flush-level1-data-cache-mitigation.dita@ 106807

最後變更在這個檔案從106807是 105134,由 vboxsync 提交於 7 月前

Docs: bugref:10705. This is a merge commit to introduce doc team's changes in the user manual dita files. The following files
are excluded from this process:

Files whose names satrt with "viso", "vboxmanage", "man_", "vboximg", "vboxheadless", or "user_isomakercmd-man".

And general notes about this merge are as follows:

For now I leave glossentry-*dita file as they are since we use different enclosing dita elements
in hdimagewrites.dita we have <note type="attention"> while doc team's copy has <note type="caution">. Not sure if this is significant.

For now I copy doc team's version over.

I have not modified our UserManual.ditamap file. This will be done in a follow up commit.

The list of commits we have merged are as follows:

r3392: 7.1 new features; add comments to some DITA topics
r3730: VBP-283: Update supported platforms; 7.0 and 7.1
r3980: 7.1: reset menu option; add note
r3992: ARM hosts; add draft topic on limitations; add container topic for ARM-based subtopics
r3993: ARM create new VM wizard: add some dummy topics
r4014: ER 34784410 DOCUMENT THE VIRTUAL MACHINE TASKBAR ICONS: port topic and icon graphics from 7.0 tree
r4026: VBP-378: status bar icons; remove any mention of task bar; ported from 7.0
r4034: Cloning a cloud VM; add draft topic
r4035: Cloning a cloud VM;typo
r4036: Cloning a cloud VM;add xref from intro topic
r4050: Reset operation; add instructions
r4051: Amend comment
r4052: Ditaval markup for images
r4056: Add ditaval markup for images
r4057: Add ditaval markup for images
r4058: Add ditaval markup for images
r4073: UI experience level: add dummy topic
r4075: Subtype: option for VM settings General tab and Create VM wizard
r4094: Cloud VM reset; add to relnotes
r4095: Reset VM; use main Machine menu, rather than right-click menu
r4099: ARM hosts; draft revisions to cover different wizard screens
r4134: Cloud VMs: file manager menu option; add comment
r4214: Settings page, Motherboard tab: Chipset option for Arm VMs; add note
r4306: Terminology checker: clear up Errors; Installation chapter
r4307: Terminology checker: clear up Errors; Config settings/GA chapters
r4308: Terminology checker: clear up Errors; Storage, networking, remote VM chapters
r4311: Terminology checker: clear up Errors: various
r4324: Prefences and settings; potential areas for change in 7.1
r4356: r160214: Monitoring cloud VM performance; add new topic
r4358: r160214: Monitoring cloud VM performance; add new topic
r4364: r160214: Monitoring cloud VM performance; redraft topic
r4374: Experience levels; update user manual topic
r4377: Experience levels; Preferences window: add note re. availability of all possible settings
r4378: Experience levels; Preferences window: add note re. availability of all possible settingsLp
r4379: Typos and add remark re. Global menu changes
r4387: Preferences, Display: some settings introduced post-7.0: font scaling and extended features
r4388: Performance monitoring: add cloud VM instances to intro para
r4389: Experience levels: selecting a level, add graphic of icon
r4391: Resource monitoring; add CLI example to show CPU usage for a cloud instance
r4395: Experience levels; apply to menu items only
r4398: Experience levels; add notes
r4401: Experience levels; remove pics of global tools menu/machine tools menu; number of menu items can vary
r4402: Experience levels; remove image files for global tools menu/machine tools menu
r4525: Experience levels: minor redraft
r4528: Typo
r4538: Experience levels: selected level applies throughout VirtualBox Manager GUI
r4543: GUI topics; add notes for required changes
r4544: VISO Creator changes
r4563: r160714: unattended guest install example; now has user-password option
r4569: Terminology: front end, not front-end
r4570: Arm wizard screens; remove, as Create VM Wizard will be very similar regardless of architecture
r4571: Arm wizard screens; remove, as Create VM Wizard will be very similar regardless of architecture
r4623: Cloud VM monitoring: Compute Instance Monitoring plugin must be enabled; add note
r4625: CPU activity icon; update, now has solid bar
r4626: GUI changes; various, from Serkan; includes new pic for soft keyboard
r4629: separate mode: add some draft topics, will need to get technical review at a later stage
r4634: GUI; various notes and updates
r4655: Typo
r4703: Arm host platform limitations; redraft and add topic to host OS section
r4724: VISO creator; add notes re. ISO import
r4725: Separate mode: edits
r4863: r161176; Python 2.x no longer supported for API
r4899: Arm host support: limitations
r4910: Create VM wizard: settings may vary x86 vs. Arm hosts
r4911: Guest OS support; add note re. supported aarch64 OSes
r4973: r161445: Remove mention of parallel port support
r5004: Cloud VM monitoring: detailed data graphs and Activity Overview
r5038: Cloud VM monitoring: export to file
r5214: r161947: Solaris non-Global zone configuration
r5215: r161947: Solaris non-Global zone configuration; typo
r5230: Glossary: fix title for I/O APIC topic
r5341: Experience levels; can be selected from welcome screen in VirtualBox Manager; need replacement pic
r5345: Experience levels; add note on Welcome screen option
r5346: Arm host limitations; unavailable System settings
r5434: r162377: shared folders; symlinks behaviour
r5565: Cloud VM list in VirtualBox Manager; show mixed VM types; screenshot from Klaus
r5627: Obfuscate UUID data in screen shot
r5628: Delete legacy cloudvm pic; use mixed VMs example
r5654: Clean up comments in source files; redraft VM activity section
r5672: 7.1 changes; add comments
r5683: 7.1 changes; add comments for Arm topics
r5687: 7.1 changes; GUI; add comments
r5703: Oracle notices; include up to date versions in preface-* topics for User Guide
r5707: r162904: Windows install directory requirements; redraft
r5781: updated GNU version from 2 to 3 as per r163272
r5812: started removal of screenshots and updating tasks VBP-807
r5818: Further updates to creating a VM VBP-807
r5822: Restructured topics and made task based VBP-807
r5824: Removed files during restructure VBP-807
r5834: Fixed formatting of note and caution VBP-807
r5836: Updated supported host OS list VBP-825
r5837: updated USB topics for VBP-823
r5842: changes as per legal request re supported guests VBP-843
r5853: Updated versions following review. VBP-825

屬性 svn:eol-style 設為 native
屬性 svn:keywords 設為 Author Date Id Revision

檔案大小: 2.5 KB

行
1	<?xml version='1.0' encoding='UTF-8'?>
2	<!DOCTYPE topic PUBLIC "-//OASIS//DTD DITA Topic//EN" "topic.dtd">
3	<topic xml:lang="en-us" id="flush-level1-data-cache-mitigation">
4	<title>Flushing the Level 1 Data Cache</title>
5
6	<body>
7	<p>
8	This aims at removing potentially sensitive data from the
9	level 1 data cache when running guest code. However, it is
10	made difficult by hyper-threading setups sharing the level 1
11	cache and thereby potentially letting the other thread in a
12	pair refill the cache with data the user does not want the
13	guest to see. In addition, flushing the level 1 data cache is
14	usually not without performance side effects.
15	</p>
16	<p> Up-to-date CPU microcode is a prerequisite for the cache flushing mitigations. Some host
17	OSes may install these automatically, though it has traditionally been a task best performed
18	by the system firmware. So, please check with your system / mainboard manufacturer for the
19	latest firmware update. </p>
20	<p>
21	We recommend disabling hyper threading on the host. This is
22	traditionally done from the firmware setup, but some OSes also
23	offers ways disable HT. In some cases it may be disabled by
24	default, but please verify as the effectiveness of the
25	mitigation depends on it.
26	</p>
27	<p>
28	The default action taken by VirtualBox is to flush the level 1
29	data cache when a thread is scheduled to execute guest code,
30	rather than on each VM entry. This reduces the performance
31	impact, while making the assumption that the host OS will not
32	handle security sensitive data from interrupt handlers and
33	similar without taking precautions.
34	</p>
35	<p> A more aggressive flushing option is provided using the <userinput>VBoxManage
36	modifyvm</userinput>
37	<codeph>--l1d-flush-on-vm-entry</codeph> option. When enabled the level 1 data cache will be
38	flushed on every VM entry. The performance impact is greater than with the default option,
39	though this of course depends on the workload. Workloads producing a lot of VM exits (like
40	networking, VGA access, and similiar) will probably be most impacted. </p>
41	<p>
42	For users not concerned by this security issue, the default
43	mitigation can be disabled using the <userinput>VBoxManage
44	modifyvm <varname>name</varname> --l1d-flush-on-sched off</userinput> command.
45	</p>
46	</body>
47
48	</topic>

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

以其他格式下載:

原來格式