PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY structure (winnt.h)

This data structure provides the status of process policies that are related to the mitigation of side channels. This can include side channel attacks involving speculative execution and page combining.

Syntax

typedef struct _PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY {
  union {
    DWORD Flags;
    struct {
      DWORD SmtBranchTargetIsolation : 1;
      DWORD IsolateSecurityDomain : 1;
      DWORD DisablePageCombine : 1;
      DWORD SpeculativeStoreBypassDisable : 1;
      DWORD ReservedFlags : 28;
    } DUMMYSTRUCTNAME;
  } DUMMYUNIONNAME;
} PROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY, *PPROCESS_MITIGATION_SIDE_CHANNEL_ISOLATION_POLICY;

Members

DUMMYUNIONNAME

DUMMYUNIONNAME.Flags

This member is reserved for system use.

DUMMYUNIONNAME.DUMMYSTRUCTNAME

DUMMYUNIONNAME.DUMMYSTRUCTNAME.SmtBranchTargetIsolation

Prevent branch target pollution cross-SMT-thread in user mode.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.IsolateSecurityDomain

Isolate this process into a distinct security domain, even from other processes running as the same security context. This prevents branch target injection cross-process.

Page combining is limited to processes within the same security domain. This flag effectively limits the process to only combining internally to the process itself, except for common pages and unless further restricted by the DisablePageCombine policy.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.DisablePageCombine

Disable all page combining for this process, even internally to the process itself, except for common pages.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.SpeculativeStoreBypassDisable

Memory Disambiguation Disable.

DUMMYUNIONNAME.DUMMYSTRUCTNAME.ReservedFlags

This member is reserved for system use.

Requirements

   
Header winnt.h