sphinx.addnodesdocument)}( rawsourcechildren]( translations LanguagesNode)}(hhh](h pending_xref)}(hhh]docutils.nodesTextChinese (Simplified)}parenthsba attributes}(ids]classes]names]dupnames]backrefs] refdomainstdreftypedoc reftargetA/translations/zh_CN/admin-guide/hw-vuln/processor_mmio_stale_datamodnameN classnameN refexplicitutagnamehhh ubh)}(hhh]hChinese (Traditional)}hh2sbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftargetA/translations/zh_TW/admin-guide/hw-vuln/processor_mmio_stale_datamodnameN classnameN refexplicituh1hhh ubh)}(hhh]hItalian}hhFsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftargetA/translations/it_IT/admin-guide/hw-vuln/processor_mmio_stale_datamodnameN classnameN refexplicituh1hhh ubh)}(hhh]hJapanese}hhZsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftargetA/translations/ja_JP/admin-guide/hw-vuln/processor_mmio_stale_datamodnameN classnameN refexplicituh1hhh ubh)}(hhh]hKorean}hhnsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftargetA/translations/ko_KR/admin-guide/hw-vuln/processor_mmio_stale_datamodnameN classnameN refexplicituh1hhh ubh)}(hhh]hSpanish}hhsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftargetA/translations/sp_SP/admin-guide/hw-vuln/processor_mmio_stale_datamodnameN classnameN refexplicituh1hhh ubeh}(h]h ]h"]h$]h&]current_languageEnglishuh1h hh _documenthsourceNlineNubhsection)}(hhh](htitle)}(h)Processor MMIO Stale Data Vulnerabilitiesh]h)Processor MMIO Stale Data Vulnerabilities}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhh[/var/lib/git/docbuild/linux/Documentation/admin-guide/hw-vuln/processor_mmio_stale_data.rsthKubh paragraph)}(hXProcessor MMIO Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO) vulnerabilities that can expose data. The sequences of operations for exposing data range from simple to very complex. Because most of the vulnerabilities require the attacker to have access to MMIO, many environments are not affected. System environments using virtualization where MMIO access is provided to untrusted guests may need mitigation. These vulnerabilities are not transient execution attacks. However, these vulnerabilities may propagate stale data into core fill buffers where the data can subsequently be inferred by an unmitigated transient execution attack. Mitigation for these vulnerabilities includes a combination of microcode update and software changes, depending on the platform and usage model. Some of these mitigations are similar to those used to mitigate Microarchitectural Data Sampling (MDS) or those used to mitigate Special Register Buffer Data Sampling (SRBDS).h]hXProcessor MMIO Stale Data Vulnerabilities are a class of memory-mapped I/O (MMIO) vulnerabilities that can expose data. The sequences of operations for exposing data range from simple to very complex. Because most of the vulnerabilities require the attacker to have access to MMIO, many environments are not affected. System environments using virtualization where MMIO access is provided to untrusted guests may need mitigation. These vulnerabilities are not transient execution attacks. However, these vulnerabilities may propagate stale data into core fill buffers where the data can subsequently be inferred by an unmitigated transient execution attack. Mitigation for these vulnerabilities includes a combination of microcode update and software changes, depending on the platform and usage model. Some of these mitigations are similar to those used to mitigate Microarchitectural Data Sampling (MDS) or those used to mitigate Special Register Buffer Data Sampling (SRBDS).}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hhh](h)}(hData Propagatorsh]hData Propagators}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhhhhKubh)}(hXDPropagators are operations that result in stale data being copied or moved from one microarchitectural buffer or register to another. Processor MMIO Stale Data Vulnerabilities are operations that may result in stale data being directly read into an architectural, software-visible state or sampled from a buffer or register.h]hXDPropagators are operations that result in stale data being copied or moved from one microarchitectural buffer or register to another. Processor MMIO Stale Data Vulnerabilities are operations that may result in stale data being directly read into an architectural, software-visible state or sampled from a buffer or register.}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hhh](h)}(h)Fill Buffer Stale Data Propagator (FBSDP)h]h)Fill Buffer Stale Data Propagator (FBSDP)}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhhhhKubh)}(hX$Stale data may propagate from fill buffers (FB) into the non-coherent portion of the uncore on some non-coherent writes. Fill buffer propagation by itself does not make stale data architecturally visible. Stale data must be propagated to a location where it is subject to reading or sampling.h]hX$Stale data may propagate from fill buffers (FB) into the non-coherent portion of the uncore on some non-coherent writes. Fill buffer propagation by itself does not make stale data architecturally visible. Stale data must be propagated to a location where it is subject to reading or sampling.}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhhhubeh}(h]'fill-buffer-stale-data-propagator-fbsdpah ]h"])fill buffer stale data propagator (fbsdp)ah$]h&]uh1hhhhhhhhKubh)}(hhh](h)}(h%Sideband Stale Data Propagator (SSDP)h]h%Sideband Stale Data Propagator (SSDP)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hhhhhK#ubh)}(hX The sideband stale data propagator (SSDP) is limited to the client (including Intel Xeon server E3) uncore implementation. The sideband response buffer is shared by all client cores. For non-coherent reads that go to sideband destinations, the uncore logic returns 64 bytes of data to the core, including both requested data and unrequested stale data, from a transaction buffer and the sideband response buffer. As a result, stale data from the sideband response and transaction buffers may now reside in a core fill buffer.h]hX The sideband stale data propagator (SSDP) is limited to the client (including Intel Xeon server E3) uncore implementation. The sideband response buffer is shared by all client cores. For non-coherent reads that go to sideband destinations, the uncore logic returns 64 bytes of data to the core, including both requested data and unrequested stale data, from a transaction buffer and the sideband response buffer. As a result, stale data from the sideband response and transaction buffers may now reside in a core fill buffer.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK$hj hhubeh}(h]#sideband-stale-data-propagator-ssdpah ]h"]%sideband stale data propagator (ssdp)ah$]h&]uh1hhhhhhhhK#ubh)}(hhh](h)}(h$Primary Stale Data Propagator (PSDP)h]h$Primary Stale Data Propagator (PSDP)}(hj7hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj4hhhhhK-ubh)}(hXThe primary stale data propagator (PSDP) is limited to the client (including Intel Xeon server E3) uncore implementation. Similar to the sideband response buffer, the primary response buffer is shared by all client cores. For some processors, MMIO primary reads will return 64 bytes of data to the core fill buffer including both requested data and unrequested stale data. This is similar to the sideband stale data propagator.h]hXThe primary stale data propagator (PSDP) is limited to the client (including Intel Xeon server E3) uncore implementation. Similar to the sideband response buffer, the primary response buffer is shared by all client cores. For some processors, MMIO primary reads will return 64 bytes of data to the core fill buffer including both requested data and unrequested stale data. This is similar to the sideband stale data propagator.