Lines Matching +full:cost +full:- +full:effective
1 .. SPDX-License-Identifier: GPL-2.0
8 known scenario of poisoning CPU functional units - the Branch Target
9 Buffer (BTB) and Return Address Predictor (RAP) in this case - and then
14 Return Address Stack/Return Stack Buffer). In some cases, a non-architectural
20 but the concern is that an attacker can mis-train the CPU BTB to predict
21 non-architectural CALL instructions in kernel space and use this to
23 leading to information disclosure via a speculative side-channel.
25 The issue is tracked under CVE-2023-20569.
28 -------------------
30 AMD Zen, generations 1-4. That is, all families 0x17 and 0x19. Older
34 ------------------------------
37 mitigations to be effective.
61 kernel, but the IBPB-extending microcode has not been applied. User
67 not address User->Kernel and Guest->Host transitions protection but it
68 does address User->User and VM->VM attack vectors.
70 Note that User->User mitigation is controlled by how the IBPB aspect in
80 i.e., always on - by supplying spectre_v2_user=on on the kernel
89 User->Kernel and Guest->Host transitions protection.
91 Selected by default or by spec_rstack_overflow=safe-ret
96 privilege domain crossings (User->Kernel, Guest->Host).
102 Mitigation addressing the cloud provider scenario - the Guest->Host
105 (spec_rstack_overflow=ibpb-vmexit)
111 - gain local access on the machine
113 - break kASLR
115 - find gadgets in the running kernel in order to use them in the exploit
117 - potentially create and pin an additional workload on the sibling
120 - run the exploit
124 attack vectors, including the local User->Kernel one.
126 As always, the user is advised to keep her/his system up-to-date by
132 As one can surmise, 'Mitigation: safe RET' does come at the cost of some
140 a performance cost.
143 --------------------