mitigate

package
v0.0.0-...-9ec6d29 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2022 License: Apache-2.0, MIT Imports: 4 Imported by: 0

Documentation

Overview

Package mitigate provides libraries for the mitigate command. The mitigate command mitigates side channel attacks such as MDS. Mitigate shuts down CPUs via /sys/devices/system/cpu/cpu{N}/online.

Index

Constants

This section is empty.

Variables

View Source
var AMD2 = MockCPU{
	Name:           "AMD",
	VendorID:       "AuthenticAMD",
	Family:         23,
	Model:          49,
	ModelName:      "AMD EPYC 7B12",
	Bugs:           "sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass",
	PhysicalCores:  1,
	Cores:          1,
	ThreadsPerCore: 2,
}

AMD2 is an two core AMD machine.

View Source
var AMD8 = MockCPU{
	Name:           "AMD",
	VendorID:       "AuthenticAMD",
	Family:         23,
	Model:          49,
	ModelName:      "AMD EPYC 7B12",
	Bugs:           "sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass",
	PhysicalCores:  4,
	Cores:          1,
	ThreadsPerCore: 2,
}

AMD8 is an eight core AMD machine.

View Source
var CascadeLake2 = MockCPU{
	Name:           "CascadeLake",
	VendorID:       "GenuineIntel",
	Family:         6,
	Model:          85,
	ModelName:      "Intel(R) Xeon(R) CPU",
	Bugs:           "spectre_v1 spectre_v2 spec_store_bypass mds swapgs taa",
	PhysicalCores:  1,
	Cores:          1,
	ThreadsPerCore: 2,
}

CascadeLake2 is a two core Intel CascadeLake machine.

View Source
var CascadeLake4 = MockCPU{
	Name:           "CascadeLake",
	VendorID:       "GenuineIntel",
	Family:         6,
	Model:          85,
	ModelName:      "Intel(R) Xeon(R) CPU",
	Bugs:           "spectre_v1 spectre_v2 spec_store_bypass mds swapgs taa",
	PhysicalCores:  1,
	Cores:          2,
	ThreadsPerCore: 2,
}

CascadeLake4 is a four core Intel CascadeLake machine.

View Source
var Empty = MockCPU{
	Name: "Empty",
}

Empty is an empty CPU set.

View Source
var Haswell2 = MockCPU{
	Name:           "Haswell",
	VendorID:       "GenuineIntel",
	Family:         6,
	Model:          63,
	ModelName:      "Intel(R) Xeon(R) CPU",
	Bugs:           "cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs",
	PhysicalCores:  1,
	Cores:          1,
	ThreadsPerCore: 2,
}

Haswell2 is a two core Intel Haswell machine.

View Source
var Haswell2core = MockCPU{
	Name:           "Haswell2Physical",
	VendorID:       "GenuineIntel",
	Family:         6,
	Model:          63,
	ModelName:      "Intel(R) Xeon(R) CPU",
	Bugs:           "cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs",
	PhysicalCores:  2,
	Cores:          1,
	ThreadsPerCore: 1,
}

Haswell2core is a 2 core Intel Haswell machine with no hyperthread pairs.

Functions

This section is empty.

Types

type CPU

type CPU struct {
	// contains filtered or unexported fields
}

CPU represents pertinent info about a single hyperthread in a pair.

func (*CPU) IsVulnerable

func (t *CPU) IsVulnerable() bool

IsVulnerable checks if a CPU is vulnerable to mds.

func (*CPU) SimilarTo

func (t *CPU) SimilarTo(other *CPU) bool

SimilarTo checks family/model/bugs fields for equality of two processors.

func (*CPU) String

func (t *CPU) String() string

String implements the String method for CPU.

type CPUSet

type CPUSet []*CPU

CPUSet contains a map of all CPUs on the system, mapped by Physical ID and CoreIDs. threads with the same Core and Physical ID are Hyperthread pairs.

func NewCPUSet

func NewCPUSet(data string) (CPUSet, error)

NewCPUSet creates a CPUSet from data read from /proc/cpuinfo.

func (CPUSet) IsVulnerable

func (c CPUSet) IsVulnerable() bool

IsVulnerable checks if this CPUSet is vulnerable to MDS.

func (CPUSet) String

func (c CPUSet) String() string

String implements the String method for CPUSet.

type MockCPU

type MockCPU struct {
	Name           string
	VendorID       string
	Family         int64
	Model          int64
	ModelName      string
	Bugs           string
	PhysicalCores  int64
	Cores          int64
	ThreadsPerCore int64
}

MockCPU represents data from CPUs that will be mitigated.

func (MockCPU) MakeCPUSet

func (tc MockCPU) MakeCPUSet() CPUSet

MakeCPUSet makes a cpuSet from a MockCPU.

func (MockCPU) NumCPUs

func (tc MockCPU) NumCPUs() int

NumCPUs returns the number of CPUs for this CPU.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL