x86: organize vulnerability ontology
We introduce hidden Kconfigs for all speculative side channel attacks that we plan to address in the kernel and update the existing ones to indicate their CVEs. This list keeps growing, so introduce a new config CONFIG_X86_NO_SPECULATIVE_VULNERABILITIES, for CPUs which don't speculatively execute, or are otherwise immune by design. Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
This commit is contained in:
parent
7d168db9aa
commit
a96631dce9
1 changed files with 33 additions and 5 deletions
|
@ -61,7 +61,6 @@ config X86_IAMCU
|
|||
assembly code will need to be updated to conform to the new calling
|
||||
convention. If in doubt say N
|
||||
|
||||
menu "Memory Management"
|
||||
config X86_MMU
|
||||
bool "Enable Memory Management Unit"
|
||||
select MEMORY_PROTECTION
|
||||
|
@ -74,20 +73,49 @@ config X86_NO_MELTDOWN
|
|||
bool
|
||||
help
|
||||
This hidden option should be set on a per-SOC basis to indicate that
|
||||
a particular SOC is not vulnerable to the Meltdown CPU vulnerability.
|
||||
a particular SOC is not vulnerable to the Meltdown CPU vulnerability,
|
||||
as described in CVE-2017-5754.
|
||||
|
||||
config X86_NO_SPECTRE_V1
|
||||
bool
|
||||
help
|
||||
This hidden option should be set on a per-SOC basis to indicate that
|
||||
a particular SOC is not vulnerable to the Spectre V1, V1.1, and V1.2
|
||||
CPU vulnerabilities as described in CVE-2017-5753 and CVE-2018-3693.
|
||||
|
||||
config X86_NO_SPECTRE_V2
|
||||
bool
|
||||
help
|
||||
This hidden option should be set on a per-SOC basis to indicate that
|
||||
a particular SOC is not vulnerable to the Spectre V2 CPU vulnerability.
|
||||
a particular SOC is not vulnerable to the Spectre V2 CPU
|
||||
vulnerability, as described in CVE-2017-5715.
|
||||
|
||||
config X86_NO_SPECTRE_V4
|
||||
bool
|
||||
help
|
||||
This hidden option should be set on a per-SOC basis to indicate that
|
||||
a particular SOC is not vulnerable to the Spectre V4 CPU vulnerability.
|
||||
endmenu
|
||||
a particular SOC is not vulnerable to the Spectre V4 CPU
|
||||
vulnerability, as described in CVE-2018-3639.
|
||||
|
||||
config X86_NO_LAZY_FP
|
||||
bool
|
||||
help
|
||||
This hidden option should be set on a per-SOC basis to indicate
|
||||
that a particular SOC is not vulnerable to the Lazy FP CPU
|
||||
vulnerability, as described in CVE-2018-3665.
|
||||
|
||||
config X86_NO_SPECULATIVE_VULNERABILITIES
|
||||
bool
|
||||
select X86_NO_MELTDOWN
|
||||
select X86_NO_SPECTRE_V1
|
||||
select X86_NO_SPECTRE_V2
|
||||
select X86_NO_SPECTRE_V4
|
||||
select X86_NO_LAZY_FP
|
||||
help
|
||||
This hidden option should be set on a per-SOC basis that a
|
||||
particular SOC does not perform any kind of speculative execution,
|
||||
or is a newer chip which is immune to the class of vulnerabilities
|
||||
which exploit speculative execution side channel attacks.
|
||||
|
||||
config X86_ENABLE_TSS
|
||||
bool
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue