€•Ø]      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ</translations/zh_CN/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ</translations/zh_TW/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ</translations/it_IT/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ</translations/ja_JP/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ</translations/ko_KR/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ</translations/pt_BR/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ</translations/sp_SP/admin-guide/hw-vuln/gather_data_sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒcomment”“”)”}”(hŒ SPDX-License-Identifier: GPL-2.0”h]”hŒ SPDX-License-Identifier: GPL-2.0”…””}”hh·sbah}”(h]”h ]”h"]”h$]”h&]”Œ	xml:space”Œpreserve”uh1hµhhh²hh³ŒV/var/lib/git/docbuild/linux/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst”h´KubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒGDS - Gather Data Sampling”h]”hŒGDS - Gather Data Sampling”…””}”(hhÏh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhÊh²hh³hÇh´KubhŒ	paragraph”“”)”}”(hŒ–Gather Data Sampling is a hardware vulnerability which allows unprivileged
speculative access to data which was previously stored in vector registers.”h]”hŒ–Gather Data Sampling is a hardware vulnerability which allows unprivileged
speculative access to data which was previously stored in vector registers.”…””}”(hhßh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KhhÊh²hubhÉ)”}”(hhh]”(hÎ)”}”(hŒProblem”h]”hŒProblem”…””}”(hhðh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhhíh²hh³hÇh´K
ubhÞ)”}”(hXø  When a gather instruction performs loads from memory, different data elements
are merged into the destination vector register. However, when a gather
instruction that is transiently executed encounters a fault, stale data from
architectural or internal vector registers may get transiently forwarded to the
destination vector register instead. This will allow a malicious attacker to
infer stale data using typical side channel techniques like cache timing
attacks. GDS is a purely sampling-based attack.”h]”hXø  When a gather instruction performs loads from memory, different data elements
are merged into the destination vector register. However, when a gather
instruction that is transiently executed encounters a fault, stale data from
architectural or internal vector registers may get transiently forwarded to the
destination vector register instead. This will allow a malicious attacker to
infer stale data using typical side channel techniques like cache timing
attacks. GDS is a purely sampling-based attack.”…””}”(hhþh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khhíh²hubhÞ)”}”(hŒéThe attacker uses gather instructions to infer the stale vector register data.
The victim does not need to do anything special other than use the vector
registers. The victim does not need to use gather instructions to be
vulnerable.”h]”hŒéThe attacker uses gather instructions to infer the stale vector register data.
The victim does not need to do anything special other than use the vector
registers. The victim does not need to use gather instructions to be
vulnerable.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khhíh²hubhÞ)”}”(hŒ]Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks
are possible.”h]”hŒ]Because the buffers are shared between Hyper-Threads cross Hyper-Thread attacks
are possible.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khhíh²hubeh}”(h]”Œproblem”ah ]”h"]”Œproblem”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K
ubhÉ)”}”(hhh]”(hÎ)”}”(hŒAttack scenarios”h]”hŒAttack scenarios”…””}”(hj3  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj0  h²hh³hÇh´KubhÞ)”}”(hŒXWithout mitigation, GDS can infer stale data across virtually all
permission boundaries:”h]”hŒXWithout mitigation, GDS can infer stale data across virtually all
permission boundaries:”…””}”(hjA  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Khj0  h²hubhŒblock_quote”“”)”}”(hŒ·Non-enclaves can infer SGX enclave data
Userspace can infer kernel data
Guests can infer data from hosts
Guest can infer guest from other guests
Users can infer data from other users
”h]”hÞ)”}”(hŒ¶Non-enclaves can infer SGX enclave data
Userspace can infer kernel data
Guests can infer data from hosts
Guest can infer guest from other guests
Users can infer data from other users”h]”hŒ¶Non-enclaves can infer SGX enclave data
Userspace can infer kernel data
Guests can infer data from hosts
Guest can infer guest from other guests
Users can infer data from other users”…””}”(hjU  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K hjQ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jO  h³hÇh´K hj0  h²hubhÞ)”}”(hŒ›Because of this, it is important to ensure that the mitigation stays enabled in
lower-privilege contexts like guests and when running outside SGX enclaves.”h]”hŒ›Because of this, it is important to ensure that the mitigation stays enabled in
lower-privilege contexts like guests and when running outside SGX enclaves.”…””}”(hji  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K&hj0  h²hubhÞ)”}”(hŒÿThe hardware enforces the mitigation for SGX. Likewise, VMMs should  ensure
that guests are not allowed to disable the GDS mitigation. If a host erred and
allowed this, a guest could theoretically disable GDS mitigation, mount an
attack, and re-enable it.”h]”hŒÿThe hardware enforces the mitigation for SGX. Likewise, VMMs should  ensure
that guests are not allowed to disable the GDS mitigation. If a host erred and
allowed this, a guest could theoretically disable GDS mitigation, mount an
attack, and re-enable it.”…””}”(hjw  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K)hj0  h²hubeh}”(h]”Œattack-scenarios”ah ]”h"]”Œattack scenarios”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KubhÉ)”}”(hhh]”(hÎ)”}”(hŒMitigation mechanism”h]”hŒMitigation mechanism”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj  h²hh³hÇh´K/ubhÞ)”}”(hŒSThis issue is mitigated in microcode. The microcode defines the following new
bits:”h]”hŒSThis issue is mitigated in microcode. The microcode defines the following new
bits:”…””}”(hjž  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K0hj  h²hubjP  )”}”(hX   ================================   ===   ============================
IA32_ARCH_CAPABILITIES[GDS_CTRL]   R/O   Enumerates GDS vulnerability
                                         and mitigation support.
IA32_ARCH_CAPABILITIES[GDS_NO]     R/O   Processor is not vulnerable.
IA32_MCU_OPT_CTRL[GDS_MITG_DIS]    R/W   Disables the mitigation
                                         0 by default.
IA32_MCU_OPT_CTRL[GDS_MITG_LOCK]   R/W   Locks GDS_MITG_DIS=0. Writes
                                         to GDS_MITG_DIS are ignored
                                         Can't be cleared once set.
================================   ===   ============================
”h]”hŒtable”“”)”}”(hhh]”hŒtgroup”“”)”}”(hhh]”(hŒcolspec”“”)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K uh1jº  hj·  ubj»  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jº  hj·  ubj»  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jº  hj·  ubhŒtbody”“”)”}”(hhh]”(hŒrow”“”)”}”(hhh]”(hŒentry”“”)”}”(hhh]”hÞ)”}”(hŒ IA32_ARCH_CAPABILITIES[GDS_CTRL]”h]”hŒ IA32_ARCH_CAPABILITIES[GDS_CTRL]”…””}”(hjé  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K4hjæ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjá  ubjå  )”}”(hhh]”hÞ)”}”(hŒR/O”h]”hŒR/O”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K4hjý  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjá  ubjå  )”}”(hhh]”hÞ)”}”(hŒ4Enumerates GDS vulnerability
and mitigation support.”h]”hŒ4Enumerates GDS vulnerability
and mitigation support.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K4hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjá  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjÜ  ubjà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒIA32_ARCH_CAPABILITIES[GDS_NO]”h]”hŒIA32_ARCH_CAPABILITIES[GDS_NO]”…””}”(hj7  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K6hj4  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj1  ubjå  )”}”(hhh]”hÞ)”}”(hŒR/O”h]”hŒR/O”…””}”(hjN  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K6hjK  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj1  ubjå  )”}”(hhh]”hÞ)”}”(hŒProcessor is not vulnerable.”h]”hŒProcessor is not vulnerable.”…””}”(hje  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K6hjb  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj1  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjÜ  ubjà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒIA32_MCU_OPT_CTRL[GDS_MITG_DIS]”h]”hŒIA32_MCU_OPT_CTRL[GDS_MITG_DIS]”…””}”(hj…  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K7hj‚  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj  ubjå  )”}”(hhh]”hÞ)”}”(hŒR/W”h]”hŒR/W”…””}”(hjœ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K7hj™  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj  ubjå  )”}”(hhh]”hÞ)”}”(hŒ%Disables the mitigation
0 by default.”h]”hŒ%Disables the mitigation
0 by default.”…””}”(hj³  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K7hj°  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjÜ  ubjà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒ IA32_MCU_OPT_CTRL[GDS_MITG_LOCK]”h]”hŒ IA32_MCU_OPT_CTRL[GDS_MITG_LOCK]”…””}”(hjÓ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K9hjÐ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjÍ  ubjå  )”}”(hhh]”hÞ)”}”(hŒR/W”h]”hŒR/W”…””}”(hjê  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K9hjç  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjÍ  ubjå  )”}”(hhh]”hÞ)”}”(hŒSLocks GDS_MITG_DIS=0. Writes
to GDS_MITG_DIS are ignored
Can't be cleared once set.”h]”hŒULocks GDS_MITG_DIS=0. Writes
to GDS_MITG_DIS are ignored
Canâ€™t be cleared once set.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K9hjþ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjÍ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjÜ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hj·  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1jµ  hj²  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  hj¬  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jO  h³hÇh´K3hj  h²hubhÞ)”}”(hŒÁGDS can also be mitigated on systems that don't have updated microcode by
disabling AVX. This can be done by setting gather_data_sampling="force" or
"clearcpuid=avx" on the kernel command-line.”h]”hŒËGDS can also be mitigated on systems that donâ€™t have updated microcode by
disabling AVX. This can be done by setting gather_data_sampling=â€forceâ€ or
â€œclearcpuid=avxâ€ on the kernel command-line.”…””}”(hj4  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K>hj  h²hubhÞ)”}”(hŒóIf used, these options will disable AVX use by turning off XSAVE YMM support.
However, the processor will still enumerate AVX support.  Userspace that
does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM
support will break.”h]”(hŒÐIf used, these options will disable AVX use by turning off XSAVE YMM support.
However, the processor will still enumerate AVX support.  Userspace that
does not follow proper AVX enumeration to check both AVX ”…””}”(hjB  h²hh³Nh´NubhŒemphasis”“”)”}”(hŒ*and*”h]”hŒand”…””}”(hjL  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1jJ  hjB  ubhŒ XSAVE YMM
support will break.”…””}”(hjB  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KBhj  h²hubeh}”(h]”Œmitigation-mechanism”ah ]”h"]”Œmitigation mechanism”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´K/ubhÉ)”}”(hhh]”(hÎ)”}”(hŒ-Mitigation control on the kernel command line”h]”hŒ-Mitigation control on the kernel command line”…””}”(hjo  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjl  h²hh³hÇh´KHubhÞ)”}”(hXx  The mitigation can be disabled by setting "gather_data_sampling=off" or
"mitigations=off" on the kernel command line. Not specifying either will default
to the mitigation being enabled. Specifying "gather_data_sampling=force" will
use the microcode mitigation when available or disable AVX on affected systems
where the microcode hasn't been updated to include the mitigation.”h]”hX†  The mitigation can be disabled by setting â€œgather_data_sampling=offâ€ or
â€œmitigations=offâ€ on the kernel command line. Not specifying either will default
to the mitigation being enabled. Specifying â€œgather_data_sampling=forceâ€ will
use the microcode mitigation when available or disable AVX on affected systems
where the microcode hasnâ€™t been updated to include the mitigation.”…””}”(hj}  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KIhjl  h²hubeh}”(h]”Œ-mitigation-control-on-the-kernel-command-line”ah ]”h"]”Œ-mitigation control on the kernel command line”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KHubhÉ)”}”(hhh]”(hÎ)”}”(hŒGDS System Information”h]”hŒGDS System Information”…””}”(hj–  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhj“  h²hh³hÇh´KPubhÞ)”}”(hŒ}The kernel provides vulnerability status information through sysfs. For
GDS this can be accessed by the following sysfs file:”h]”hŒ}The kernel provides vulnerability status information through sysfs. For
GDS this can be accessed by the following sysfs file:”…””}”(hj¤  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KQhj“  h²hubhÞ)”}”(hŒ</sys/devices/system/cpu/vulnerabilities/gather_data_sampling”h]”hŒ</sys/devices/system/cpu/vulnerabilities/gather_data_sampling”…””}”(hj²  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KThj“  h²hubhÞ)”}”(hŒ/The possible values contained in this file are:”h]”hŒ/The possible values contained in this file are:”…””}”(hjÀ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KVhj“  h²hubjP  )”}”(hX5  ============================== =============================================
Not affected                   Processor not vulnerable.
Vulnerable                     Processor vulnerable and mitigation disabled.
Vulnerable: No microcode       Processor vulnerable and microcode is missing
                               mitigation.
Mitigation: AVX disabled,
no microcode                   Processor is vulnerable and microcode is missing
                               mitigation. AVX disabled as mitigation.
Mitigation: Microcode          Processor is vulnerable and mitigation is in
                               effect.
Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in
                               effect and cannot be disabled.
Unknown: Dependent on
hypervisor status              Running on a virtual guest processor that is
                               affected but with no way to know if host
                               processor is mitigated or vulnerable.
============================== =============================================
”h]”j±  )”}”(hhh]”j¶  )”}”(hhh]”(j»  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jº  hjÕ  ubj»  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K0uh1jº  hjÕ  ubjÛ  )”}”(hhh]”(jà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒNot affected”h]”hŒNot affected”…””}”(hjõ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KYhjò  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjï  ubjå  )”}”(hhh]”hÞ)”}”(hŒProcessor not vulnerable.”h]”hŒProcessor not vulnerable.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KYhj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjï  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjì  ubjà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒ
Vulnerable”h]”hŒ
Vulnerable”…””}”(hj,  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KZhj)  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj&  ubjå  )”}”(hhh]”hÞ)”}”(hŒ-Processor vulnerable and mitigation disabled.”h]”hŒ-Processor vulnerable and mitigation disabled.”…””}”(hjC  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KZhj@  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj&  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjì  ubjà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒVulnerable: No microcode”h]”hŒVulnerable: No microcode”…””}”(hjc  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K[hj`  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj]  ubjå  )”}”(hhh]”hÞ)”}”(hŒ9Processor vulnerable and microcode is missing
mitigation.”h]”hŒ9Processor vulnerable and microcode is missing
mitigation.”…””}”(hjz  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K[hjw  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj]  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjì  ubjà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒMitigation: AVX disabled,”h]”hŒMitigation: AVX disabled,”…””}”(hjš  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K]hj—  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj”  ubjå  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj”  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjì  ubjà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒno microcode”h]”hŒno microcode”…””}”(hjÃ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K^hjÀ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj½  ubjå  )”}”(hhh]”hÞ)”}”(hŒXProcessor is vulnerable and microcode is missing
mitigation. AVX disabled as mitigation.”h]”hŒXProcessor is vulnerable and microcode is missing
mitigation. AVX disabled as mitigation.”…””}”(hjÚ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K^hj×  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj½  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjì  ubjà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒMitigation: Microcode”h]”hŒMitigation: Microcode”…””}”(hjú  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K`hj÷  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjô  ubjå  )”}”(hhh]”hÞ)”}”(hŒ4Processor is vulnerable and mitigation is in
effect.”h]”hŒ4Processor is vulnerable and mitigation is in
effect.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´K`hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjô  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjì  ubjà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒMitigation: Microcode (locked)”h]”hŒMitigation: Microcode (locked)”…””}”(hj1  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kbhj.  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj+  ubjå  )”}”(hhh]”hÞ)”}”(hŒKProcessor is vulnerable and mitigation is in
effect and cannot be disabled.”h]”hŒKProcessor is vulnerable and mitigation is in
effect and cannot be disabled.”…””}”(hjH  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KbhjE  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj+  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjì  ubjà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒUnknown: Dependent on”h]”hŒUnknown: Dependent on”…””}”(hjh  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kdhje  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjb  ubjå  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”uh1jä  hjb  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjì  ubjà  )”}”(hhh]”(jå  )”}”(hhh]”hÞ)”}”(hŒhypervisor status”h]”hŒhypervisor status”…””}”(hj‘  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´KehjŽ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj‹  ubjå  )”}”(hhh]”hÞ)”}”(hŒ{Running on a virtual guest processor that is
affected but with no way to know if host
processor is mitigated or vulnerable.”h]”hŒ{Running on a virtual guest processor that is
affected but with no way to know if host
processor is mitigated or vulnerable.”…””}”(hj¨  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Kehj¥  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jä  hj‹  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jß  hjì  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jÚ  hjÕ  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1jµ  hjÒ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j°  hjÎ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jO  h³hÇh´KXhj“  h²hubeh}”(h]”Œgds-system-information”ah ]”h"]”Œgds system information”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´KPubhÉ)”}”(hhh]”(hÎ)”}”(hŒGDS Default mitigation”h]”hŒGDS Default mitigation”…””}”(hjæ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÍhjã  h²hh³hÇh´KkubhÞ)”}”(hŒ|The updated microcode will enable the mitigation by default. The kernel's
default action is to leave the mitigation enabled.”h]”hŒ~The updated microcode will enable the mitigation by default. The kernelâ€™s
default action is to leave the mitigation enabled.”…””}”(hjô  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hÝh³hÇh´Klhjã  h²hubeh}”(h]”Œgds-default-mitigation”ah ]”h"]”Œgds default mitigation”ah$]”h&]”uh1hÈhhÊh²hh³hÇh´Kkubeh}”(h]”Œgds-gather-data-sampling”ah ]”h"]”Œgds - gather data sampling”ah$]”h&]”uh1hÈhhh²hh³hÇh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÇuh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hÍNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”jä  Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j4  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÇŒ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”Œnameids”}”(j  j  j-  j*  jŠ  j‡  ji  jf  j  j  jà  jÝ  j  j  uŒ	nametypes”}”(j  ‰j-  ‰jŠ  ‰ji  ‰j  ‰jà  ‰j  ‰uh}”(j  hÊj*  híj‡  j0  jf  j  j  jl  jÝ  j“  j  jã  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nh²hub.