From 24ea8003a49dbbcdfbbf2e5969c4bf8002063b86 Mon Sep 17 00:00:00 2001
From: Zach Koopmans <zkoopmans@google.com>
Date: Mon, 22 Feb 2021 16:00:33 -0800
Subject: Only detect mds for mitigate.

Only detect and mitigate on mds for the mitigate command.

PiperOrigin-RevId: 358924466
---
 runsc/mitigate/mitigate.go | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

(limited to 'runsc/mitigate/mitigate.go')

diff --git a/runsc/mitigate/mitigate.go b/runsc/mitigate/mitigate.go
index 5be66f5f3..3ea58454f 100644
--- a/runsc/mitigate/mitigate.go
+++ b/runsc/mitigate/mitigate.go
@@ -36,11 +36,7 @@ type Mitigate struct {
 func (m Mitigate) Usage() string {
 	usageString := `mitigate [flags]
 
-This command mitigates an underlying system against side channel attacks.
-The command checks /proc/cpuinfo for cpus having key vulnerablilities (meltdown,
-l1tf, mds, swapgs, taa). If cpus are found to have one of the vulnerabilities,
-all but one cpu is shutdown on each core via
-/sys/devices/system/cpu/cpu{N}/online.
+Mitigate mitigates a system to the "MDS" vulnerability by implementing a manual shutdown of SMT. The command checks /proc/cpuinfo for cpus having the MDS vulnerability, and if found, shutdown all but one CPU per hyperthread pair via /sys/devices/system/cpu/cpu{N}/online. CPUs can be restored by writing "2" to each file in /sys/devices/system/cpu/cpu{N}/online or performing a system reboot.
 `
 	return usageString + m.other.usage()
 }
-- 
cgit v1.2.3