”…””}”(hj;h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khj7ubah}”(h]”h ]”h"]”h$]”h&]”uh1jhjubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1jh³hÊh´Khhüubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´KhhÛh²hubeh}”(h]”Œaffected-processors”ah ]”h"]”Œaffected processors”ah$]”h&]”uh1hµhh·h²hh³hÊh´K ubh¶)”}”(hhh]”(h»)”}”(hŒ Related CVEs”h]”hŒ Related CVEs”…””}”(hjhh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjeh²hh³hÊh´KubhÌ)”}”(hŒ1The following CVE entry is related to this issue:”h]”hŒ1The following CVE entry is related to this issue:”…””}”(hjvh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khjeh²hubhû)”}”(hŒÇ============== ================================================= CVE-2018-12207 Machine Check Error Avoidance on Page Size Change ============== ================================================= ”h]”hŒtable”“”)”}”(hhh]”hŒtgroup”“”)”}”(hhh]”(hŒcolspec”“”)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1j’hjubj“)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K1uh1j’hjubhŒtbody”“”)”}”(hhh]”hŒrow”“”)”}”(hhh]”(hŒentry”“”)”}”(hhh]”hÌ)”}”(hŒCVE-2018-12207”h]”hŒCVE-2018-12207”…””}”(hj·h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K hj´ubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hj¯ubj³)”}”(hhh]”hÌ)”}”(hŒ1Machine Check Error Avoidance on Page Size Change”h]”hŒ1Machine Check Error Avoidance on Page Size Change”…””}”(hjÎh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K hjËubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hj¯ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j­hjªubah}”(h]”h ]”h"]”h$]”h&]”uh1j¨hjubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1jhjŠubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆhj„ubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´Khjeh²hubeh}”(h]”Œ related-cves”ah ]”h"]”Œ related cves”ah$]”h&]”uh1hµhh·h²hh³hÊh´Kubh¶)”}”(hhh]”(h»)”}”(hŒProblem”h]”hŒProblem”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj h²hh³hÊh´K%ubhÌ)”}”(hX›Privileged software, including OS and virtual machine managers (VMM), are in charge of memory management. A key component in memory management is the control of the page tables. Modern processors use virtual memory, a technique that creates the illusion of a very large memory for processors. This virtual space is split into pages of a given size. Page tables translate virtual addresses to physical addresses.”h]”hX›Privileged software, including OS and virtual machine managers (VMM), are in charge of memory management. A key component in memory management is the control of the page tables. Modern processors use virtual memory, a technique that creates the illusion of a very large memory for processors. This virtual space is split into pages of a given size. Page tables translate virtual addresses to physical addresses.”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K'hj h²hubhÌ)”}”(hŒÙTo reduce latency when performing a virtual to physical address translation, processors include a structure, called TLB, that caches recent translations. There are separate TLBs for instruction (iTLB) and data (dTLB).”h]”hŒÙTo reduce latency when performing a virtual to physical address translation, processors include a structure, called TLB, that caches recent translations. There are separate TLBs for instruction (iTLB) and data (dTLB).”…””}”(hj(h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K.hj h²hubhÌ)”}”(hXUnder this errata, instructions are fetched from a linear address translated using a 4 KB translation cached in the iTLB. Privileged software modifies the paging structure so that the same linear address using large page size (2 MB, 4 MB, 1 GB) with a different physical address or memory type. After the page structure modification but before the software invalidates any iTLB entries for the linear address, a code fetch that happens on the same linear address may cause a machine-check error which can result in a system hang or shutdown.”h]”hXUnder this errata, instructions are fetched from a linear address translated using a 4 KB translation cached in the iTLB. Privileged software modifies the paging structure so that the same linear address using large page size (2 MB, 4 MB, 1 GB) with a different physical address or memory type. After the page structure modification but before the software invalidates any iTLB entries for the linear address, a code fetch that happens on the same linear address may cause a machine-check error which can result in a system hang or shutdown.”…””}”(hj6h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K2hj h²hubeh}”(h]”Œproblem”ah ]”h"]”Œproblem”ah$]”h&]”uh1hµhh·h²hh³hÊh´K%ubh¶)”}”(hhh]”(h»)”}”(hŒAttack scenarios”h]”hŒAttack scenarios”…””}”(hjOh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjLh²hh³hÊh´KhjLh²hubeh}”(h]”Œattack-scenarios”ah ]”h"]”Œattack scenarios”ah$]”h&]”uh1hµhh·h²hh³hÊh´Kh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KShj;ubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hj8ubj³)”}”(hhh]”hÌ)”}”(hŒPKVM is not vulnerable because Virtual Machine Extensions (VMX) is not supported.”h]”hŒPKVM is not vulnerable because Virtual Machine Extensions (VMX) is not supported.”…””}”(hjUh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KThjRubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hj8ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j­hjÇubj®)”}”(hhh]”(j³)”}”(hhh]”hÌ)”}”(hŒKVM: Mitigation: VMX disabled”h]”hŒKVM: Mitigation: VMX disabled”…””}”(hjuh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KUhjrubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjoubj³)”}”(hhh]”hÌ)”}”(hŒKKVM is not vulnerable because Virtual Machine Extensions (VMX) is disabled.”h]”hŒKKVM is not vulnerable because Virtual Machine Extensions (VMX) is disabled.”…””}”(hjŒh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KVhj‰ubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjoubeh}”(h]”h ]”h"]”h$]”h&]”uh1j­hjÇubj®)”}”(hhh]”(j³)”}”(hhh]”hÌ)”}”(hŒKVM: Vulnerable”h]”hŒKVM: Vulnerable”…””}”(hj¬h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KWhj©ubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hj¦ubj³)”}”(hhh]”hÌ)”}”(hŒ6The processor is vulnerable, but no mitigation enabled”h]”hŒ6The processor is vulnerable, but no mitigation enabled”…””}”(hjÃh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KXhjÀubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hj¦ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j­hjÇubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¨hj±ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1jhj®ubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆhjsh²hh³Nh´Nubeh}”(h]”Œ itlb-multihit-system-information”ah ]”h"]”Œ itlb multihit system information”ah$]”h&]”uh1hµhh·h²hh³hÊh´KCubh¶)”}”(hhh]”(h»)”}”(hŒEnumeration of the erratum”h]”hŒEnumeration of the erratum”…””}”(hjûh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjøh²hh³hÊh´K\ubhÌ)”}”(hŒA new bit has been allocated in the IA32_ARCH_CAPABILITIES (PSCHANGE_MC_NO) msr and will be set on CPU's which are mitigated against this issue.”h]”hŒ’A new bit has been allocated in the IA32_ARCH_CAPABILITIES (PSCHANGE_MC_NO) msr and will be set on CPU’s which are mitigated against this issue.”…””}”(hj h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K^hjøh²hubhû)”}”(hX¦======================================= =========== =============================== IA32_ARCH_CAPABILITIES MSR Not present Possibly vulnerable,check model IA32_ARCH_CAPABILITIES[PSCHANGE_MC_NO] '0' Likely vulnerable,check model IA32_ARCH_CAPABILITIES[PSCHANGE_MC_NO] '1' Not vulnerable ======================================= =========== =============================== ”h]”j‰)”}”(hhh]”jŽ)”}”(hhh]”(j“)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K'uh1j’hjubj“)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K uh1j’hjubj“)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1j’hjubj©)”}”(hhh]”(j®)”}”(hhh]”(j³)”}”(hhh]”hÌ)”}”(hŒIA32_ARCH_CAPABILITIES MSR”h]”hŒIA32_ARCH_CAPABILITIES MSR”…””}”(hjHh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KbhjEubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjBubj³)”}”(hhh]”hÌ)”}”(hŒ Not present”h]”hŒ Not present”…””}”(hj_h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kbhj\ubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjBubj³)”}”(hhh]”hÌ)”}”(hŒPossibly vulnerable,check model”h]”hŒPossibly vulnerable,check model”…””}”(hjvh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kbhjsubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjBubeh}”(h]”h ]”h"]”h$]”h&]”uh1j­hj?ubj®)”}”(hhh]”(j³)”}”(hhh]”hÌ)”}”(hŒ&IA32_ARCH_CAPABILITIES[PSCHANGE_MC_NO]”h]”hŒ&IA32_ARCH_CAPABILITIES[PSCHANGE_MC_NO]”…””}”(hj–h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kchj“ubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjubj³)”}”(hhh]”hÌ)”}”(hŒ'0'”h]”hŒ‘0’”…””}”(hj­h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kchjªubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjubj³)”}”(hhh]”hÌ)”}”(hŒLikely vulnerable,check model”h]”hŒLikely vulnerable,check model”…””}”(hjÄh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KchjÁubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjubeh}”(h]”h ]”h"]”h$]”h&]”uh1j­hj?ubj®)”}”(hhh]”(j³)”}”(hhh]”hÌ)”}”(hŒ&IA32_ARCH_CAPABILITIES[PSCHANGE_MC_NO]”h]”hŒ&IA32_ARCH_CAPABILITIES[PSCHANGE_MC_NO]”…””}”(hjäh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kdhjáubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjÞubj³)”}”(hhh]”hÌ)”}”(hŒ'1'”h]”hŒ‘1’”…””}”(hjûh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kdhjøubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjÞubj³)”}”(hhh]”hÌ)”}”(hŒNot vulnerable”h]”hŒNot vulnerable”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kdhjubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjÞubeh}”(h]”h ]”h"]”h$]”h&]”uh1j­hj?ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¨hjubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1jhjubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆhjubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´Kahjøh²hubeh}”(h]”Œenumeration-of-the-erratum”ah ]”h"]”Œenumeration of the erratum”ah$]”h&]”uh1hµhh·h²hh³hÊh´K\ubh¶)”}”(hhh]”(h»)”}”(hŒMitigation mechanism”h]”hŒMitigation mechanism”…””}”(hjPh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjMh²hh³hÊh´KiubhÌ)”}”(hŒ·This erratum can be mitigated by restricting the use of large page sizes to non-executable pages. This forces all iTLB entries to be 4K, and removes the possibility of multiple hits.”h]”hŒ·This erratum can be mitigated by restricting the use of large page sizes to non-executable pages. This forces all iTLB entries to be 4K, and removes the possibility of multiple hits.”…””}”(hj^h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KkhjMh²hubhÌ)”}”(hŒÞIn order to mitigate the vulnerability, KVM initially marks all huge pages as non-executable. If the guest attempts to execute in one of those pages, the page is broken down into 4K pages, which are then marked executable.”h]”hŒÞIn order to mitigate the vulnerability, KVM initially marks all huge pages as non-executable. If the guest attempts to execute in one of those pages, the page is broken down into 4K pages, which are then marked executable.”…””}”(hjlh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KohjMh²hubhÌ)”}”(hX’If EPT is disabled or not available on the host, KVM is in control of TLB flushes and the problematic situation cannot happen. However, the shadow EPT paging mechanism used by nested virtualization is vulnerable, because the nested guest can trigger multiple iTLB hits by modifying its own (non-nested) page tables. For simplicity, KVM will make large pages non-executable in all shadow paging modes.”h]”hX’If EPT is disabled or not available on the host, KVM is in control of TLB flushes and the problematic situation cannot happen. However, the shadow EPT paging mechanism used by nested virtualization is vulnerable, because the nested guest can trigger multiple iTLB hits by modifying its own (non-nested) page tables. For simplicity, KVM will make large pages non-executable in all shadow paging modes.”…””}”(hjzh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KshjMh²hubeh}”(h]”Œmitigation-mechanism”ah ]”h"]”Œmitigation mechanism”ah$]”h&]”uh1hµhh·h²hh³hÊh´Kiubh¶)”}”(hhh]”(h»)”}”(hŒHMitigation control on the kernel command line and KVM - module parameter”h]”hŒHMitigation control on the kernel command line and KVM - module parameter”…””}”(hj“h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjh²hh³hÊh´K{ubhÌ)”}”(hXThe KVM hypervisor mitigation mechanism for marking huge pages as non-executable can be controlled with a module parameter "nx_huge_pages=". The kernel command line allows to control the iTLB multihit mitigations at boot time with the option "kvm.nx_huge_pages=".”h]”hXThe KVM hypervisor mitigation mechanism for marking huge pages as non-executable can be controlled with a module parameter “nx_huge_pages=â€. The kernel command line allows to control the iTLB multihit mitigations at boot time with the option “kvm.nx_huge_pages=â€.”…””}”(hj¡h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K}hjh²hubhÌ)”}”(hŒ*The valid arguments for these options are:”h]”hŒ*The valid arguments for these options are:”…””}”(hj¯h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K‚hjh²hubhû)”}”(hXí========== ================================================================ force Mitigation is enabled. In this case, the mitigation implements non-executable huge pages in Linux kernel KVM module. All huge pages in the EPT are marked as non-executable. If a guest attempts to execute in one of those pages, the page is broken down into 4K pages, which are then marked executable. off Mitigation is disabled. auto Enable mitigation only if the platform is affected and the kernel was not booted with the "mitigations=off" command line parameter. This is the default option. ========== ================================================================ ”h]”j‰)”}”(hhh]”jŽ)”}”(hhh]”(j“)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K uh1j’hjÄubj“)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”KAuh1j’hjÄubj©)”}”(hhh]”(j®)”}”(hhh]”(j³)”}”(hhh]”hÌ)”}”(hŒforce”h]”hŒforce”…””}”(hjäh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K…hjáubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjÞubj³)”}”(hhh]”hÌ)”}”(hX+Mitigation is enabled. In this case, the mitigation implements non-executable huge pages in Linux kernel KVM module. All huge pages in the EPT are marked as non-executable. If a guest attempts to execute in one of those pages, the page is broken down into 4K pages, which are then marked executable.”h]”hX+Mitigation is enabled. In this case, the mitigation implements non-executable huge pages in Linux kernel KVM module. All huge pages in the EPT are marked as non-executable. If a guest attempts to execute in one of those pages, the page is broken down into 4K pages, which are then marked executable.”…””}”(hjûh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K…hjøubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjÞubeh}”(h]”h ]”h"]”h$]”h&]”uh1j­hjÛubj®)”}”(hhh]”(j³)”}”(hhh]”hÌ)”}”(hŒoff”h]”hŒoff”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K‹hjubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjubj³)”}”(hhh]”hÌ)”}”(hŒMitigation is disabled.”h]”hŒMitigation is disabled.”…””}”(hj2h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K‹hj/ubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjubeh}”(h]”h ]”h"]”h$]”h&]”uh1j­hjÛubj®)”}”(hhh]”(j³)”}”(hhh]”hÌ)”}”(hŒauto”h]”hŒauto”…””}”(hjRh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KhjOubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjLubj³)”}”(hhh]”hÌ)”}”(hŒŸEnable mitigation only if the platform is affected and the kernel was not booted with the "mitigations=off" command line parameter. This is the default option.”h]”hŒ£Enable mitigation only if the platform is affected and the kernel was not booted with the “mitigations=off†command line parameter. This is the default option.”…””}”(hjih²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khjfubah}”(h]”h ]”h"]”h$]”h&]”uh1j²hjLubeh}”(h]”h ]”h"]”h$]”h&]”uh1j­hjÛubeh}”(h]”h ]”h"]”h$]”h&]”uh1j¨hjÄubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1jhjÁubah}”(h]”h ]”h"]”h$]”h&]”uh1jˆhj½ubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´K„hjh²hubeh}”(h]”ŒFmitigation-control-on-the-kernel-command-line-and-kvm-module-parameter”ah ]”h"]”ŒHmitigation control on the kernel command line and kvm - module parameter”ah$]”h&]”uh1hµhh·h²hh³hÊh´K{ubh¶)”}”(hhh]”(h»)”}”(hŒMitigation selection guide”h]”hŒMitigation selection guide”…””}”(hj§h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj¤h²hh³hÊh´K”ubh¶)”}”(hhh]”(h»)”}”(hŒ1. No virtualization in use”h]”hŒ1. No virtualization in use”…””}”(hj¸h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjµh²hh³hÊh´K—ubhû)”}”(hŒYThe system is protected by the kernel unconditionally and no further action is required. ”h]”hÌ)”}”(hŒXThe system is protected by the kernel unconditionally and no further action is required.”h]”hŒXThe system is protected by the kernel unconditionally and no further action is required.”…””}”(hjÊh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K™hjÆubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´K™hjµh²hubeh}”(h]”Œno-virtualization-in-use”ah ]”h"]”Œ1. no virtualization in use”ah$]”h&]”uh1hµhj¤h²hh³hÊh´K—ubh¶)”}”(hhh]”(h»)”}”(hŒ%2. Virtualization with trusted guests”h]”hŒ%2. Virtualization with trusted guests”…””}”(hjéh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjæh²hh³hÊh´Kubhû)”}”(hŒ If the guest comes from a trusted source, you may assume that the guest will not attempt to maliciously exploit these errata and no further action is required. ”h]”hÌ)”}”(hŒŸIf the guest comes from a trusted source, you may assume that the guest will not attempt to maliciously exploit these errata and no further action is required.”h]”hŒŸIf the guest comes from a trusted source, you may assume that the guest will not attempt to maliciously exploit these errata and no further action is required.”…””}”(hjûh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KŸhj÷ubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´KŸhjæh²hubeh}”(h]”Œ"virtualization-with-trusted-guests”ah ]”h"]”Œ%2. virtualization with trusted guests”ah$]”h&]”uh1hµhj¤h²hh³hÊh´Kubh¶)”}”(hhh]”(h»)”}”(hŒ'3. Virtualization with untrusted guests”h]”hŒ'3. Virtualization with untrusted guests”…””}”(hjh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjh²hh³hÊh´K¤ubhû)”}”(hŒ£If the guest comes from an untrusted source, the guest host kernel will need to apply iTLB multihit mitigation via the kernel command line or kvm module parameter.”h]”hÌ)”}”(hŒ£If the guest comes from an untrusted source, the guest host kernel will need to apply iTLB multihit mitigation via the kernel command line or kvm module parameter.”h]”hŒ£If the guest comes from an untrusted source, the guest host kernel will need to apply iTLB multihit mitigation via the kernel command line or kvm module parameter.”…””}”(hj,h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¥hj(ubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´K¥hjh²hubeh}”(h]”Œ$virtualization-with-untrusted-guests”ah ]”h"]”Œ'3. virtualization with untrusted guests”ah$]”h&]”uh1hµhj¤h²hh³hÊh´K¤ubeh}”(h]”Œmitigation-selection-guide”ah ]”h"]”Œmitigation selection guide”ah$]”h&]”uh1hµhh·h²hh³hÊh´K”ubeh}”(h]”Œ itlb-multihit”ah ]”h"]”Œ itlb multihit”ah$]”h&]”uh1hµhhh²hh³hÊh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÊuh1hŒcurrent_source”NŒ current_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hºNŒ generator”NŒ datestamp”NŒ source_link”NŒ source_url”NŒ toc_backlinks”j²Œfootnote_backlinks”KŒ sectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒ strip_classes”NŒ report_level”KŒ halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ traceback”ˆŒinput_encoding”Œ utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”jzŒerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œ language_code”Œen”Œrecord_dependencies”NŒconfig”NŒ id_prefix”hŒauto_id_prefix”Œid”Œ dump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÊŒ _destination”NŒ _config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒ raw_enabled”KŒline_length_limit”M'Œpep_references”NŒ pep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒ rfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œ smart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œ docinfo_xform”KŒsectsubtitle_xform”‰Œ image_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jUjRjbj_jjjIjFjpjmjõjòjJjGjjŠj¡jžjMjJjãjàjjjEjBuŒ nametypes”}”(jU‰jb‰j‰jI‰jp‰jõ‰jJ‰j‰j¡‰jM‰jã‰j‰jE‰uh}”(jRh·j_hÛjjejFj jmjLjòjsjGjøjŠjMjžjjJj¤jàjµjjæjBjuŒ footnote_refs”}”Œ citation_refs”}”Œ autofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ footnotes”]”Œ citations”]”Œautofootnote_start”KŒsymbol_footnote_start”KŒ id_counter”Œ collections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œ transformer”NŒ include_log”]”Œ decoration”Nh²hub.