Documentation: Move L1TF to separate directory

Move L!TF to a separate directory so the MDS stuff can be added at the side. Otherwise the all hardware vulnerabilites have their own top level entry. Should have done that right away. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 (backported from commit a4117ea9cd8a01aa62d791fa3026ee7befe73614) [juergh: Adjusted content and file paths.] Signed-off-by: Juerg Haefliger <juergh@canonical.com> Acked-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>

Documentation: Move L1TF to separate directory
Move L!TF to a separate directory so the MDS stuff can be added at the side. Otherwise the all hardware vulnerabilites have their own top level entry. Should have done that right away. Signed-off-by: Thomas Gleixner <tglx@linutronix.de> Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> CVE-2018-12126 CVE-2018-12127 CVE-2018-12130 (backported from commit a4117ea9cd8a01aa62d791fa3026ee7befe73614) [juergh: Adjusted content and file paths.] Signed-off-by: Juerg Haefliger <juergh@canonical.com> Acked-by: Tyler Hicks <tyhicks@canonical.com> Acked-by: Stefan Bader <stefan.bader@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
6f6830e2 · Thomas Gleixner · Stefan Bader · d5585937 · 6f6830e2 · 6f6830e2
Commit 6f6830e2 authored Feb 19, 2019 by Thomas Gleixner Committed by Stefan Bader May 07, 2019
3 changed files
--- a/Documentation/admin-guide/hw-vuln/index.rst
+++ b/Documentation/admin-guide/hw-vuln/index.rst
+========================
+Hardware vulnerabilities
+========================
+
+This section describes CPU vulnerabilities and provides an overview of the
+possible mitigations along with guidance for selecting mitigations if they
+are configurable at compile, boot or run time.
+
+.. toctree::
+   :maxdepth: 1
+
+   l1tf
--- a/Documentation/security/l1tf.txt
+++ b/Documentation/security/l1tf.txt
@@ -405,6 +405,9 @@ time with the option "l1tf=". The valid arguments for this option are:

  off		Disables hypervisor mitigations and doesn't emit any
 		warnings.
+		It also drops the swap size and available RAM limit restrictions
+		on both hypervisor and bare metal.
+
  ============  =============================================================

 The default is 'flush'. For details about L1D flushing see :ref:`l1d_flush`.
@@ -576,7 +579,8 @@ Default mitigations
  The kernel default mitigations for vulnerable processors are:

  - PTE inversion to protect against malicious user space. This is done
-    unconditionally and cannot be controlled.
+    unconditionally and cannot be controlled. The swap storage is limited
+    to ~16TB.

  - L1D conditional flushing on VMENTER when EPT is enabled for
    a guest.

--- a/Documentation/admin-guide/index.rst
+++ b/Documentation/admin-guide/index.rst
+The Linux kernel user's and administrator's guide
+=================================================
+
+The following is a collection of user-oriented documents that have been
+added to the kernel over time.  There is, as yet, little overall order or
+organization here — this material was not written to be a single, coherent
+document!  With luck things will improve quickly over time.
+
+This section describes CPU vulnerabilities and their mitigations.
+
+.. toctree::
+   :maxdepth: 1
+
+   hw-vuln/index