Merge "UPSTREAM: Revert "xfrm: state and policy should fail if XFRMA_IF_ID 0""

for the same psi metric can be specified. However for each trigger a separate

file descriptor is required to be able to poll it separately from others,

therefore for each trigger a separate open() syscall should be made even

when opening the same psi interface file.

when opening the same psi interface file. Write operations to a file descriptor

with an already existing psi trigger will fail with EBUSY.

Monitors activate only when system enters stall state for the monitored

psi metric and deactivates upon exit from the stall state. While system is

Spectre variant 1 attacks take advantage of speculative execution of

conditional branches, while Spectre variant 2 attacks use speculative

execution of indirect branches to leak privileged memory.

See :ref:`[1] <spec_ref1>` :ref:`[5] <spec_ref5>` :ref:`[7] <spec_ref7>`

:ref:`[10] <spec_ref10>` :ref:`[11] <spec_ref11>`.

See :ref:`[1] <spec_ref1>` :ref:`[5] <spec_ref5>` :ref:`[6] <spec_ref6>`

:ref:`[7] <spec_ref7>` :ref:`[10] <spec_ref10>` :ref:`[11] <spec_ref11>`.

Spectre variant 1 (Bounds Check Bypass)

---------------------------------------

speculative execution's side effects left in level 1 cache to infer the

victim's data.

Yet another variant 2 attack vector is for the attacker to poison the

Branch History Buffer (BHB) to speculatively steer an indirect branch

to a specific Branch Target Buffer (BTB) entry, even if the entry isn't

associated with the source address of the indirect branch. Specifically,

the BHB might be shared across privilege levels even in the presence of

Enhanced IBRS.

Currently the only known real-world BHB attack vector is via

unprivileged eBPF. Therefore, it's highly recommended to not enable

unprivileged eBPF, especially when eIBRS is used (without retpolines).

For a full mitigation against BHB attacks, it's recommended to use

retpolines (or eIBRS combined with retpolines).

Attack scenarios

----------------

  - Kernel status:

  ====================================  =================================

  ========================================  =================================

  'Not affected'                            The processor is not vulnerable

  'Vulnerable'                          Vulnerable, no mitigation

  'Mitigation: Full generic retpoline'  Software-focused mitigation

  'Mitigation: Full AMD retpoline'      AMD-specific software mitigation

  'Mitigation: None'                        Vulnerable, no mitigation

  'Mitigation: Retpolines'                  Use Retpoline thunks

  'Mitigation: LFENCE'                      Use LFENCE instructions

  'Mitigation: Enhanced IBRS'               Hardware-focused mitigation

  ====================================  =================================

  'Mitigation: Enhanced IBRS + Retpolines'  Hardware-focused + Retpolines

  'Mitigation: Enhanced IBRS + LFENCE'      Hardware-focused + LFENCE

  ========================================  =================================

  - Firmware status: Show if Indirect Branch Restricted Speculation (IBRS) is

    used to protect against Spectre variant 2 attacks when calling firmware (x86 only).

   before invoking any firmware code to prevent Spectre variant 2 exploits

   using the firmware.

   Using kernel address space randomization (CONFIG_RANDOMIZE_SLAB=y

   Using kernel address space randomization (CONFIG_RANDOMIZE_BASE=y

   and CONFIG_SLAB_FREELIST_RANDOM=y in the kernel configuration) makes

   attacks on the kernel generally more difficult.

		Specific mitigations can also be selected manually:

		retpoline

					replace indirect branches

		retpoline,generic

					google's original retpoline

		retpoline,amd

					AMD-specific minimal thunk

                retpoline               auto pick between generic,lfence

                retpoline,generic       Retpolines

                retpoline,lfence        LFENCE; indirect branch

                retpoline,amd           alias for retpoline,lfence

                eibrs                   enhanced IBRS

                eibrs,retpoline         enhanced IBRS + Retpolines

                eibrs,lfence            enhanced IBRS + LFENCE

		Not specifying this option is equivalent to

		spectre_v2=auto.

.. _spec_ref6:

[6] `Software techniques for managing speculation on AMD processors <https://developer.amd.com/wp-content/resources/90343-B_SoftwareTechniquesforManagingSpeculation_WP_7-18Update_FNL.pdf>`_.

[6] `Software techniques for managing speculation on AMD processors <https://developer.amd.com/wp-content/resources/Managing-Speculation-on-AMD-Processors.pdf>`_.

ARM white papers:

			architectures force reset to be always executed

	i8042.unlock	[HW] Unlock (ignore) the keylock

	i8042.kbdreset	[HW] Reset device connected to KBD port

	i8042.probe_defer

			[HW] Allow deferred probing upon i8042 probe errors

	i810=		[HW,DRM]

			Default is 1 (enabled)

	kvm-intel.emulate_invalid_guest_state=

			[KVM,Intel] Enable emulation of invalid guest states

			Default is 0 (disabled)

			[KVM,Intel] Disable emulation of invalid guest state.

			Ignored if kvm-intel.enable_unrestricted_guest=1, as

			guest state is never invalid for unrestricted guests.

			This param doesn't apply to nested guests (L2), as KVM

			never emulates invalid L2 guest state.

			Default is 1 (enabled)

	kvm-intel.flexpriority=

			[KVM,Intel] Disable FlexPriority feature (TPR shadow).

			Specific mitigations can also be selected manually:

			retpoline	  - replace indirect branches

			retpoline,generic - google's original retpoline

			retpoline,amd     - AMD-specific minimal thunk

			retpoline,generic - Retpolines

			retpoline,lfence  - LFENCE; indirect branch

			retpoline,amd     - alias for retpoline,lfence

			eibrs		  - enhanced IBRS

			eibrs,retpoline   - enhanced IBRS + Retpolines

			eibrs,lfence      - enhanced IBRS + LFENCE

			Not specifying this option is equivalent to

			spectre_v2=auto.

example.  If a system hangs up, try pressing the NMI switch.

unprivileged_bpf_disabled:

==========================

Writing 1 to this entry will disable unprivileged calls to ``bpf()``;

once disabled, calling ``bpf()`` without ``CAP_SYS_ADMIN`` will return

``-EPERM``. Once set to 1, this can't be cleared from the running kernel

anymore.

Writing 2 to this entry will also disable unprivileged calls to ``bpf()``,

however, an admin can still change this setting later on, if needed, by

writing 0 or 1 to this entry.

If ``BPF_UNPRIV_DEFAULT_OFF`` is enabled in the kernel config, then this

entry will default to 2 instead of 0.

= =============================================================

0 Unprivileged calls to ``bpf()`` are enabled

1 Unprivileged calls to ``bpf()`` are disabled without recovery

2 Unprivileged calls to ``bpf()`` are disabled

= =============================================================

watchdog:

=========

Allocating Channels

-------------------

Channels are required to be configured prior to starting the test run.

Attempting to run the test without configuring the channels will fail.

Channels do not need to be configured prior to starting a test run. Attempting

to run the test without configuring the channels will result in testing any

channels that are available.

Example::

    % echo 1 > /sys/module/dmatest/parameters/run

    dmatest: Could not start test, no channels configured

    dmatest: No channels configured, continue with any

Channels are registered using the "channel" parameter. Channels can be requested by their

name, once requested, the channel is registered and a pending thread is added to the test list.