package mitigate
import "gvisor.dev/gvisor/runsc/mitigate"
Package mitigate provides libraries for the mitigate command. The mitigate command mitigates side channel attacks such as MDS. Mitigate shuts down CPUs via /sys/devices/system/cpu/cpu{N}/online.
Index ¶
- Variables
- type CPU
- func (t *CPU) IsVulnerable() bool
- func (t *CPU) SimilarTo(other *CPU) bool
- func (t *CPU) String() string
- type CPUSet
- func NewCPUSet(data string) (CPUSet, error)
- func (c CPUSet) IsVulnerable() bool
- func (c CPUSet) String() string
- type MockCPU
Variables ¶
var AMD2 = MockCPU{ Name: "AMD", VendorID: "AuthenticAMD", Family: 23, Model: 49, ModelName: "AMD EPYC 7B12", Bugs: "sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass", PhysicalCores: 1, Cores: 1, ThreadsPerCore: 2, }
AMD2 is an two core AMD machine.
var AMD8 = MockCPU{ Name: "AMD", VendorID: "AuthenticAMD", Family: 23, Model: 49, ModelName: "AMD EPYC 7B12", Bugs: "sysret_ss_attrs spectre_v1 spectre_v2 spec_store_bypass", PhysicalCores: 4, Cores: 1, ThreadsPerCore: 2, }
AMD8 is an eight core AMD machine.
var CascadeLake2 = MockCPU{ Name: "CascadeLake", VendorID: "GenuineIntel", Family: 6, Model: 85, ModelName: "Intel(R) Xeon(R) CPU", Bugs: "spectre_v1 spectre_v2 spec_store_bypass mds swapgs taa", PhysicalCores: 1, Cores: 1, ThreadsPerCore: 2, }
CascadeLake2 is a two core Intel CascadeLake machine.
var CascadeLake4 = MockCPU{ Name: "CascadeLake", VendorID: "GenuineIntel", Family: 6, Model: 85, ModelName: "Intel(R) Xeon(R) CPU", Bugs: "spectre_v1 spectre_v2 spec_store_bypass mds swapgs taa", PhysicalCores: 1, Cores: 2, ThreadsPerCore: 2, }
CascadeLake4 is a four core Intel CascadeLake machine.
var Empty = MockCPU{ Name: "Empty", }
Empty is an empty CPU set.
var Haswell2 = MockCPU{ Name: "Haswell", VendorID: "GenuineIntel", Family: 6, Model: 63, ModelName: "Intel(R) Xeon(R) CPU", Bugs: "cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs", PhysicalCores: 1, Cores: 1, ThreadsPerCore: 2, }
Haswell2 is a two core Intel Haswell machine.
var Haswell2core = MockCPU{ Name: "Haswell2Physical", VendorID: "GenuineIntel", Family: 6, Model: 63, ModelName: "Intel(R) Xeon(R) CPU", Bugs: "cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs", PhysicalCores: 2, Cores: 1, ThreadsPerCore: 1, }
Haswell2core is a 2 core Intel Haswell machine with no hyperthread pairs.
Types ¶
type CPU ¶
type CPU struct {
// contains filtered or unexported fields
}
CPU represents pertinent info about a single hyperthread in a pair.
func (*CPU) IsVulnerable ¶
IsVulnerable checks if a CPU is vulnerable to mds.
func (*CPU) SimilarTo ¶
SimilarTo checks family/model/bugs fields for equality of two processors.
func (*CPU) String ¶
String implements the String method for CPU.
type CPUSet ¶
type CPUSet []*CPU
CPUSet contains a map of all CPUs on the system, mapped by Physical ID and CoreIDs. threads with the same Core and Physical ID are Hyperthread pairs.
func NewCPUSet ¶
NewCPUSet creates a CPUSet from data read from /proc/cpuinfo.
func (CPUSet) IsVulnerable ¶
IsVulnerable checks if this CPUSet is vulnerable to MDS.
func (CPUSet) String ¶
String implements the String method for CPUSet.
type MockCPU ¶
type MockCPU struct {
Name string
VendorID string
Family int64
Model int64
ModelName string
Bugs string
PhysicalCores int64
Cores int64
ThreadsPerCore int64
}
MockCPU represents data from CPUs that will be mitigated.
func (MockCPU) MakeCPUSet ¶
MakeCPUSet makes a cpuSet from a MockCPU.
func (MockCPU) NumCPUs ¶
NumCPUs returns the number of CPUs for this CPU.
Source Files ¶
mitigate.go mock.go
- Version
- v0.0.0-20250605235530-a6711d1e1dc6 (latest)
- Published
- Jun 5, 2025
- Platform
- linux/amd64
- Imports
- 4 packages
- Last checked
- 4 hours ago –
Tools for package owners.