€•í\      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ</translations/zh_CN/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ</translations/zh_TW/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ</translations/it_IT/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ</translations/ja_JP/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ</translations/ko_KR/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ</translations/sp_SP/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh£sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1h¡hhhžhhŸŒV/var/lib/git/docbuild/linux/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst”h KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒGDS - Gather Data Sampling”h]”hŒGDS - Gather Data Sampling”…””}”(hh»hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hh¶hžhhŸh³h KubhŒ	paragraph”“”)”}”(hŒ–Gather Data Sampling is a hardware vulnerability which allows unprivileged
speculative access to data which was previously stored in vector registers.”h]”hŒ–Gather Data Sampling is a hardware vulnerability which allows unprivileged
speculative access to data which was previously stored in vector registers.”…””}”(hhËhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khh¶hžhubhµ)”}”(hhh]”(hº)”}”(hŒProblem”h]”hŒProblem”…””}”(hhÜhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hhÙhžhhŸh³h K
ubhÊ)”}”(hXø  When a gather instruction performs loads from memory, different data elements
are merged into the destination vector register. However, when a gather
instruction that is transiently executed encounters a fault, stale data from
architectural or internal vector registers may get transiently forwarded to the
destination vector register instead. This will allow a malicious attacker to
infer stale data using typical side channel techniques like cache timing
attacks. GDS is a purely sampling-based attack.”h]”hXø  When a gather instruction performs loads from memory, different data elements
are merged into the destination vector register. However, when a gather
instruction that is transiently executed encounters a fault, stale data from
architectural or internal vector registers may get transiently forwarded to the
destination vector register instead. This will allow a malicious attacker to
infer stale data using typical side channel techniques like cache timing
attacks. GDS is a purely sampling-based attack.”…””}”(hhêhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KhhÙhžhubhÊ)”}”(hŒéThe attacker uses gather instructions to infer the stale vector register data.
The victim does not need to do anything special other than use the vector
registers. The victim does not need to use gather instructions to be
vulnerable.”h]”hŒéThe attacker uses gather instructions to infer the stale vector register data.
The victim does not need to do anything special other than use the vector
registers. The victim does not need to use gather instructions to be
vulnerable.”…””}”(hhøhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KhhÙhžhubhÊ)”}”(hŒ]Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks
are possible.”h]”hŒ]Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks
are possible.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KhhÙhžhubeh}”(h]”Œproblem”ah ]”h"]”Œproblem”ah$]”h&]”uh1h´hh¶hžhhŸh³h K
ubhµ)”}”(hhh]”(hº)”}”(hŒAttack scenarios”h]”hŒAttack scenarios”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj  hžhhŸh³h KubhÊ)”}”(hŒXWithout mitigation, GDS can infer stale data across virtually all
permission boundaries:”h]”hŒXWithout mitigation, GDS can infer stale data across virtually all
permission boundaries:”…””}”(hj-  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Khj  hžhubhŒblock_quote”“”)”}”(hŒ·Non-enclaves can infer SGX enclave data
Userspace can infer kernel data
Guests can infer data from hosts
Guest can infer guest from other guests
Users can infer data from other users
”h]”hÊ)”}”(hŒ¶Non-enclaves can infer SGX enclave data
Userspace can infer kernel data
Guests can infer data from hosts
Guest can infer guest from other guests
Users can infer data from other users”h]”hŒ¶Non-enclaves can infer SGX enclave data
Userspace can infer kernel data
Guests can infer data from hosts
Guest can infer guest from other guests
Users can infer data from other users”…””}”(hjA  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K hj=  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hŸh³h K hj  hžhubhÊ)”}”(hŒ›Because of this, it is important to ensure that the mitigation stays enabled in
lower-privilege contexts like guests and when running outside SGX enclaves.”h]”hŒ›Because of this, it is important to ensure that the mitigation stays enabled in
lower-privilege contexts like guests and when running outside SGX enclaves.”…””}”(hjU  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K&hj  hžhubhÊ)”}”(hŒÿThe hardware enforces the mitigation for SGX. Likewise, VMMs should  ensure
that guests are not allowed to disable the GDS mitigation. If a host erred and
allowed this, a guest could theoretically disable GDS mitigation, mount an
attack, and re-enable it.”h]”hŒÿThe hardware enforces the mitigation for SGX. Likewise, VMMs should  ensure
that guests are not allowed to disable the GDS mitigation. If a host erred and
allowed this, a guest could theoretically disable GDS mitigation, mount an
attack, and re-enable it.”…””}”(hjc  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K)hj  hžhubeh}”(h]”Œattack-scenarios”ah ]”h"]”Œattack scenarios”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kubhµ)”}”(hhh]”(hº)”}”(hŒMitigation mechanism”h]”hŒMitigation mechanism”…””}”(hj|  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjy  hžhhŸh³h K/ubhÊ)”}”(hŒSThis issue is mitigated in microcode. The microcode defines the following new
bits:”h]”hŒSThis issue is mitigated in microcode. The microcode defines the following new
bits:”…””}”(hjŠ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K0hjy  hžhubj<  )”}”(hX   ================================   ===   ============================
IA32_ARCH_CAPABILITIES[GDS_CTRL]   R/O   Enumerates GDS vulnerability
                                         and mitigation support.
IA32_ARCH_CAPABILITIES[GDS_NO]     R/O   Processor is not vulnerable.
IA32_MCU_OPT_CTRL[GDS_MITG_DIS]    R/W   Disables the mitigation
                                         0 by default.
IA32_MCU_OPT_CTRL[GDS_MITG_LOCK]   R/W   Locks GDS_MITG_DIS=0. Writes
                                         to GDS_MITG_DIS are ignored
                                         Can't be cleared once set.
================================   ===   ============================
”h]”hŒtable”“”)”}”(hhh]”hŒtgroup”“”)”}”(hhh]”(hŒcolspec”“”)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K uh1j¦  hj£  ubj§  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1j¦  hj£  ubj§  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1j¦  hj£  ubhŒtbody”“”)”}”(hhh]”(hŒrow”“”)”}”(hhh]”(hŒentry”“”)”}”(hhh]”hÊ)”}”(hŒ IA32_ARCH_CAPABILITIES[GDS_CTRL]”h]”hŒ IA32_ARCH_CAPABILITIES[GDS_CTRL]”…””}”(hjÕ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K4hjÒ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjÍ  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒR/O”h]”hŒR/O”…””}”(hjì  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K4hjé  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjÍ  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒ4Enumerates GDS vulnerability
and mitigation support.”h]”hŒ4Enumerates GDS vulnerability
and mitigation support.”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K4hj   ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjÍ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjÈ  ubjÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒIA32_ARCH_CAPABILITIES[GDS_NO]”h]”hŒIA32_ARCH_CAPABILITIES[GDS_NO]”…””}”(hj#  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K6hj   ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒR/O”h]”hŒR/O”…””}”(hj:  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K6hj7  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒProcessor is not vulnerable.”h]”hŒProcessor is not vulnerable.”…””}”(hjQ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K6hjN  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjÈ  ubjÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒIA32_MCU_OPT_CTRL[GDS_MITG_DIS]”h]”hŒIA32_MCU_OPT_CTRL[GDS_MITG_DIS]”…””}”(hjq  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K7hjn  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjk  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒR/W”h]”hŒR/W”…””}”(hjˆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K7hj…  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjk  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒ%Disables the mitigation
0 by default.”h]”hŒ%Disables the mitigation
0 by default.”…””}”(hjŸ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K7hjœ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjk  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjÈ  ubjÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒ IA32_MCU_OPT_CTRL[GDS_MITG_LOCK]”h]”hŒ IA32_MCU_OPT_CTRL[GDS_MITG_LOCK]”…””}”(hj¿  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K9hj¼  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj¹  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒR/W”h]”hŒR/W”…””}”(hjÖ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K9hjÓ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj¹  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒSLocks GDS_MITG_DIS=0. Writes
to GDS_MITG_DIS are ignored
Can't be cleared once set.”h]”hŒULocks GDS_MITG_DIS=0. Writes
to GDS_MITG_DIS are ignored
Canâ€™t be cleared once set.”…””}”(hjí  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K9hjê  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj¹  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjÈ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÆ  hj£  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1j¡  hjž  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hj˜  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hŸh³h K3hjy  hžhubhÊ)”}”(hŒÁGDS can also be mitigated on systems that don't have updated microcode by
disabling AVX. This can be done by setting gather_data_sampling="force" or
"clearcpuid=avx" on the kernel command-line.”h]”hŒËGDS can also be mitigated on systems that donâ€™t have updated microcode by
disabling AVX. This can be done by setting gather_data_sampling=â€forceâ€ or
â€œclearcpuid=avxâ€ on the kernel command-line.”…””}”(hj   hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K>hjy  hžhubhÊ)”}”(hŒóIf used, these options will disable AVX use by turning off XSAVE YMM support.
However, the processor will still enumerate AVX support.  Userspace that
does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM
support will break.”h]”(hŒÐIf used, these options will disable AVX use by turning off XSAVE YMM support.
However, the processor will still enumerate AVX support.  Userspace that
does not follow proper AVX enumeration to check both AVX ”…””}”(hj.  hžhhŸNh NubhŒemphasis”“”)”}”(hŒ*and*”h]”hŒand”…””}”(hj8  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j6  hj.  ubhŒ XSAVE YMM
support will break.”…””}”(hj.  hžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KBhjy  hžhubeh}”(h]”Œmitigation-mechanism”ah ]”h"]”Œmitigation mechanism”ah$]”h&]”uh1h´hh¶hžhhŸh³h K/ubhµ)”}”(hhh]”(hº)”}”(hŒ-Mitigation control on the kernel command line”h]”hŒ-Mitigation control on the kernel command line”…””}”(hj[  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjX  hžhhŸh³h KHubhÊ)”}”(hXx  The mitigation can be disabled by setting "gather_data_sampling=off" or
"mitigations=off" on the kernel command line. Not specifying either will default
to the mitigation being enabled. Specifying "gather_data_sampling=force" will
use the microcode mitigation when available or disable AVX on affected systems
where the microcode hasn't been updated to include the mitigation.”h]”hX†  The mitigation can be disabled by setting â€œgather_data_sampling=offâ€ or
â€œmitigations=offâ€ on the kernel command line. Not specifying either will default
to the mitigation being enabled. Specifying â€œgather_data_sampling=forceâ€ will
use the microcode mitigation when available or disable AVX on affected systems
where the microcode hasnâ€™t been updated to include the mitigation.”…””}”(hji  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KIhjX  hžhubeh}”(h]”Œ-mitigation-control-on-the-kernel-command-line”ah ]”h"]”Œ-mitigation control on the kernel command line”ah$]”h&]”uh1h´hh¶hžhhŸh³h KHubhµ)”}”(hhh]”(hº)”}”(hŒGDS System Information”h]”hŒGDS System Information”…””}”(hj‚  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hj  hžhhŸh³h KPubhÊ)”}”(hŒ}The kernel provides vulnerability status information through sysfs. For
GDS this can be accessed by the following sysfs file:”h]”hŒ}The kernel provides vulnerability status information through sysfs. For
GDS this can be accessed by the following sysfs file:”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KQhj  hžhubhÊ)”}”(hŒ</sys/devices/system/cpu/vulnerabilities/gather_data_sampling”h]”hŒ</sys/devices/system/cpu/vulnerabilities/gather_data_sampling”…””}”(hjž  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KThj  hžhubhÊ)”}”(hŒ/The possible values contained in this file are:”h]”hŒ/The possible values contained in this file are:”…””}”(hj¬  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KVhj  hžhubj<  )”}”(hX5  ============================== =============================================
Not affected                   Processor not vulnerable.
Vulnerable                     Processor vulnerable and mitigation disabled.
Vulnerable: No microcode       Processor vulnerable and microcode is missing
                               mitigation.
Mitigation: AVX disabled,
no microcode                   Processor is vulnerable and microcode is missing
                               mitigation. AVX disabled as mitigation.
Mitigation: Microcode          Processor is vulnerable and mitigation is in
                               effect.
Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in
                               effect and cannot be disabled.
Unknown: Dependent on
hypervisor status              Running on a virtual guest processor that is
                               affected but with no way to know if host
                               processor is mitigated or vulnerable.
============================== =============================================
”h]”j  )”}”(hhh]”j¢  )”}”(hhh]”(j§  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1j¦  hjÁ  ubj§  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K0uh1j¦  hjÁ  ubjÇ  )”}”(hhh]”(jÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒNot affected”h]”hŒNot affected”…””}”(hjá  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KYhjÞ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjÛ  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒProcessor not vulnerable.”h]”hŒProcessor not vulnerable.”…””}”(hjø  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KYhjõ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjÛ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjØ  ubjÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒ
Vulnerable”h]”hŒ
Vulnerable”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KZhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒ-Processor vulnerable and mitigation disabled.”h]”hŒ-Processor vulnerable and mitigation disabled.”…””}”(hj/  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KZhj,  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjØ  ubjÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒVulnerable: No microcode”h]”hŒVulnerable: No microcode”…””}”(hjO  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K[hjL  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjI  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒ9Processor vulnerable and microcode is missing
mitigation.”h]”hŒ9Processor vulnerable and microcode is missing
mitigation.”…””}”(hjf  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K[hjc  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjI  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjØ  ubjÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒMitigation: AVX disabled,”h]”hŒMitigation: AVX disabled,”…””}”(hj†  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K]hjƒ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj€  ubjÑ  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj€  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjØ  ubjÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒno microcode”h]”hŒno microcode”…””}”(hj¯  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K^hj¬  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj©  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒXProcessor is vulnerable and microcode is missing
mitigation. AVX disabled as mitigation.”h]”hŒXProcessor is vulnerable and microcode is missing
mitigation. AVX disabled as mitigation.”…””}”(hjÆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K^hjÃ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj©  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjØ  ubjÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒMitigation: Microcode”h]”hŒMitigation: Microcode”…””}”(hjæ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K`hjã  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjà  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒ4Processor is vulnerable and mitigation is in
effect.”h]”hŒ4Processor is vulnerable and mitigation is in
effect.”…””}”(hjý  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h K`hjú  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjà  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjØ  ubjÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒMitigation: Microcode (locked)”h]”hŒMitigation: Microcode (locked)”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Kbhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒKProcessor is vulnerable and mitigation is in
effect and cannot be disabled.”h]”hŒKProcessor is vulnerable and mitigation is in
effect and cannot be disabled.”…””}”(hj4  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Kbhj1  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjØ  ubjÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒUnknown: Dependent on”h]”hŒUnknown: Dependent on”…””}”(hjT  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KdhjQ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjN  ubjÑ  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjN  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjØ  ubjÌ  )”}”(hhh]”(jÑ  )”}”(hhh]”hÊ)”}”(hŒhypervisor status”h]”hŒhypervisor status”…””}”(hj}  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Kehjz  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjw  ubjÑ  )”}”(hhh]”hÊ)”}”(hŒ{Running on a virtual guest processor that is
affected but with no way to know if host
processor is mitigated or vulnerable.”h]”hŒ{Running on a virtual guest processor that is
affected but with no way to know if host
processor is mitigated or vulnerable.”…””}”(hj”  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h Kehj‘  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jÐ  hjw  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jË  hjØ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÆ  hjÁ  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1j¡  hj¾  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jœ  hjº  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j;  hŸh³h KXhj  hžhubeh}”(h]”Œgds-system-information”ah ]”h"]”Œgds system information”ah$]”h&]”uh1h´hh¶hžhhŸh³h KPubhµ)”}”(hhh]”(hº)”}”(hŒGDS Default mitigation”h]”hŒGDS Default mitigation”…””}”(hjÒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¹hjÏ  hžhhŸh³h KkubhÊ)”}”(hŒ|The updated microcode will enable the mitigation by default. The kernel's
default action is to leave the mitigation enabled.”h]”hŒ~The updated microcode will enable the mitigation by default. The kernelâ€™s
default action is to leave the mitigation enabled.”…””}”(hjà  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÉhŸh³h KlhjÏ  hžhubeh}”(h]”Œgds-default-mitigation”ah ]”h"]”Œgds default mitigation”ah$]”h&]”uh1h´hh¶hžhhŸh³h Kkubeh}”(h]”Œgds-gather-data-sampling”ah ]”h"]”Œgds - gather data sampling”ah$]”h&]”uh1h´hhhžhhŸh³h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h³uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¹NŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”jÐ  Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j   Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h³Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(jû  jø  j  j  jv  js  jU  jR  j|  jy  jÌ  jÉ  jó  jð  uŒ	nametypes”}”(jû  ‰j  ‰jv  ‰jU  ‰j|  ‰jÌ  ‰jó  ‰uh}”(jø  h¶j  hÙjs  j  jR  jy  jy  jX  jÉ  j  jð  jÏ  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.