xref: /linux/Documentation/admin-guide/hw-vuln/spectre.rst

62 execution of indirect branches to leak privileged memory.
93 execution of indirect branches :ref:`[3] <spec_ref3>`.  The indirect
95 indirect branches can be influenced by an attacker, causing gadget code
102 In Spectre variant 2 attacks, the attacker can steer speculative indirect
104 buffer of a CPU used for predicting indirect branch addresses. Such
105 poisoning could be done by indirect branching into existing code,
106 with the address offset of the indirect branch under the attacker's
109 this could cause privileged code's indirect branch to jump to a gadget
130 steer its indirect branch speculations to gadget code, and measure the
194    target buffer on indirect jump and jump to gadget code in speculative
205    indirect branches. Return trampolines trap speculative execution paths
233    influence the indirect branch targets for a victim process that either
238    by using the prctl() syscall to disable indirect branch speculation
241    indirect branch speculation. This comes with a performance cost
242    from not using indirect branch speculation and clearing the branch
244    indirect branch speculation disabled, Single Threaded Indirect Branch
277    for indirect branches to bypass the poisoned branch target buffer,
279    guests from affecting indirect branching in the host kernel.
282    indirect branch speculation disabled via prctl().  The branch target
308    by turning off the unsafe guest's indirect branch speculation via
390   'IBPB: conditional'   Use IBPB on SECCOMP or indirect branch restricted tasks
393   - Single threaded indirect branch prediction (STIBP) status for protection
401   'STIBP: conditional'  Use STIBP on SECCOMP or indirect branch restricted tasks
441    For Spectre variant 2 mitigation, the compiler turns indirect calls or
467    On x86, indirect branch restricted speculation is turned on by default
482    can be compiled with return trampolines for indirect branches.
485    programs can disable their indirect branch speculation via prctl()
491    Restricting indirect branch speculation on a user program will
497    Programs that disable their indirect branch speculation will have
528    its indirect branch speculation disabled by administrator via prctl().
550 		(indirect branch prediction) vulnerability. System may
558 		(indirect branch speculation) vulnerability.
587 					replace indirect branches
619    disabling indirect branch speculation when the program is running
626    off by disabling their indirect branch speculation when they are run
639    overhead as indirect branch speculations for all programs will be
648    whose indirect branch speculation is explicitly disabled,
674 …e.intel.com/security-software-guidance/insights/deep-dive-single-thread-indirect-branch-predictors…
680 [5] `AMD64 technology indirect branch control extension <https://developer.amd.com/wp-content/resou…

Last Index update Sat Jun 03 09:59:21 CST 2023