}(hjEhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK.hj4hhubeh}(h]"primary-stale-data-propagator-psdpah ]h"]$primary stale data propagator (psdp)ah$]h&]uh1hhhhhhhhK-ubeh}(h]data-propagatorsah ]h"]data propagatorsah$]h&]uh1hhhhhhhhKubh)}(hhh](h)}(hVulnerabilitiesh]hVulnerabilities}(hjfhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjchhhhhK6ubh)}(hhh](h)}(h5Device Register Partial Write (DRPW) (CVE-2022-21166)h]h5Device Register Partial Write (DRPW) (CVE-2022-21166)}(hjwhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjthhhhhK8ubh)}(hXSome endpoint MMIO registers incorrectly handle writes that are smaller than the register size. Instead of aborting the write or only copying the correct subset of bytes (for example, 2 bytes for a 2-byte write), more bytes than specified by the write transaction may be written to the register. On processors affected by FBSDP, this may expose stale data from the fill buffers of the core that created the write transaction.h]hXSome endpoint MMIO registers incorrectly handle writes that are smaller than the register size. Instead of aborting the write or only copying the correct subset of bytes (for example, 2 bytes for a 2-byte write), more bytes than specified by the write transaction may be written to the register. On processors affected by FBSDP, this may expose stale data from the fill buffers of the core that created the write transaction.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK9hjthhubeh}(h]1device-register-partial-write-drpw-cve-2022-21166ah ]h"]5device register partial write (drpw) (cve-2022-21166)ah$]h&]uh1hhjchhhhhK8ubh)}(hhh](h)}(h4Shared Buffers Data Sampling (SBDS) (CVE-2022-21125)h]h4Shared Buffers Data Sampling (SBDS) (CVE-2022-21125)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhKAubh)}(hXAfter propagators may have moved data around the uncore and copied stale data into client core fill buffers, processors affected by MFBDS can leak data from the fill buffer. It is limited to the client (including Intel Xeon server E3) uncore implementation.h]hXAfter propagators may have moved data around the uncore and copied stale data into client core fill buffers, processors affected by MFBDS can leak data from the fill buffer. It is limited to the client (including Intel Xeon server E3) uncore implementation.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKBhjhhubeh}(h]0shared-buffers-data-sampling-sbds-cve-2022-21125ah ]h"]4shared buffers data sampling (sbds) (cve-2022-21125)ah$]h&]uh1hhjchhhhhKAubh)}(hhh](h)}(h0Shared Buffers Data Read (SBDR) (CVE-2022-21123)h]h0Shared Buffers Data Read (SBDR) (CVE-2022-21123)}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhKHubh)}(hIt is similar to Shared Buffer Data Sampling (SBDS) except that the data is directly read into the architectural software-visible state. It is limited to the client (including Intel Xeon server E3) uncore implementation.h]hIt is similar to Shared Buffer Data Sampling (SBDS) except that the data is directly read into the architectural software-visible state. It is limited to the client (including Intel Xeon server E3) uncore implementation.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKIhjhhubeh}(h],shared-buffers-data-read-sbdr-cve-2022-21123ah ]h"]0shared buffers data read (sbdr) (cve-2022-21123)ah$]h&]uh1hhjchhhhhKHubeh}(h]vulnerabilitiesah ]h"]vulnerabilitiesah$]h&]uh1hhhhhhhhK6ubh)}(hhh](h)}(hAffected Processorsh]hAffected Processors}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhKNubh)}(hNot all the CPUs are affected by all the variants. For instance, most processors for the server market (excluding Intel Xeon E3 processors) are impacted by only Device Register Partial Write (DRPW).h]hNot all the CPUs are affected by all the variants. For instance, most processors for the server market (excluding Intel Xeon E3 processors) are impacted by only Device Register Partial Write (DRPW).}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKOhjhhubh)}(h6Below is the list of affected Intel processors [#f1]_:h](h/Below is the list of affected Intel processors }(hjhhhNhNubhfootnote_reference)}(h[#f1]_h]h1}(hjhhhNhNubah}(h]id1ah ]h"]h$]h&]autoKrefidf1docname-admin-guide/hw-vuln/processor_mmio_stale_datauh1jhjresolvedKubh:}(hjhhhNhNubeh}(h]h ]h"]h$]h&]uh1hhhhKShjhhubh block_quote)}(hXw=================== ============ ========= Common name Family_Model Steppings =================== ============ ========= HASWELL_X 06_3FH 2,4 SKYLAKE_L 06_4EH 3 BROADWELL_X 06_4FH All SKYLAKE_X 06_55H 3,4,6,7,11 BROADWELL_D 06_56H 3,4,5 SKYLAKE 06_5EH 3 ICELAKE_X 06_6AH 4,5,6 ICELAKE_D 06_6CH 1 ICELAKE_L 06_7EH 5 ATOM_TREMONT_D 06_86H All LAKEFIELD 06_8AH 1 KABYLAKE_L 06_8EH 9 to 12 ATOM_TREMONT 06_96H 1 ATOM_TREMONT_L 06_9CH 0 KABYLAKE 06_9EH 9 to 13 COMETLAKE 06_A5H 2,3,5 COMETLAKE_L 06_A6H 0,1 ROCKETLAKE 06_A7H 1 =================== ============ ========= h]htable)}(hhh]htgroup)}(hhh](hcolspec)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1jIhjFubjJ)}(hhh]h}(h]h ]h"]h$]h&]colwidthK uh1jIhjFubjJ)}(hhh]h}(h]h ]h"]h$]h&]colwidthK uh1jIhjFubhthead)}(hhh]hrow)}(hhh](hentry)}(hhh]h)}(h Common nameh]h Common name}(hjxhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKVhjuubah}(h]h ]h"]h$]h&]uh1jshjpubjt)}(hhh]h)}(h Family_Modelh]h Family_Model}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKVhjubah}(h]h ]h"]h$]h&]uh1jshjpubjt)}(hhh]h)}(h Steppingsh]h Steppings}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKVhjubah}(h]h ]h"]h$]h&]uh1jshjpubeh}(h]h ]h"]h$]h&]uh1jnhjkubah}(h]h ]h"]h$]h&]uh1jihjFubhtbody)}(hhh](jo)}(hhh](jt)}(hhh]h)}(h HASWELL_Xh]h HASWELL_X}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKXhjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h06_3FHh]h06_3FH}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKXhjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h2,4h]h2,4}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKXhjubah}(h]h ]h"]h$]h&]uh1jshjubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h SKYLAKE_Lh]h SKYLAKE_L}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKYhjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h06_4EHh]h06_4EH}(hj6hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKYhj3ubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h3h]h3}(hjMhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKYhjJubah}(h]h ]h"]h$]h&]uh1jshjubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h BROADWELL_Xh]h BROADWELL_X}(hjmhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKZhjjubah}(h]h ]h"]h$]h&]uh1jshjgubjt)}(hhh]h)}(h06_4FHh]h06_4FH}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKZhjubah}(h]h ]h"]h$]h&]uh1jshjgubjt)}(hhh]h)}(hAllh]hAll}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKZhjubah}(h]h ]h"]h$]h&]uh1jshjgubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h SKYLAKE_Xh]h SKYLAKE_X}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK[hjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h06_55Hh]h06_55H}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK[hjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h 3,4,6,7,11h]h 3,4,6,7,11}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK[hjubah}(h]h ]h"]h$]h&]uh1jshjubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h BROADWELL_Dh]h BROADWELL_D}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK\hjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h06_56Hh]h06_56H}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK\hjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h3,4,5h]h3,4,5}(hj7hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK\hj4ubah}(h]h ]h"]h$]h&]uh1jshjubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(hSKYLAKEh]hSKYLAKE}(hjWhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK]hjTubah}(h]h ]h"]h$]h&]uh1jshjQubjt)}(hhh]h)}(h06_5EHh]h06_5EH}(hjnhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK]hjkubah}(h]h ]h"]h$]h&]uh1jshjQubjt)}(hhh]h)}(hjOh]h3}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK]hjubah}(h]h ]h"]h$]h&]uh1jshjQubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h ICELAKE_Xh]h ICELAKE_X}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK^hjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h06_6AHh]h06_6AH}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK^hjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h4,5,6h]h4,5,6}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK^hjubah}(h]h ]h"]h$]h&]uh1jshjubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h ICELAKE_Dh]h ICELAKE_D}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK_hjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h06_6CHh]h06_6CH}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK_hjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h1h]h1}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK_hjubah}(h]h ]h"]h$]h&]uh1jshjubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h ICELAKE_Lh]h ICELAKE_L}(hj@hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK`hj=ubah}(h]h ]h"]h$]h&]uh1jshj:ubjt)}(hhh]h)}(h06_7EHh]h06_7EH}(hjWhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK`hjTubah}(h]h ]h"]h$]h&]uh1jshj:ubjt)}(hhh]h)}(h5h]h5}(hjnhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK`hjkubah}(h]h ]h"]h$]h&]uh1jshj:ubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(hATOM_TREMONT_Dh]hATOM_TREMONT_D}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKahjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h06_86Hh]h06_86H}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKahjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(hAllh]hAll}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKahjubah}(h]h ]h"]h$]h&]uh1jshjubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h LAKEFIELDh]h LAKEFIELD}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKbhjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h06_8AHh]h06_8AH}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKbhjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(hj"h]h1}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKbhjubah}(h]h ]h"]h$]h&]uh1jshjubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h KABYLAKE_Lh]h KABYLAKE_L}(hj)hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKchj&ubah}(h]h ]h"]h$]h&]uh1jshj#ubjt)}(hhh]h)}(h06_8EHh]h06_8EH}(hj@hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKchj=ubah}(h]h ]h"]h$]h&]uh1jshj#ubjt)}(hhh]h)}(h9 to 12h]h9 to 12}(hjWhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKchjTubah}(h]h ]h"]h$]h&]uh1jshj#ubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h ATOM_TREMONTh]h ATOM_TREMONT}(hjwhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKdhjtubah}(h]h ]h"]h$]h&]uh1jshjqubjt)}(hhh]h)}(h06_96Hh]h06_96H}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKdhjubah}(h]h ]h"]h$]h&]uh1jshjqubjt)}(hhh]h)}(hj"h]h1}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKdhjubah}(h]h ]h"]h$]h&]uh1jshjqubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(hATOM_TREMONT_Lh]hATOM_TREMONT_L}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKehjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h06_9CHh]h06_9CH}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKehjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h0h]h0}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKehjubah}(h]h ]h"]h$]h&]uh1jshjubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(hKABYLAKEh]hKABYLAKE}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKfhjubah}(h]h ]h"]h$]h&]uh1jshj ubjt)}(hhh]h)}(h06_9EHh]h06_9EH}(hj)hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKfhj&ubah}(h]h ]h"]h$]h&]uh1jshj ubjt)}(hhh]h)}(h9 to 13h]h9 to 13}(hj@hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKfhj=ubah}(h]h ]h"]h$]h&]uh1jshj ubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h COMETLAKEh]h COMETLAKE}(hj`hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKghj]ubah}(h]h ]h"]h$]h&]uh1jshjZubjt)}(hhh]h)}(h06_A5Hh]h06_A5H}(hjwhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKghjtubah}(h]h ]h"]h$]h&]uh1jshjZubjt)}(hhh]h)}(h2,3,5h]h2,3,5}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKghjubah}(h]h ]h"]h$]h&]uh1jshjZubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h COMETLAKE_Lh]h COMETLAKE_L}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h06_A6Hh]h06_A6H}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h0,1h]h0,1}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhjubah}(h]h ]h"]h$]h&]uh1jshjubeh}(h]h ]h"]h$]h&]uh1jnhjubjo)}(hhh](jt)}(hhh]h)}(h ROCKETLAKEh]h ROCKETLAKE}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKihjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(h06_A7Hh]h06_A7H}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKihjubah}(h]h ]h"]h$]h&]uh1jshjubjt)}(hhh]h)}(hj"h]h1}(hj*hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKihj'ubah}(h]h ]h"]h$]h&]uh1jshjubeh}(h]h ]h"]h$]h&]uh1jnhjubeh}(h]h ]h"]h$]h&]uh1jhjFubeh}(h]h ]h"]h$]h&]colsKuh1jDhjAubah}(h]h ]h"]h$]h&]uh1j?hj;ubah}(h]h ]h"]h$]h&]uh1j9hhhKUhjhhubh)}(hXIf a CPU is in the affected processor list, but not affected by a variant, it is indicated by new bits in MSR IA32_ARCH_CAPABILITIES. As described in a later section, mitigation largely remains the same for all the variants, i.e. to clear the CPU fill buffers via VERW instruction.h]hXIf a CPU is in the affected processor list, but not affected by a variant, it is indicated by new bits in MSR IA32_ARCH_CAPABILITIES. As described in a later section, mitigation largely remains the same for all the variants, i.e. to clear the CPU fill buffers via VERW instruction.}(hj\hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKlhjhhubeh}(h]affected-processorsah ]h"]affected processorsah$]h&]uh1hhhhhhhhKNubh)}(hhh](h)}(hNew bits in MSRsh]hNew bits in MSRs}(hjuhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjrhhhhhKrubh)}(hNewer processors and microcode update on existing affected processors added new bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate specific variants of Processor MMIO Stale Data vulnerabilities and mitigation capability.h]hNewer processors and microcode update on existing affected processors added new bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate specific variants of Processor MMIO Stale Data vulnerabilities and mitigation capability.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKshjrhhubh)}(hhh](h)}(hMSR IA32_ARCH_CAPABILITIESh]hMSR IA32_ARCH_CAPABILITIES}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhKyubhdefinition_list)}(hhh](hdefinition_list_item)}(hBit 13 - SBDR_SSDP_NO - When set, processor is not affected by either the Shared Buffers Data Read (SBDR) vulnerability or the sideband stale data propagator (SSDP).h](hterm)}(hIBit 13 - SBDR_SSDP_NO - When set, processor is not affected by either theh]hIBit 13 - SBDR_SSDP_NO - When set, processor is not affected by either the}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK{hjubh definition)}(hhh]h)}(h[Shared Buffers Data Read (SBDR) vulnerability or the sideband stale data propagator (SSDP).h]h[Shared Buffers Data Read (SBDR) vulnerability or the sideband stale data propagator (SSDP).}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK{hjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1jhhhK{hjubj)}(hiBit 14 - FBSDP_NO - When set, processor is not affected by the Fill Buffer Stale Data Propagator (FBSDP).h](j)}(hJBit 14 - FBSDP_NO - When set, processor is not affected by the Fill Bufferh]hJBit 14 - FBSDP_NO - When set, processor is not affected by the Fill Buffer}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhK}hjubj)}(hhh]h)}(hStale Data Propagator (FBSDP).h]hStale Data Propagator (FBSDP).}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK~hjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]uh1jhhhK}hjhhubj)}(h_Bit 15 - PSDP_NO - When set, processor is not affected by Primary Stale Data Propagator (PSDP).h](j)}(hLBit 15 - PSDP_NO - When set, processor is not affected by Primary Stale Datah]hLBit 15 - PSDP_NO - When set, processor is not affected by Primary Stale Data}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj ubj)}(hhh]h)}(hPropagator (PSDP).h]hPropagator (PSDP).}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]uh1jhhhKhjhhubj)}(hX>Bit 17 - FB_CLEAR - When set, VERW instruction will overwrite CPU fill buffer values as part of MD_CLEAR operations. Processors that do not enumerate MDS_NO (meaning they are affected by MDS) but that do enumerate support for both L1D_FLUSH and MD_CLEAR implicitly enumerate FB_CLEAR as part of their MD_CLEAR support.h](j)}(hMBit 17 - FB_CLEAR - When set, VERW instruction will overwrite CPU fill bufferh]hMBit 17 - FB_CLEAR - When set, VERW instruction will overwrite CPU fill buffer}(hj> hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhj: ubj)}(hhh]h)}(hvalues as part of MD_CLEAR operations. Processors that do not enumerate MDS_NO (meaning they are affected by MDS) but that do enumerate support for both L1D_FLUSH and MD_CLEAR implicitly enumerate FB_CLEAR as part of their MD_CLEAR support.h]hvalues as part of MD_CLEAR operations. Processors that do not enumerate MDS_NO (meaning they are affected by MDS) but that do enumerate support for both L1D_FLUSH and MD_CLEAR implicitly enumerate FB_CLEAR as part of their MD_CLEAR support.}(hjO hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjL ubah}(h]h ]h"]h$]h&]uh1jhj: ubeh}(h]h ]h"]h$]h&]uh1jhhhKhjhhubj)}(hXBit 18 - FB_CLEAR_CTRL - Processor supports read and write to MSR IA32_MCU_OPT_CTRL[FB_CLEAR_DIS]. On such processors, the FB_CLEAR_DIS bit can be set to cause the VERW instruction to not perform the FB_CLEAR action. Not all processors that support FB_CLEAR will support FB_CLEAR_CTRL. h](j)}(hABit 18 - FB_CLEAR_CTRL - Processor supports read and write to MSRh]hABit 18 - FB_CLEAR_CTRL - Processor supports read and write to MSR}(hjm hhhNhNubah}(h]h ]h"]h$]h&]uh1jhhhKhji ubj)}(hhh]h)}(hIA32_MCU_OPT_CTRL[FB_CLEAR_DIS]. On such processors, the FB_CLEAR_DIS bit can be set to cause the VERW instruction to not perform the FB_CLEAR action. Not all processors that support FB_CLEAR will support FB_CLEAR_CTRL.h]hIA32_MCU_OPT_CTRL[FB_CLEAR_DIS]. On such processors, the FB_CLEAR_DIS bit can be set to cause the VERW instruction to not perform the FB_CLEAR action. Not all processors that support FB_CLEAR will support FB_CLEAR_CTRL.}(hj~ hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj{ ubah}(h]h ]h"]h$]h&]uh1jhji ubeh}(h]h ]h"]h$]h&]uh1jhhhKhjhhubeh}(h]h ]h"]h$]h&]uh1jhjhhhhhNubeh}(h]msr-ia32-arch-capabilitiesah ]h"]msr ia32_arch_capabilitiesah$]h&]uh1hhjrhhhhhKyubh)}(hhh](h)}(hMSR IA32_MCU_OPT_CTRLh]hMSR IA32_MCU_OPT_CTRL}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hhhhhKubh)}(hXBit 3 - FB_CLEAR_DIS - When set, VERW instruction does not perform the FB_CLEAR action. This may be useful to reduce the performance impact of FB_CLEAR in cases where system software deems it warranted (for example, when performance is more critical, or the untrusted software has no MMIO access). Note that FB_CLEAR_DIS has no impact on enumeration (for example, it does not change FB_CLEAR or MD_CLEAR enumeration) and it may not be supported on all processors that enumerate FB_CLEAR.h]hXBit 3 - FB_CLEAR_DIS - When set, VERW instruction does not perform the FB_CLEAR action. This may be useful to reduce the performance impact of FB_CLEAR in cases where system software deems it warranted (for example, when performance is more critical, or the untrusted software has no MMIO access). Note that FB_CLEAR_DIS has no impact on enumeration (for example, it does not change FB_CLEAR or MD_CLEAR enumeration) and it may not be supported on all processors that enumerate FB_CLEAR.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubeh}(h]msr-ia32-mcu-opt-ctrlah ]h"]msr ia32_mcu_opt_ctrlah$]h&]uh1hhjrhhhhhKubeh}(h]new-bits-in-msrsah ]h"]new bits in msrsah$]h&]uh1hhhhhhhhKrubh)}(hhh](h)}(h Mitigationh]h Mitigation}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hhhhhKubh)}(hLike MDS, all variants of Processor MMIO Stale Data vulnerabilities have the same mitigation strategy to force the CPU to clear the affected buffers before an attacker can extract the secrets.h]hLike MDS, all variants of Processor MMIO Stale Data vulnerabilities have the same mitigation strategy to force the CPU to clear the affected buffers before an attacker can extract the secrets.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubh)}(hThis is achieved by using the otherwise unused and obsolete VERW instruction in combination with a microcode update. The microcode clears the affected CPU buffers when the VERW instruction is executed.h]hThis is achieved by using the otherwise unused and obsolete VERW instruction in combination with a microcode update. The microcode clears the affected CPU buffers when the VERW instruction is executed.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubh)}(h=Kernel reuses the MDS function to invoke the buffer clearing:h]h=Kernel reuses the MDS function to invoke the buffer clearing:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubj:)}(hmds_clear_cpu_buffers() h]h)}(hmds_clear_cpu_buffers()h]hmds_clear_cpu_buffers()}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1j9hhhKhj hhubh)}(hOn MDS affected CPUs, the kernel already invokes CPU buffer clear on kernel/userspace, hypervisor/guest and C-state (idle) transitions. No additional mitigation is needed on such CPUs.h]hOn MDS affected CPUs, the kernel already invokes CPU buffer clear on kernel/userspace, hypervisor/guest and C-state (idle) transitions. No additional mitigation is needed on such CPUs.