diff options
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/misc.nix | 37 |
1 files changed, 11 insertions, 26 deletions
diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix index 6833452a570e1..cd48eade7784f 100644 --- a/nixos/modules/security/misc.nix +++ b/nixos/modules/security/misc.nix @@ -83,34 +83,19 @@ with lib; security.virtualisation.flushL1DataCache = mkOption { type = types.nullOr (types.enum [ "never" "cond" "always" ]); default = null; - description = '' + description = lib.mdDoc '' Whether the hypervisor should flush the L1 data cache before entering guests. - See also <xref linkend="opt-security.allowSimultaneousMultithreading"/>. - - <variablelist> - <varlistentry> - <term><literal>null</literal></term> - <listitem><para>uses the kernel default</para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"never"</literal></term> - <listitem><para>disables L1 data cache flushing entirely. - May be appropriate if all guests are trusted.</para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"cond"</literal></term> - <listitem><para>flushes L1 data cache only for pre-determined - code paths. May leak information about the host address space - layout.</para></listitem> - </varlistentry> - <varlistentry> - <term><literal>"always"</literal></term> - <listitem><para>flushes L1 data cache every time the hypervisor - enters the guest. May incur significant performance cost. - </para></listitem> - </varlistentry> - </variablelist> + See also [](#opt-security.allowSimultaneousMultithreading). + + - `null`: uses the kernel default + - `"never"`: disables L1 data cache flushing entirely. + May be appropriate if all guests are trusted. + - `"cond"`: flushes L1 data cache only for pre-determined + code paths. May leak information about the host address space + layout. + - `"always"`: flushes L1 data cache every time the hypervisor + enters the guest. May incur significant performance cost. ''; }; }; |