mitigate

package

v0.0.0-...-2b55090 Latest Latest Go to latest Published: Nov 23, 2024 License: Apache-2.0, MIT Imports: 4 Imported by: 3

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/google/gvisor

Links

Open Source Insights

Documentation ¶

Rendered for

Overview ¶

Package mitigate provides libraries for the mitigate command. The mitigate command mitigates side channel attacks such as MDS. Mitigate shuts down CPUs via /sys/devices/system/cpu/cpu{N}/online.

Index ¶

Variables
type CPU
type CPUSet
- func NewCPUSet(data string) (CPUSet, error)
- func (c CPUSet) IsVulnerable() bool
- func (c CPUSet) String() string
type MockCPU
- func (tc MockCPU) MakeCPUSet() CPUSet
- func (tc MockCPU) NumCPUs() int

Constants ¶

This section is empty.

Variables ¶

View Source

var AMD2 = MockCPU{
	Name:           "AMD",
	VendorID:       "AuthenticAMD",
	Family:         23,
	Model:          49,
	ModelName:      "AMD EPYC 7B12",
	Bugs:           "sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass",
	PhysicalCores:  1,
	Cores:          1,
	ThreadsPerCore: 2,
}

AMD2 is an two core AMD machine.

View Source

var AMD8 = MockCPU{
	Name:           "AMD",
	VendorID:       "AuthenticAMD",
	Family:         23,
	Model:          49,
	ModelName:      "AMD EPYC 7B12",
	Bugs:           "sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass",
	PhysicalCores:  4,
	Cores:          1,
	ThreadsPerCore: 2,
}

AMD8 is an eight core AMD machine.

View Source

var CascadeLake2 = MockCPU{
	Name:           "CascadeLake",
	VendorID:       "GenuineIntel",
	Family:         6,
	Model:          85,
	ModelName:      "Intel(R) Xeon(R) CPU",
	Bugs:           "spectre_v1 spectre_v2 spec_store_bypass mds swapgs taa",
	PhysicalCores:  1,
	Cores:          1,
	ThreadsPerCore: 2,
}

CascadeLake2 is a two core Intel CascadeLake machine.

View Source

var CascadeLake4 = MockCPU{
	Name:           "CascadeLake",
	VendorID:       "GenuineIntel",
	Family:         6,
	Model:          85,
	ModelName:      "Intel(R) Xeon(R) CPU",
	Bugs:           "spectre_v1 spectre_v2 spec_store_bypass mds swapgs taa",
	PhysicalCores:  1,
	Cores:          2,
	ThreadsPerCore: 2,
}

CascadeLake4 is a four core Intel CascadeLake machine.

View Source

var Empty = MockCPU{
	Name: "Empty",
}

Empty is an empty CPU set.

View Source

var Haswell2 = MockCPU{
	Name:           "Haswell",
	VendorID:       "GenuineIntel",
	Family:         6,
	Model:          63,
	ModelName:      "Intel(R) Xeon(R) CPU",
	Bugs:           "cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs",
	PhysicalCores:  1,
	Cores:          1,
	ThreadsPerCore: 2,
}

Haswell2 is a two core Intel Haswell machine.

View Source

var Haswell2core = MockCPU{
	Name:           "Haswell2Physical",
	VendorID:       "GenuineIntel",
	Family:         6,
	Model:          63,
	ModelName:      "Intel(R) Xeon(R) CPU",
	Bugs:           "cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs",
	PhysicalCores:  2,
	Cores:          1,
	ThreadsPerCore: 1,
}

Haswell2core is a 2 core Intel Haswell machine with no hyperthread pairs.

Functions ¶

This section is empty.

Types ¶

type CPU ¶

type CPU struct {
	// contains filtered or unexported fields
}

CPU represents pertinent info about a single hyperthread in a pair.

func (*CPU) IsVulnerable ¶

func (t *CPU) IsVulnerable() bool

IsVulnerable checks if a CPU is vulnerable to mds.

func (*CPU) SimilarTo ¶

func (t *CPU) SimilarTo(other *CPU) bool

SimilarTo checks family/model/bugs fields for equality of two processors.

func (*CPU) String ¶

func (t *CPU) String() string

String implements the String method for CPU.

type CPUSet ¶

type CPUSet []*CPU

CPUSet contains a map of all CPUs on the system, mapped by Physical ID and CoreIDs. threads with the same Core and Physical ID are Hyperthread pairs.

func NewCPUSet ¶

func NewCPUSet(data string) (CPUSet, error)

NewCPUSet creates a CPUSet from data read from /proc/cpuinfo.

func (CPUSet) IsVulnerable ¶

func (c CPUSet) IsVulnerable() bool

IsVulnerable checks if this CPUSet is vulnerable to MDS.

func (CPUSet) String ¶

func (c CPUSet) String() string

String implements the String method for CPUSet.

type MockCPU ¶

type MockCPU struct {
	Name           string
	VendorID       string
	Family         int64
	Model          int64
	ModelName      string
	Bugs           string
	PhysicalCores  int64
	Cores          int64
	ThreadsPerCore int64
}

MockCPU represents data from CPUs that will be mitigated.

func (MockCPU) MakeCPUSet ¶

func (tc MockCPU) MakeCPUSet() CPUSet

MakeCPUSet makes a cpuSet from a MockCPU.

func (MockCPU) NumCPUs ¶

func (tc MockCPU) NumCPUs() int

NumCPUs returns the number of CPUs for this CPU.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL