€•'ï      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ+/translations/zh_CN/admin-guide/hw-vuln/mds”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/zh_TW/admin-guide/hw-vuln/mds”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/it_IT/admin-guide/hw-vuln/mds”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/ja_JP/admin-guide/hw-vuln/mds”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/ko_KR/admin-guide/hw-vuln/mds”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒPortuguese (Brazilian)”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/pt_BR/admin-guide/hw-vuln/mds”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh–sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ+/translations/sp_SP/admin-guide/hw-vuln/mds”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ&MDS - Microarchitectural Data Sampling”h]”hŒ&MDS - Microarchitectural Data Sampling”…””}”(hh¼h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhh·h²hh³ŒE/var/lib/git/docbuild/linux/Documentation/admin-guide/hw-vuln/mds.rst”h´KubhŒ	paragraph”“”)”}”(hŒ¥Microarchitectural Data Sampling is a hardware vulnerability which allows
unprivileged speculative access to data which is available in various CPU
internal buffers.”h]”hŒ¥Microarchitectural Data Sampling is a hardware vulnerability which allows
unprivileged speculative access to data which is available in various CPU
internal buffers.”…””}”(hhÍh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khh·h²hubh¶)”}”(hhh]”(h»)”}”(hŒAffected processors”h]”hŒAffected processors”…””}”(hhÞh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhhÛh²hh³hÊh´K	ubhÌ)”}”(hŒaThis vulnerability affects a wide range of Intel processors. The
vulnerability is not present on:”h]”hŒaThis vulnerability affects a wide range of Intel processors. The
vulnerability is not present on:”…””}”(hhìh²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KhhÛh²hubhŒblock_quote”“”)”}”(hX  - Processors from AMD, Centaur and other non Intel vendors

- Older processor models, where the CPU family is < 6

- Some Atoms (Bonnell, Saltwell, Goldmont, GoldmontPlus)

- Intel processors which have the ARCH_CAP_MDS_NO bit set in the
  IA32_ARCH_CAPABILITIES MSR.
”h]”hŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ9Processors from AMD, Centaur and other non Intel vendors
”h]”hÌ)”}”(hŒ8Processors from AMD, Centaur and other non Intel vendors”h]”hŒ8Processors from AMD, Centaur and other non Intel vendors”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hŒ4Older processor models, where the CPU family is < 6
”h]”hÌ)”}”(hŒ3Older processor models, where the CPU family is < 6”h]”hŒ3Older processor models, where the CPU family is < 6”…””}”(hj#  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hŒ7Some Atoms (Bonnell, Saltwell, Goldmont, GoldmontPlus)
”h]”hÌ)”}”(hŒ6Some Atoms (Bonnell, Saltwell, Goldmont, GoldmontPlus)”h]”hŒ6Some Atoms (Bonnell, Saltwell, Goldmont, GoldmontPlus)”…””}”(hj;  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khj7  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hŒ[Intel processors which have the ARCH_CAP_MDS_NO bit set in the
IA32_ARCH_CAPABILITIES MSR.
”h]”hÌ)”}”(hŒZIntel processors which have the ARCH_CAP_MDS_NO bit set in the
IA32_ARCH_CAPABILITIES MSR.”h]”hŒZIntel processors which have the ARCH_CAP_MDS_NO bit set in the
IA32_ARCH_CAPABILITIES MSR.”…””}”(hjS  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KhjO  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1j   h³hÊh´Khhüubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´KhhÛh²hubhÌ)”}”(hŒyWhether a processor is affected or not can be read out from the MDS
vulnerability file in sysfs. See :ref:`mds_sys_info`.”h]”(hŒeWhether a processor is affected or not can be read out from the MDS
vulnerability file in sysfs. See ”…””}”(hju  h²hh³Nh´Nubh)”}”(hŒ:ref:`mds_sys_info`”h]”hŒinline”“”)”}”(hj  h]”hŒmds_sys_info”…””}”(hjƒ  h²hh³Nh´Nubah}”(h]”h ]”(Œxref”Œstd”Œstd-ref”eh"]”h$]”h&]”uh1j  hj}  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”Œadmin-guide/hw-vuln/mds”Œ	refdomain”jŽ  Œreftype”Œref”Œrefexplicit”‰Œrefwarn”ˆŒ	reftarget”Œmds_sys_info”uh1hh³hÊh´Khju  ubhŒ.”…””}”(hju  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KhhÛh²hubhÌ)”}”(hŒœNot all processors are affected by all variants of MDS, but the mitigation
is identical for all of them so the kernel treats them as a single
vulnerability.”h]”hŒœNot all processors are affected by all variants of MDS, but the mitigation
is identical for all of them so the kernel treats them as a single
vulnerability.”…””}”(hj¬  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KhhÛh²hubeh}”(h]”Œaffected-processors”ah ]”h"]”Œaffected processors”ah$]”h&]”uh1hµhh·h²hh³hÊh´K	ubh¶)”}”(hhh]”(h»)”}”(hŒRelated CVEs”h]”hŒRelated CVEs”…””}”(hjÅ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjÂ  h²hh³hÊh´KubhÌ)”}”(hŒ?The following CVE entries are related to the MDS vulnerability:”h]”hŒ?The following CVE entries are related to the MDS vulnerability:”…””}”(hjÓ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K!hjÂ  h²hubhû)”}”(hX¬  ==============  =====  ===================================================
CVE-2018-12126  MSBDS  Microarchitectural Store Buffer Data Sampling
CVE-2018-12130  MFBDS  Microarchitectural Fill Buffer Data Sampling
CVE-2018-12127  MLPDS  Microarchitectural Load Port Data Sampling
CVE-2019-11091  MDSUM  Microarchitectural Data Sampling Uncacheable Memory
==============  =====  ===================================================
”h]”hŒtable”“”)”}”(hhh]”hŒtgroup”“”)”}”(hhh]”(hŒcolspec”“”)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jï  hjì  ubjð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jï  hjì  ubjð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K3uh1jï  hjì  ubhŒtbody”“”)”}”(hhh]”(hŒrow”“”)”}”(hhh]”(hŒentry”“”)”}”(hhh]”hÌ)”}”(hŒCVE-2018-12126”h]”hŒCVE-2018-12126”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K$hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”hÌ)”}”(hŒMSBDS”h]”hŒMSBDS”…””}”(hj5  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K$hj2  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”hÌ)”}”(hŒ-Microarchitectural Store Buffer Data Sampling”h]”hŒ-Microarchitectural Store Buffer Data Sampling”…””}”(hjL  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K$hjI  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒCVE-2018-12130”h]”hŒCVE-2018-12130”…””}”(hjl  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K%hji  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjf  ubj  )”}”(hhh]”hÌ)”}”(hŒMFBDS”h]”hŒMFBDS”…””}”(hjƒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K%hj€  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjf  ubj  )”}”(hhh]”hÌ)”}”(hŒ,Microarchitectural Fill Buffer Data Sampling”h]”hŒ,Microarchitectural Fill Buffer Data Sampling”…””}”(hjš  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K%hj—  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjf  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒCVE-2018-12127”h]”hŒCVE-2018-12127”…””}”(hjº  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K&hj·  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj´  ubj  )”}”(hhh]”hÌ)”}”(hŒMLPDS”h]”hŒMLPDS”…””}”(hjÑ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K&hjÎ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj´  ubj  )”}”(hhh]”hÌ)”}”(hŒ*Microarchitectural Load Port Data Sampling”h]”hŒ*Microarchitectural Load Port Data Sampling”…””}”(hjè  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K&hjå  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj´  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒCVE-2019-11091”h]”hŒCVE-2019-11091”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K'hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”hÌ)”}”(hŒMDSUM”h]”hŒMDSUM”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K'hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”hÌ)”}”(hŒ3Microarchitectural Data Sampling Uncacheable Memory”h]”hŒ3Microarchitectural Data Sampling Uncacheable Memory”…””}”(hj6  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K'hj3  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjì  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1jê  hjç  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jå  hjá  ubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´K#hjÂ  h²hubeh}”(h]”Œrelated-cves”ah ]”h"]”Œrelated cves”ah$]”h&]”uh1hµhh·h²hh³hÊh´Kubh¶)”}”(hhh]”(h»)”}”(hŒProblem”h]”hŒProblem”…””}”(hjt  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjq  h²hh³hÊh´K+ubhÌ)”}”(hŒÏWhen performing store, load, L1 refill operations, processors write data
into temporary microarchitectural structures (buffers). The data in the
buffer can be forwarded to load operations as an optimization.”h]”hŒÏWhen performing store, load, L1 refill operations, processors write data
into temporary microarchitectural structures (buffers). The data in the
buffer can be forwarded to load operations as an optimization.”…””}”(hj‚  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K-hjq  h²hubhÌ)”}”(hXô  Under certain conditions, usually a fault/assist caused by a load
operation, data unrelated to the load memory address can be speculatively
forwarded from the buffers. Because the load operation causes a fault or
assist and its result will be discarded, the forwarded data will not cause
incorrect program execution or state changes. But a malicious operation
may be able to forward this speculative data to a disclosure gadget which
allows in turn to infer the value via a cache side channel attack.”h]”hXô  Under certain conditions, usually a fault/assist caused by a load
operation, data unrelated to the load memory address can be speculatively
forwarded from the buffers. Because the load operation causes a fault or
assist and its result will be discarded, the forwarded data will not cause
incorrect program execution or state changes. But a malicious operation
may be able to forward this speculative data to a disclosure gadget which
allows in turn to infer the value via a cache side channel attack.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K1hjq  h²hubhÌ)”}”(hŒiBecause the buffers are potentially shared between Hyper-Threads cross
Hyper-Thread attacks are possible.”h]”hŒiBecause the buffers are potentially shared between Hyper-Threads cross
Hyper-Thread attacks are possible.”…””}”(hjž  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K9hjq  h²hubhÌ)”}”(hŒ„Deeper technical information is available in the MDS specific x86
architecture section: :ref:`Documentation/arch/x86/mds.rst <mds>`.”h]”(hŒXDeeper technical information is available in the MDS specific x86
architecture section: ”…””}”(hj¬  h²hh³Nh´Nubh)”}”(hŒ+:ref:`Documentation/arch/x86/mds.rst <mds>`”h]”j‚  )”}”(hj¶  h]”hŒDocumentation/arch/x86/mds.rst”…””}”(hj¸  h²hh³Nh´Nubah}”(h]”h ]”(j  Œstd”Œstd-ref”eh"]”h$]”h&]”uh1j  hj´  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”jš  Œ	refdomain”jÂ  Œreftype”Œref”Œrefexplicit”ˆŒrefwarn”ˆj   Œmds”uh1hh³hÊh´K<hj¬  ubhŒ.”…””}”(hj¬  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K<hjq  h²hubeh}”(h]”Œproblem”ah ]”h"]”Œproblem”ah$]”h&]”uh1hµhh·h²hh³hÊh´K+ubh¶)”}”(hhh]”(h»)”}”(hŒAttack scenarios”h]”hŒAttack scenarios”…””}”(hjé  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjæ  h²hh³hÊh´KAubhÌ)”}”(hŒÂAttacks against the MDS vulnerabilities can be mounted from malicious non-
privileged user space applications running on hosts or guest. Malicious
guest OSes can obviously mount attacks as well.”h]”hŒÂAttacks against the MDS vulnerabilities can be mounted from malicious non-
privileged user space applications running on hosts or guest. Malicious
guest OSes can obviously mount attacks as well.”…””}”(hj÷  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KChjæ  h²hubhÌ)”}”(hX  Contrary to other speculation based vulnerabilities the MDS vulnerability
does not allow the attacker to control the memory target address. As a
consequence the attacks are purely sampling based, but as demonstrated with
the TLBleed attack samples can be postprocessed successfully.”h]”hX  Contrary to other speculation based vulnerabilities the MDS vulnerability
does not allow the attacker to control the memory target address. As a
consequence the attacks are purely sampling based, but as demonstrated with
the TLBleed attack samples can be postprocessed successfully.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KGhjæ  h²hubh¶)”}”(hhh]”(h»)”}”(hŒWeb-Browsers”h]”hŒWeb-Browsers”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj  h²hh³hÊh´KMubhû)”}”(hŒÜIt's unclear whether attacks through Web-Browsers are possible at
all. The exploitation through Java-Script is considered very unlikely,
but other widely used web technologies like Webassembly could possibly be
abused.

”h]”hÌ)”}”(hŒÚIt's unclear whether attacks through Web-Browsers are possible at
all. The exploitation through Java-Script is considered very unlikely,
but other widely used web technologies like Webassembly could possibly be
abused.”h]”hŒÜItâ€™s unclear whether attacks through Web-Browsers are possible at
all. The exploitation through Java-Script is considered very unlikely,
but other widely used web technologies like Webassembly could possibly be
abused.”…””}”(hj(  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KOhj$  ubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´KOhj  h²hubhŒtarget”“”)”}”(hŒ.. _mds_sys_info:”h]”h}”(h]”h ]”h"]”h$]”h&]”Œrefid”Œmds-sys-info”uh1j<  h´KUhj  h²hh³hÊubeh}”(h]”Œweb-browsers”ah ]”h"]”Œweb-browsers”ah$]”h&]”uh1hµhjæ  h²hh³hÊh´KMubeh}”(h]”Œattack-scenarios”ah ]”h"]”Œattack scenarios”ah$]”h&]”uh1hµhh·h²hh³hÊh´KAubh¶)”}”(hhh]”(h»)”}”(hŒMDS system information”h]”hŒMDS system information”…””}”(hj]  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjZ  h²hh³hÊh´KXubhÌ)”}”(hŒ¾The Linux kernel provides a sysfs interface to enumerate the current MDS
status of the system: whether the system is vulnerable, and which
mitigations are active. The relevant sysfs file is:”h]”hŒ¾The Linux kernel provides a sysfs interface to enumerate the current MDS
status of the system: whether the system is vulnerable, and which
mitigations are active. The relevant sysfs file is:”…””}”(hjk  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KZhjZ  h²hubhÌ)”}”(hŒ+/sys/devices/system/cpu/vulnerabilities/mds”h]”hŒ+/sys/devices/system/cpu/vulnerabilities/mds”…””}”(hjy  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K^hjZ  h²hubhÌ)”}”(hŒ%The possible values in this file are:”h]”hŒ%The possible values in this file are:”…””}”(hj‡  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K`hjZ  h²hubhû)”}”(hXL  .. list-table::

   * - 'Not affected'
     - The processor is not vulnerable
   * - 'Vulnerable'
     - The processor is vulnerable, but no mitigation enabled
   * - 'Vulnerable: Clear CPU buffers attempted, no microcode'
     - The processor is vulnerable but microcode is not updated. The
       mitigation is enabled on a best effort basis.

       If the processor is vulnerable but the availability of the microcode
       based mitigation mechanism is not advertised via CPUID, the kernel
       selects a best effort mitigation mode. This mode invokes the mitigation
       instructions without a guarantee that they clear the CPU buffers.

       This is done to address virtualization scenarios where the host has the
       microcode update applied, but the hypervisor is not yet updated to
       expose the CPUID to the guest. If the host has updated microcode the
       protection takes effect; otherwise a few CPU cycles are wasted
       pointlessly.
   * - 'Mitigation: Clear CPU buffers'
     - The processor is vulnerable and the CPU buffer clearing mitigation is
       enabled.
”h]”jæ  )”}”(hhh]”jë  )”}”(hhh]”(jð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K2uh1jï  hjœ  ubjð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”j¨  K2uh1jï  hjœ  ubj  )”}”(hhh]”(j  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒ'Not affected'”h]”hŒâ€˜Not affectedâ€™”…””}”(hj»  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kdhj¸  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjµ  ubj  )”}”(hhh]”hÌ)”}”(hŒThe processor is not vulnerable”h]”hŒThe processor is not vulnerable”…””}”(hjÒ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KehjÏ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjµ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj²  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒ'Vulnerable'”h]”hŒâ€˜Vulnerableâ€™”…””}”(hjò  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kfhjï  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjì  ubj  )”}”(hhh]”hÌ)”}”(hŒ6The processor is vulnerable, but no mitigation enabled”h]”hŒ6The processor is vulnerable, but no mitigation enabled”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kghj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjì  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj²  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒ7'Vulnerable: Clear CPU buffers attempted, no microcode'”h]”hŒ;â€˜Vulnerable: Clear CPU buffers attempted, no microcodeâ€™”…””}”(hj)  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khhj&  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj#  ubj  )”}”(hhh]”(hÌ)”}”(hŒkThe processor is vulnerable but microcode is not updated. The
mitigation is enabled on a best effort basis.”h]”hŒkThe processor is vulnerable but microcode is not updated. The
mitigation is enabled on a best effort basis.”…””}”(hj@  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kihj=  ubhÌ)”}”(hX  If the processor is vulnerable but the availability of the microcode
based mitigation mechanism is not advertised via CPUID, the kernel
selects a best effort mitigation mode. This mode invokes the mitigation
instructions without a guarantee that they clear the CPU buffers.”h]”hX  If the processor is vulnerable but the availability of the microcode
based mitigation mechanism is not advertised via CPUID, the kernel
selects a best effort mitigation mode. This mode invokes the mitigation
instructions without a guarantee that they clear the CPU buffers.”…””}”(hjN  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Klhj=  ubhÌ)”}”(hX  This is done to address virtualization scenarios where the host has the
microcode update applied, but the hypervisor is not yet updated to
expose the CPUID to the guest. If the host has updated microcode the
protection takes effect; otherwise a few CPU cycles are wasted
pointlessly.”h]”hX  This is done to address virtualization scenarios where the host has the
microcode update applied, but the hypervisor is not yet updated to
expose the CPUID to the guest. If the host has updated microcode the
protection takes effect; otherwise a few CPU cycles are wasted
pointlessly.”…””}”(hj\  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kqhj=  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj#  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj²  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒ'Mitigation: Clear CPU buffers'”h]”hŒ#â€˜Mitigation: Clear CPU buffersâ€™”…””}”(hj|  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kvhjy  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjv  ubj  )”}”(hhh]”hÌ)”}”(hŒNThe processor is vulnerable and the CPU buffer clearing mitigation is
enabled.”h]”hŒNThe processor is vulnerable and the CPU buffer clearing mitigation is
enabled.”…””}”(hj“  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kwhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjv  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj²  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjœ  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1jê  hj™  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jå  hj•  ubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´KbhjZ  h²hubhÌ)”}”(hŒcIf the processor is vulnerable then the following information is appended
to the above information:”h]”hŒcIf the processor is vulnerable then the following information is appended
to the above information:”…””}”(hjÆ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KzhjZ  h²hubhû)”}”(hX^  ========================  ============================================
'SMT vulnerable'          SMT is enabled
'SMT mitigated'           SMT is enabled and mitigated
'SMT disabled'            SMT is disabled
'SMT Host state unknown'  Kernel runs in a VM, Host SMT state unknown
========================  ============================================
”h]”jæ  )”}”(hhh]”jë  )”}”(hhh]”(jð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jï  hjÛ  ubjð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K,uh1jï  hjÛ  ubj  )”}”(hhh]”(j  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒ'SMT vulnerable'”h]”hŒâ€˜SMT vulnerableâ€™”…””}”(hjû  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K~hjø  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjõ  ubj  )”}”(hhh]”hÌ)”}”(hŒSMT is enabled”h]”hŒSMT is enabled”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K~hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjõ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjò  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒ'SMT mitigated'”h]”hŒâ€˜SMT mitigatedâ€™”…””}”(hj2  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khj/  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj,  ubj  )”}”(hhh]”hÌ)”}”(hŒSMT is enabled and mitigated”h]”hŒSMT is enabled and mitigated”…””}”(hjI  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KhjF  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj,  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjò  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒ'SMT disabled'”h]”hŒâ€˜SMT disabledâ€™”…””}”(hji  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K€hjf  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjc  ubj  )”}”(hhh]”hÌ)”}”(hŒSMT is disabled”h]”hŒSMT is disabled”…””}”(hj€  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K€hj}  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjc  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjò  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒ'SMT Host state unknown'”h]”hŒâ€˜SMT Host state unknownâ€™”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjš  ubj  )”}”(hhh]”hÌ)”}”(hŒ+Kernel runs in a VM, Host SMT state unknown”h]”hŒ+Kernel runs in a VM, Host SMT state unknown”…””}”(hj·  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Khj´  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjš  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjò  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjÛ  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1jê  hjØ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jå  hjÔ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´K}hjZ  h²hubeh}”(h]”(Œmds-system-information”jI  eh ]”h"]”(Œmds system information”Œmds_sys_info”eh$]”h&]”uh1hµhh·h²hh³hÊh´KXŒexpect_referenced_by_name”}”jð  j>  sŒexpect_referenced_by_id”}”jI  j>  subh¶)”}”(hhh]”(h»)”}”(hŒMitigation mechanism”h]”hŒMitigation mechanism”…””}”(hjú  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj÷  h²hh³hÊh´K…ubhÌ)”}”(hŒYThe kernel detects the affected CPUs and the presence of the microcode
which is required.”h]”hŒYThe kernel detects the affected CPUs and the presence of the microcode
which is required.”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K‡hj÷  h²hubhÌ)”}”(hŒçIf a CPU is affected and the microcode is available, then the kernel
enables the mitigation by default. The mitigation can be controlled at boot
time via a kernel command line option. See
:ref:`mds_mitigation_control_command_line`.”h]”(hŒ¼If a CPU is affected and the microcode is available, then the kernel
enables the mitigation by default. The mitigation can be controlled at boot
time via a kernel command line option. See
”…””}”(hj  h²hh³Nh´Nubh)”}”(hŒ*:ref:`mds_mitigation_control_command_line`”h]”j‚  )”}”(hj   h]”hŒ#mds_mitigation_control_command_line”…””}”(hj"  h²hh³Nh´Nubah}”(h]”h ]”(j  Œstd”Œstd-ref”eh"]”h$]”h&]”uh1j  hj  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”jš  Œ	refdomain”j,  Œreftype”Œref”Œrefexplicit”‰Œrefwarn”ˆj   Œ#mds_mitigation_control_command_line”uh1hh³hÊh´KŠhj  ubhŒ.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KŠhj÷  h²hubj=  )”}”(hŒ.. _cpu_buffer_clear:”h]”h}”(h]”h ]”h"]”h$]”h&]”jH  Œcpu-buffer-clear”uh1j<  h´Khj÷  h²hh³hÊubh¶)”}”(hhh]”(h»)”}”(hŒCPU buffer clearing”h]”hŒCPU buffer clearing”…””}”(hjV  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjS  h²hh³hÊh´K’ubhû)”}”(hXÈ  The mitigation for MDS clears the affected CPU buffers on return to user
space and when entering a guest.

If SMT is enabled it also clears the buffers on idle entry when the CPU
is only affected by MSBDS and not any other MDS variant, because the
other variants cannot be protected against cross Hyper-Thread attacks.

For CPUs which are only affected by MSBDS the user space, guest and idle
transition mitigations are sufficient and SMT is not affected.
”h]”(hÌ)”}”(hŒiThe mitigation for MDS clears the affected CPU buffers on return to user
space and when entering a guest.”h]”hŒiThe mitigation for MDS clears the affected CPU buffers on return to user
space and when entering a guest.”…””}”(hjh  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K”hjd  ubhÌ)”}”(hŒÓIf SMT is enabled it also clears the buffers on idle entry when the CPU
is only affected by MSBDS and not any other MDS variant, because the
other variants cannot be protected against cross Hyper-Thread attacks.”h]”hŒÓIf SMT is enabled it also clears the buffers on idle entry when the CPU
is only affected by MSBDS and not any other MDS variant, because the
other variants cannot be protected against cross Hyper-Thread attacks.”…””}”(hjv  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K—hjd  ubhÌ)”}”(hŒ‡For CPUs which are only affected by MSBDS the user space, guest and idle
transition mitigations are sufficient and SMT is not affected.”h]”hŒ‡For CPUs which are only affected by MSBDS the user space, guest and idle
transition mitigations are sufficient and SMT is not affected.”…””}”(hj„  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K›hjd  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´K”hjS  h²hubj=  )”}”(hŒ.. _virt_mechanism:”h]”h}”(h]”h ]”h"]”h$]”h&]”jH  Œvirt-mechanism”uh1j<  h´KžhjS  h²hh³hÊubeh}”(h]”(Œcpu-buffer-clearing”jR  eh ]”h"]”(Œcpu buffer clearing”Œcpu_buffer_clear”eh$]”h&]”uh1hµhj÷  h²hh³hÊh´K’jó  }”j©  jH  sjõ  }”jR  jH  subh¶)”}”(hhh]”(h»)”}”(hŒVirtualization mitigation”h]”hŒVirtualization mitigation”…””}”(hj±  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj®  h²hh³hÊh´K¡ubhû)”}”(hX¨  The protection for host to guest transition depends on the L1TF
vulnerability of the CPU:

- CPU is affected by L1TF:

  If the L1D flush mitigation is enabled and up to date microcode is
  available, the L1D flush mitigation is automatically protecting the
  guest transition.

  If the L1D flush mitigation is disabled then the MDS mitigation is
  invoked explicit when the host MDS mitigation is enabled.

  For details on L1TF and virtualization see:
  :ref:`Documentation/admin-guide/hw-vuln//l1tf.rst <mitigation_control_kvm>`.

- CPU is not affected by L1TF:

  CPU buffers are flushed before entering the guest when the host MDS
  mitigation is enabled.

The resulting MDS protection matrix for the host to guest transition:

============ ===== ============= ============ =================
 L1TF         MDS   VMX-L1FLUSH   Host MDS     MDS-State

 Don't care   No    Don't care    N/A          Not affected

 Yes          Yes   Disabled      Off          Vulnerable

 Yes          Yes   Disabled      Full         Mitigated

 Yes          Yes   Enabled       Don't care   Mitigated

 No           Yes   N/A           Off          Vulnerable

 No           Yes   N/A           Full         Mitigated
============ ===== ============= ============ =================

This only covers the host to guest transition, i.e. prevents leakage from
host to guest, but does not protect the guest internally. Guests need to
have their own protections.
”h]”(hÌ)”}”(hŒYThe protection for host to guest transition depends on the L1TF
vulnerability of the CPU:”h]”hŒYThe protection for host to guest transition depends on the L1TF
vulnerability of the CPU:”…””}”(hjÃ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K£hj¿  ubj  )”}”(hhh]”(j  )”}”(hX«  CPU is affected by L1TF:

If the L1D flush mitigation is enabled and up to date microcode is
available, the L1D flush mitigation is automatically protecting the
guest transition.

If the L1D flush mitigation is disabled then the MDS mitigation is
invoked explicit when the host MDS mitigation is enabled.

For details on L1TF and virtualization see:
:ref:`Documentation/admin-guide/hw-vuln//l1tf.rst <mitigation_control_kvm>`.
”h]”(hÌ)”}”(hŒCPU is affected by L1TF:”h]”hŒCPU is affected by L1TF:”…””}”(hjØ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¦hjÔ  ubhÌ)”}”(hŒ˜If the L1D flush mitigation is enabled and up to date microcode is
available, the L1D flush mitigation is automatically protecting the
guest transition.”h]”hŒ˜If the L1D flush mitigation is enabled and up to date microcode is
available, the L1D flush mitigation is automatically protecting the
guest transition.”…””}”(hjæ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¨hjÔ  ubhÌ)”}”(hŒ|If the L1D flush mitigation is disabled then the MDS mitigation is
invoked explicit when the host MDS mitigation is enabled.”h]”hŒ|If the L1D flush mitigation is disabled then the MDS mitigation is
invoked explicit when the host MDS mitigation is enabled.”…””}”(hjô  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¬hjÔ  ubhÌ)”}”(hŒxFor details on L1TF and virtualization see:
:ref:`Documentation/admin-guide/hw-vuln//l1tf.rst <mitigation_control_kvm>`.”h]”(hŒ,For details on L1TF and virtualization see:
”…””}”(hj  h²hh³Nh´Nubh)”}”(hŒK:ref:`Documentation/admin-guide/hw-vuln//l1tf.rst <mitigation_control_kvm>`”h]”j‚  )”}”(hj  h]”hŒ+Documentation/admin-guide/hw-vuln//l1tf.rst”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”(j  Œstd”Œstd-ref”eh"]”h$]”h&]”uh1j  hj
  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”jš  Œ	refdomain”j  Œreftype”Œref”Œrefexplicit”ˆŒrefwarn”ˆj   Œmitigation_control_kvm”uh1hh³hÊh´K¯hj  ubhŒ.”…””}”(hj  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¯hjÔ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjÑ  ubj  )”}”(hŒyCPU is not affected by L1TF:

CPU buffers are flushed before entering the guest when the host MDS
mitigation is enabled.
”h]”(hÌ)”}”(hŒCPU is not affected by L1TF:”h]”hŒCPU is not affected by L1TF:”…””}”(hj>  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K²hj:  ubhÌ)”}”(hŒZCPU buffers are flushed before entering the guest when the host MDS
mitigation is enabled.”h]”hŒZCPU buffers are flushed before entering the guest when the host MDS
mitigation is enabled.”…””}”(hjL  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K´hj:  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjÑ  ubeh}”(h]”h ]”h"]”h$]”h&]”jm  jn  uh1j   h³hÊh´K¦hj¿  ubhÌ)”}”(hŒEThe resulting MDS protection matrix for the host to guest transition:”h]”hŒEThe resulting MDS protection matrix for the host to guest transition:”…””}”(hjf  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K·hj¿  ubjæ  )”}”(hhh]”jë  )”}”(hhh]”(jð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jï  hjw  ubjð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jï  hjw  ubjð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jï  hjw  ubjð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jï  hjw  ubjð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jï  hjw  ubj  )”}”(hhh]”(j  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒL1TF”h]”hŒL1TF”…””}”(hjµ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kºhj²  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¯  ubj  )”}”(hhh]”hÌ)”}”(hŒMDS”h]”hŒMDS”…””}”(hjÌ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KºhjÉ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¯  ubj  )”}”(hhh]”hÌ)”}”(hŒVMX-L1FLUSH”h]”hŒVMX-L1FLUSH”…””}”(hjã  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kºhjà  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¯  ubj  )”}”(hhh]”hÌ)”}”(hŒHost MDS”h]”hŒHost MDS”…””}”(hjú  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kºhj÷  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¯  ubj  )”}”(hhh]”hÌ)”}”(hŒ	MDS-State”h]”hŒ	MDS-State”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kºhj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¯  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¬  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒ
Don't care”h]”hŒDonâ€™t care”…””}”(hj1	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¼hj.	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj+	  ubj  )”}”(hhh]”hÌ)”}”(hŒNo”h]”hŒNo”…””}”(hjH	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¼hjE	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj+	  ubj  )”}”(hhh]”hÌ)”}”(hŒ
Don't care”h]”hŒDonâ€™t care”…””}”(hj_	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¼hj\	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj+	  ubj  )”}”(hhh]”hÌ)”}”(hŒN/A”h]”hŒN/A”…””}”(hjv	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¼hjs	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj+	  ubj  )”}”(hhh]”hÌ)”}”(hŒNot affected”h]”hŒNot affected”…””}”(hj	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¼hjŠ	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj+	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¬  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒYes”h]”hŒYes”…””}”(hj­	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¾hjª	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj§	  ubj  )”}”(hhh]”hÌ)”}”(hŒYes”h]”hŒYes”…””}”(hjÄ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¾hjÁ	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj§	  ubj  )”}”(hhh]”hÌ)”}”(hŒDisabled”h]”hŒDisabled”…””}”(hjÛ	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¾hjØ	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj§	  ubj  )”}”(hhh]”hÌ)”}”(hŒOff”h]”hŒOff”…””}”(hjò	  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¾hjï	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj§	  ubj  )”}”(hhh]”hÌ)”}”(hŒ
Vulnerable”h]”hŒ
Vulnerable”…””}”(hj	
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´K¾hj
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj§	  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¬  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒYes”h]”hŒYes”…””}”(hj)
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÀhj&
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj#
  ubj  )”}”(hhh]”hÌ)”}”(hŒYes”h]”hŒYes”…””}”(hj@
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÀhj=
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj#
  ubj  )”}”(hhh]”hÌ)”}”(hŒDisabled”h]”hŒDisabled”…””}”(hjW
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÀhjT
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj#
  ubj  )”}”(hhh]”hÌ)”}”(hŒFull”h]”hŒFull”…””}”(hjn
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÀhjk
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj#
  ubj  )”}”(hhh]”hÌ)”}”(hŒ	Mitigated”h]”hŒ	Mitigated”…””}”(hj…
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÀhj‚
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj#
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¬  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒYes”h]”hŒYes”…””}”(hj¥
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÂhj¢
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjŸ
  ubj  )”}”(hhh]”hÌ)”}”(hŒYes”h]”hŒYes”…””}”(hj¼
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÂhj¹
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjŸ
  ubj  )”}”(hhh]”hÌ)”}”(hŒEnabled”h]”hŒEnabled”…””}”(hjÓ
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÂhjÐ
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjŸ
  ubj  )”}”(hhh]”hÌ)”}”(hŒ
Don't care”h]”hŒDonâ€™t care”…””}”(hjê
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÂhjç
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjŸ
  ubj  )”}”(hhh]”hÌ)”}”(hŒ	Mitigated”h]”hŒ	Mitigated”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÂhjþ
  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjŸ
  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¬  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒNo”h]”hŒNo”…””}”(hj!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÄhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”hÌ)”}”(hŒYes”h]”hŒYes”…””}”(hj8  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÄhj5  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”hÌ)”}”(hŒN/A”h]”hŒN/A”…””}”(hjO  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÄhjL  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”hÌ)”}”(hŒOff”h]”hŒOff”…””}”(hjf  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÄhjc  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”hÌ)”}”(hŒ
Vulnerable”h]”hŒ
Vulnerable”…””}”(hj}  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÄhjz  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¬  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒNo”h]”hŒNo”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÆhjš  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj—  ubj  )”}”(hhh]”hÌ)”}”(hŒYes”h]”hŒYes”…””}”(hj´  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÆhj±  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj—  ubj  )”}”(hhh]”hÌ)”}”(hŒN/A”h]”hŒN/A”…””}”(hjË  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÆhjÈ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj—  ubj  )”}”(hhh]”hÌ)”}”(hŒFull”h]”hŒFull”…””}”(hjâ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÆhjß  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj—  ubj  )”}”(hhh]”hÌ)”}”(hŒ	Mitigated”h]”hŒ	Mitigated”…””}”(hjù  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÆhjö  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj—  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj¬  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjw  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1jê  hjt  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jå  hj¿  ubhÌ)”}”(hŒ®This only covers the host to guest transition, i.e. prevents leakage from
host to guest, but does not protect the guest internally. Guests need to
have their own protections.”h]”hŒ®This only covers the host to guest transition, i.e. prevents leakage from
host to guest, but does not protect the guest internally. Guests need to
have their own protections.”…””}”(hj&  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÉhj¿  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´K£hj®  h²hubj=  )”}”(hŒ.. _xeon_phi:”h]”h}”(h]”h ]”h"]”h$]”h&]”jH  Œxeon-phi”uh1j<  h´KÍhj®  h²hh³hÊubeh}”(h]”(Œvirtualization-mitigation”j¢  eh ]”h"]”(Œvirtualization mitigation”Œvirt_mechanism”eh$]”h&]”uh1hµhj÷  h²hh³hÊh´K¡jó  }”jK  j˜  sjõ  }”j¢  j˜  subh¶)”}”(hhh]”(h»)”}”(hŒ XEON PHI specific considerations”h]”hŒ XEON PHI specific considerations”…””}”(hjS  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjP  h²hh³hÊh´KÐubhû)”}”(hX4  The XEON PHI processor family is affected by MSBDS which can be exploited
cross Hyper-Threads when entering idle states. Some XEON PHI variants allow
to use MWAIT in user space (Ring 3) which opens an potential attack vector
for malicious user space. The exposure can be disabled on the kernel
command line with the 'ring3mwait=disable' command line option.

XEON PHI is not affected by the other MDS variants and MSBDS is mitigated
before the CPU enters an idle state. As XEON PHI is not affected by L1TF
either disabling SMT is not required for full protection.
”h]”(hÌ)”}”(hXe  The XEON PHI processor family is affected by MSBDS which can be exploited
cross Hyper-Threads when entering idle states. Some XEON PHI variants allow
to use MWAIT in user space (Ring 3) which opens an potential attack vector
for malicious user space. The exposure can be disabled on the kernel
command line with the 'ring3mwait=disable' command line option.”h]”hXi  The XEON PHI processor family is affected by MSBDS which can be exploited
cross Hyper-Threads when entering idle states. Some XEON PHI variants allow
to use MWAIT in user space (Ring 3) which opens an potential attack vector
for malicious user space. The exposure can be disabled on the kernel
command line with the â€˜ring3mwait=disableâ€™ command line option.”…””}”(hje  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KÒhja  ubhÌ)”}”(hŒÌXEON PHI is not affected by the other MDS variants and MSBDS is mitigated
before the CPU enters an idle state. As XEON PHI is not affected by L1TF
either disabling SMT is not required for full protection.”h]”hŒÌXEON PHI is not affected by the other MDS variants and MSBDS is mitigated
before the CPU enters an idle state. As XEON PHI is not affected by L1TF
either disabling SMT is not required for full protection.”…””}”(hjs  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KØhja  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´KÒhjP  h²hubj=  )”}”(hŒ.. _mds_smt_control:”h]”h}”(h]”h ]”h"]”h$]”h&]”jH  Œmds-smt-control”uh1j<  h´KÜhjP  h²hh³hÊubeh}”(h]”(Œ xeon-phi-specific-considerations”jD  eh ]”h"]”(Œ xeon phi specific considerations”Œxeon_phi”eh$]”h&]”uh1hµhj÷  h²hh³hÊh´KÐjó  }”j˜  j:  sjõ  }”jD  j:  subh¶)”}”(hhh]”(h»)”}”(hŒSMT control”h]”hŒSMT control”…””}”(hj   h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj  h²hh³hÊh´Kßubhû)”}”(hXý  All MDS variants except MSBDS can be attacked cross Hyper-Threads. That
means on CPUs which are affected by MFBDS or MLPDS it is necessary to
disable SMT for full protection. These are most of the affected CPUs; the
exception is XEON PHI, see :ref:`xeon_phi`.

Disabling SMT can have a significant performance impact, but the impact
depends on the type of workloads.

See the relevant chapter in the L1TF mitigation documentation for details:
:ref:`Documentation/admin-guide/hw-vuln/l1tf.rst <smt_control>`.

”h]”(hÌ)”}”(hX  All MDS variants except MSBDS can be attacked cross Hyper-Threads. That
means on CPUs which are affected by MFBDS or MLPDS it is necessary to
disable SMT for full protection. These are most of the affected CPUs; the
exception is XEON PHI, see :ref:`xeon_phi`.”h]”(hŒóAll MDS variants except MSBDS can be attacked cross Hyper-Threads. That
means on CPUs which are affected by MFBDS or MLPDS it is necessary to
disable SMT for full protection. These are most of the affected CPUs; the
exception is XEON PHI, see ”…””}”(hj²  h²hh³Nh´Nubh)”}”(hŒ:ref:`xeon_phi`”h]”j‚  )”}”(hj¼  h]”hŒxeon_phi”…””}”(hj¾  h²hh³Nh´Nubah}”(h]”h ]”(j  Œstd”Œstd-ref”eh"]”h$]”h&]”uh1j  hjº  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”jš  Œ	refdomain”jÈ  Œreftype”Œref”Œrefexplicit”‰Œrefwarn”ˆj   Œxeon_phi”uh1hh³hÊh´Káhj²  ubhŒ.”…””}”(hj²  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Káhj®  ubhÌ)”}”(hŒiDisabling SMT can have a significant performance impact, but the impact
depends on the type of workloads.”h]”hŒiDisabling SMT can have a significant performance impact, but the impact
depends on the type of workloads.”…””}”(hjä  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kæhj®  ubhÌ)”}”(hŒ‹See the relevant chapter in the L1TF mitigation documentation for details:
:ref:`Documentation/admin-guide/hw-vuln/l1tf.rst <smt_control>`.”h]”(hŒKSee the relevant chapter in the L1TF mitigation documentation for details:
”…””}”(hjò  h²hh³Nh´Nubh)”}”(hŒ?:ref:`Documentation/admin-guide/hw-vuln/l1tf.rst <smt_control>`”h]”j‚  )”}”(hjü  h]”hŒ*Documentation/admin-guide/hw-vuln/l1tf.rst”…””}”(hjþ  h²hh³Nh´Nubah}”(h]”h ]”(j  Œstd”Œstd-ref”eh"]”h$]”h&]”uh1j  hjú  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”jš  Œ	refdomain”j  Œreftype”Œref”Œrefexplicit”ˆŒrefwarn”ˆj   Œsmt_control”uh1hh³hÊh´Kéhjò  ubhŒ.”…””}”(hjò  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kéhj®  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´Káhj  h²hubj=  )”}”(hŒ(.. _mds_mitigation_control_command_line:”h]”h}”(h]”h ]”h"]”h$]”h&]”jH  Œ#mds-mitigation-control-command-line”uh1j<  h´Kíhj  h²hh³hÊubeh}”(h]”(Œsmt-control”j‘  eh ]”h"]”(Œsmt control”Œmds_smt_control”eh$]”h&]”uh1hµhj÷  h²hh³hÊh´Kßjó  }”j;  j‡  sjõ  }”j‘  j‡  subeh}”(h]”Œmitigation-mechanism”ah ]”h"]”Œmitigation mechanism”ah$]”h&]”uh1hµhh·h²hh³hÊh´K…ubh¶)”}”(hhh]”(h»)”}”(hŒ-Mitigation control on the kernel command line”h]”hŒ-Mitigation control on the kernel command line”…””}”(hjK  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjH  h²hh³hÊh´KðubhÌ)”}”(hŒ‹The kernel command line allows to control the MDS mitigations at boot
time with the option "mds=". The valid arguments for this option are:”h]”hŒThe kernel command line allows to control the MDS mitigations at boot
time with the option â€œmds=â€. The valid arguments for this option are:”…””}”(hjY  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KòhjH  h²hubhû)”}”(hX‡  ============  =============================================================
full          If the CPU is vulnerable, enable all available mitigations
              for the MDS vulnerability, CPU buffer clearing on exit to
              userspace and when entering a VM. Idle transitions are
              protected as well if SMT is enabled.

              It does not automatically disable SMT.

full,nosmt    The same as mds=full, with SMT disabled on vulnerable
              CPUs.  This is the complete mitigation.

off           Disables MDS mitigations completely.

============  =============================================================
”h]”jæ  )”}”(hhh]”jë  )”}”(hhh]”(jð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1jï  hjn  ubjð  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K=uh1jï  hjn  ubj  )”}”(hhh]”(j  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒfull”h]”hŒfull”…””}”(hjŽ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Köhj‹  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjˆ  ubj  )”}”(hhh]”(hÌ)”}”(hŒÐIf the CPU is vulnerable, enable all available mitigations
for the MDS vulnerability, CPU buffer clearing on exit to
userspace and when entering a VM. Idle transitions are
protected as well if SMT is enabled.”h]”hŒÐIf the CPU is vulnerable, enable all available mitigations
for the MDS vulnerability, CPU buffer clearing on exit to
userspace and when entering a VM. Idle transitions are
protected as well if SMT is enabled.”…””}”(hj¥  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Köhj¢  ubhÌ)”}”(hŒ&It does not automatically disable SMT.”h]”hŒ&It does not automatically disable SMT.”…””}”(hj³  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kûhj¢  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjˆ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj…  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒ
full,nosmt”h]”hŒ
full,nosmt”…””}”(hjÓ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´KýhjÐ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjÍ  ubj  )”}”(hhh]”hÌ)”}”(hŒ]The same as mds=full, with SMT disabled on vulnerable
CPUs.  This is the complete mitigation.”h]”hŒ]The same as mds=full, with SMT disabled on vulnerable
CPUs.  This is the complete mitigation.”…””}”(hjê  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Kýhjç  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjÍ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj…  ubj  )”}”(hhh]”(j  )”}”(hhh]”hÌ)”}”(hŒoff”h]”hŒoff”…””}”(hj
  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubj  )”}”(hhh]”hÌ)”}”(hŒ$Disables MDS mitigations completely.”h]”hŒ$Disables MDS mitigations completely.”…””}”(hj!  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hj…  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j  hjn  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1jê  hjk  ubah}”(h]”h ]”h"]”h$]”h&]”uh1jå  hjg  ubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´KõhjH  h²hubhÌ)”}”(hX  Not specifying this option is equivalent to "mds=full". For processors
that are affected by both TAA (TSX Asynchronous Abort) and MDS,
specifying just "mds=off" without an accompanying "tsx_async_abort=off"
will have no effect as the same mitigation is used for both
vulnerabilities.”h]”hX'  Not specifying this option is equivalent to â€œmds=fullâ€. For processors
that are affected by both TAA (TSX Asynchronous Abort) and MDS,
specifying just â€œmds=offâ€ without an accompanying â€œtsx_async_abort=offâ€
will have no effect as the same mitigation is used for both
vulnerabilities.”…””}”(hjT  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MhjH  h²hubeh}”(h]”(Œ-mitigation-control-on-the-kernel-command-line”j4  eh ]”h"]”(Œ-mitigation control on the kernel command line”Œ#mds_mitigation_control_command_line”eh$]”h&]”uh1hµhh·h²hh³hÊh´Kðjó  }”jh  j*  sjõ  }”j4  j*  subh¶)”}”(hhh]”(h»)”}”(hŒMitigation selection guide”h]”hŒMitigation selection guide”…””}”(hjp  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjm  h²hh³hÊh´Mubh¶)”}”(hhh]”(h»)”}”(hŒ1. Trusted userspace”h]”hŒ1. Trusted userspace”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj~  h²hh³hÊh´Mubhû)”}”(hŒžIf all userspace applications are from a trusted source and do not
execute untrusted code which is supplied externally, then the mitigation
can be disabled.

”h]”hÌ)”}”(hŒœIf all userspace applications are from a trusted source and do not
execute untrusted code which is supplied externally, then the mitigation
can be disabled.”h]”hŒœIf all userspace applications are from a trusted source and do not
execute untrusted code which is supplied externally, then the mitigation
can be disabled.”…””}”(hj“  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´Mhj~  h²hubeh}”(h]”Œtrusted-userspace”ah ]”h"]”Œ1. trusted userspace”ah$]”h&]”uh1hµhjm  h²hh³hÊh´Mubh¶)”}”(hhh]”(h»)”}”(hŒ%2. Virtualization with trusted guests”h]”hŒ%2. Virtualization with trusted guests”…””}”(hj²  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhj¯  h²hh³hÊh´Mubhû)”}”(hŒBThe same considerations as above versus trusted user space apply.
”h]”hÌ)”}”(hŒAThe same considerations as above versus trusted user space apply.”h]”hŒAThe same considerations as above versus trusted user space apply.”…””}”(hjÄ  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´MhjÀ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´Mhj¯  h²hubeh}”(h]”Œ"virtualization-with-trusted-guests”ah ]”h"]”Œ%2. virtualization with trusted guests”ah$]”h&]”uh1hµhjm  h²hh³hÊh´Mubh¶)”}”(hhh]”(h»)”}”(hŒ'3. Virtualization with untrusted guests”h]”hŒ'3. Virtualization with untrusted guests”…””}”(hjã  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjà  h²hh³hÊh´Mubhû)”}”(hŒÇThe protection depends on the state of the L1TF mitigations.
See :ref:`virt_mechanism`.

If the MDS mitigation is enabled and SMT is disabled, guest to host and
guest to guest attacks are prevented.
”h]”(hÌ)”}”(hŒWThe protection depends on the state of the L1TF mitigations.
See :ref:`virt_mechanism`.”h]”(hŒAThe protection depends on the state of the L1TF mitigations.
See ”…””}”(hjõ  h²hh³Nh´Nubh)”}”(hŒ:ref:`virt_mechanism`”h]”j‚  )”}”(hjÿ  h]”hŒvirt_mechanism”…””}”(hj  h²hh³Nh´Nubah}”(h]”h ]”(j  Œstd”Œstd-ref”eh"]”h$]”h&]”uh1j  hjý  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”jš  Œ	refdomain”j  Œreftype”Œref”Œrefexplicit”‰Œrefwarn”ˆj   Œvirt_mechanism”uh1hh³hÊh´Mhjõ  ubhŒ.”…””}”(hjõ  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´Mhjñ  ubhÌ)”}”(hŒmIf the MDS mitigation is enabled and SMT is disabled, guest to host and
guest to guest attacks are prevented.”h]”hŒmIf the MDS mitigation is enabled and SMT is disabled, guest to host and
guest to guest attacks are prevented.”…””}”(hj'  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M hjñ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´Mhjà  h²hubj=  )”}”(hŒ.. _mds_default_mitigations:”h]”h}”(h]”h ]”h"]”h$]”h&]”jH  Œmds-default-mitigations”uh1j<  h´M#hjà  h²hh³hÊubeh}”(h]”Œ$virtualization-with-untrusted-guests”ah ]”h"]”Œ'3. virtualization with untrusted guests”ah$]”h&]”uh1hµhjm  h²hh³hÊh´Mubeh}”(h]”Œmitigation-selection-guide”ah ]”h"]”Œmitigation selection guide”ah$]”h&]”uh1hµhh·h²hh³hÊh´Mubh¶)”}”(hhh]”(h»)”}”(hŒDefault mitigations”h]”hŒDefault mitigations”…””}”(hjY  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hºhjV  h²hh³hÊh´M&ubhû)”}”(hXP  The kernel default mitigations for vulnerable processors are:

- Enable CPU buffer clearing

The kernel does not by default enforce the disabling of SMT, which leaves
SMT systems vulnerable when running untrusted code. The same rationale as
for L1TF applies.
See :ref:`Documentation/admin-guide/hw-vuln//l1tf.rst <default_mitigations>`.”h]”(hÌ)”}”(hŒ=The kernel default mitigations for vulnerable processors are:”h]”hŒ=The kernel default mitigations for vulnerable processors are:”…””}”(hjk  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M(hjg  ubj  )”}”(hhh]”j  )”}”(hŒEnable CPU buffer clearing
”h]”hÌ)”}”(hŒEnable CPU buffer clearing”h]”hŒEnable CPU buffer clearing”…””}”(hj€  h²hh³Nh´Nubah}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M*hj|  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjy  ubah}”(h]”h ]”h"]”h$]”h&]”jm  jn  uh1j   h³hÊh´M*hjg  ubhÌ)”}”(hŒóThe kernel does not by default enforce the disabling of SMT, which leaves
SMT systems vulnerable when running untrusted code. The same rationale as
for L1TF applies.
See :ref:`Documentation/admin-guide/hw-vuln//l1tf.rst <default_mitigations>`.”h]”(hŒªThe kernel does not by default enforce the disabling of SMT, which leaves
SMT systems vulnerable when running untrusted code. The same rationale as
for L1TF applies.
See ”…””}”(hjš  h²hh³Nh´Nubh)”}”(hŒH:ref:`Documentation/admin-guide/hw-vuln//l1tf.rst <default_mitigations>`”h]”j‚  )”}”(hj¤  h]”hŒ+Documentation/admin-guide/hw-vuln//l1tf.rst”…””}”(hj¦  h²hh³Nh´Nubah}”(h]”h ]”(j  Œstd”Œstd-ref”eh"]”h$]”h&]”uh1j  hj¢  ubah}”(h]”h ]”h"]”h$]”h&]”Œrefdoc”jš  Œ	refdomain”j°  Œreftype”Œref”Œrefexplicit”ˆŒrefwarn”ˆj   Œdefault_mitigations”uh1hh³hÊh´M,hjš  ubhŒ.”…””}”(hjš  h²hh³Nh´Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1hËh³hÊh´M,hjg  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1húh³hÊh´M(hjV  h²hubeh}”(h]”(Œdefault-mitigations”jE  eh ]”h"]”(Œdefault mitigations”Œmds_default_mitigations”eh$]”h&]”uh1hµhh·h²hh³hÊh´M&jó  }”jØ  j;  sjõ  }”jE  j;  subeh}”(h]”Œ$mds-microarchitectural-data-sampling”ah ]”h"]”Œ&mds - microarchitectural data sampling”ah$]”h&]”uh1hµhhh²hh³hÊh´Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”hÊuh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(hºNŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”j  Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”hÊŒ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œrefids”}”(jI  ]”j>  ajR  ]”jH  aj¢  ]”j˜  ajD  ]”j:  aj‘  ]”j‡  aj4  ]”j*  ajE  ]”j;  auŒnameids”}”(jâ  jß  j¿  j¼  jn  jk  jã  jà  jW  jT  jO  jL  jð  jI  jï  jì  jE  jB  j©  jR  j¨  j¥  jK  j¢  jJ  jG  j˜  jD  j—  j”  j;  j‘  j:  j7  jh  j4  jg  jd  jS  jP  j¬  j©  jÝ  jÚ  jK  jH  jØ  jE  j×  jÔ  uŒ	nametypes”}”(jâ  ‰j¿  ‰jn  ‰jã  ‰jW  ‰jO  ‰jð  ˆjï  ‰jE  ‰j©  ˆj¨  ‰jK  ˆjJ  ‰j˜  ˆj—  ‰j;  ˆj:  ‰jh  ˆjg  ‰jS  ‰j¬  ‰jÝ  ‰jK  ‰jØ  ˆj×  ‰uh}”(jß  h·j¼  hÛjk  jÂ  jà  jq  jT  jæ  jL  j  jI  jZ  jì  jZ  jB  j÷  jR  jS  j¥  jS  j¢  j®  jG  j®  jD  jP  j”  jP  j‘  j  j7  j  j4  jH  jd  jH  jP  jm  j©  j~  jÚ  j¯  jH  jà  jE  jV  jÔ  jV  uŒfootnote_refs”}”Œcitation_refs”}”Œautofootnotes”]”Œautofootnote_refs”]”Œsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”…”R”Œparse_messages”]”Œtransform_messages”]”(hŒsystem_message”“”)”}”(hhh]”hÌ)”}”(hhh]”hŒ2Hyperlink target "mds-sys-info" is not referenced.”…””}”hjw  sbah}”(h]”h ]”h"]”h$]”h&]”uh1hËhjt  ubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”ŒINFO”Œsource”hÊŒline”KUuh1jr  ubjs  )”}”(hhh]”hÌ)”}”(hhh]”hŒ6Hyperlink target "cpu-buffer-clear" is not referenced.”…””}”hj’  sbah}”(h]”h ]”h"]”h$]”h&]”uh1hËhj  ubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”jŒ  Œsource”hÊŒline”Kuh1jr  ubjs  )”}”(hhh]”hÌ)”}”(hhh]”hŒ4Hyperlink target "virt-mechanism" is not referenced.”…””}”hj¬  sbah}”(h]”h ]”h"]”h$]”h&]”uh1hËhj©  ubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”jŒ  Œsource”hÊŒline”Kžuh1jr  ubjs  )”}”(hhh]”hÌ)”}”(hhh]”hŒ.Hyperlink target "xeon-phi" is not referenced.”…””}”hjÆ  sbah}”(h]”h ]”h"]”h$]”h&]”uh1hËhjÃ  ubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”jŒ  Œsource”hÊŒline”KÍuh1jr  ubjs  )”}”(hhh]”hÌ)”}”(hhh]”hŒ5Hyperlink target "mds-smt-control" is not referenced.”…””}”hjà  sbah}”(h]”h ]”h"]”h$]”h&]”uh1hËhjÝ  ubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”jŒ  Œsource”hÊŒline”KÜuh1jr  ubjs  )”}”(hhh]”hÌ)”}”(hhh]”hŒIHyperlink target "mds-mitigation-control-command-line" is not referenced.”…””}”hjú  sbah}”(h]”h ]”h"]”h$]”h&]”uh1hËhj÷  ubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”jŒ  Œsource”hÊŒline”Kíuh1jr  ubjs  )”}”(hhh]”hÌ)”}”(hhh]”hŒ=Hyperlink target "mds-default-mitigations" is not referenced.”…””}”hj  sbah}”(h]”h ]”h"]”h$]”h&]”uh1hËhj  ubah}”(h]”h ]”h"]”h$]”h&]”Œlevel”KŒtype”jŒ  Œsource”hÊŒline”M#uh1jr  ubeŒtransformer”NŒinclude_log”]”Œ
decoration”Nh²hub.