}(hj( hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubh)}(hFor CPUs not affected by MDS or TAA, mitigation is needed only for the attacker with MMIO capability. Therefore, VERW is not required for kernel/userspace. For virtualization case, VERW is only needed at VMENTER for a guest with MMIO capability.h]hFor CPUs not affected by MDS or TAA, mitigation is needed only for the attacker with MMIO capability. Therefore, VERW is not required for kernel/userspace. For virtualization case, VERW is only needed at VMENTER for a guest with MMIO capability.}(hj6 hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubh)}(hhh](h)}(hMitigation pointsh]hMitigation points}(hjG hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjD hhhhhKubh)}(hhh](h)}(hReturn to user spaceh]hReturn to user space}(hjX hhhNhNubah}(h]h ]h"]h$]h&]uh1hhjU hhhhhKubh)}(hPSame mitigation as MDS when affected by MDS/TAA, otherwise no mitigation needed.h]hPSame mitigation as MDS when affected by MDS/TAA, otherwise no mitigation needed.}(hjf hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjU hhubeh}(h]return-to-user-spaceah ]h"]return to user spaceah$]h&]uh1hhjD hhhhhKubh)}(hhh](h)}(hC-State transitionh]hC-State transition}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj| hhhhhKubh)}(hControl register writes by CPU during C-state transition can propagate data from fill buffer to uncore buffers. Execute VERW before C-state transition to clear CPU fill buffers.h]hControl register writes by CPU during C-state transition can propagate data from fill buffer to uncore buffers. Execute VERW before C-state transition to clear CPU fill buffers.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj| hhubeh}(h]c-state-transitionah ]h"]c-state transitionah$]h&]uh1hhjD hhhhhKubh)}(hhh](h)}(hGuest entry pointh]hGuest entry point}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hhhhhKubh)}(hX:Same mitigation as MDS when processor is also affected by MDS/TAA, otherwise execute VERW at VMENTER only for MMIO capable guests. On CPUs not affected by MDS/TAA, guest without MMIO access cannot extract secrets using Processor MMIO Stale Data vulnerabilities, so there is no need to execute VERW for such guests.h]hX:Same mitigation as MDS when processor is also affected by MDS/TAA, otherwise execute VERW at VMENTER only for MMIO capable guests. On CPUs not affected by MDS/TAA, guest without MMIO access cannot extract secrets using Processor MMIO Stale Data vulnerabilities, so there is no need to execute VERW for such guests.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubeh}(h]guest-entry-pointah ]h"]guest entry pointah$]h&]uh1hhjD hhhhhKubeh}(h]mitigation-pointsah ]h"]mitigation pointsah$]h&]uh1hhj hhhhhKubh)}(hhh](h)}(h-Mitigation control on the kernel command lineh]h-Mitigation control on the kernel command line}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hhhhhKubh)}(hThe kernel command line allows to control the Processor MMIO Stale Data mitigations at boot time with the option "mmio_stale_data=". The valid arguments for this option are:h]hThe kernel command line allows to control the Processor MMIO Stale Data mitigations at boot time with the option “mmio_stale_data=”. The valid arguments for this option are:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubj:)}(hX========== ================================================================= full If the CPU is vulnerable, enable mitigation; CPU buffer clearing on exit to userspace and when entering a VM. Idle transitions are protected as well. It does not automatically disable SMT. full,nosmt Same as full, with SMT disabled on vulnerable CPUs. This is the complete mitigation. off Disables mitigation completely. ========== ================================================================= h]j@)}(hhh]jE)}(hhh](jJ)}(hhh]h}(h]h ]h"]h$]h&]colwidthK uh1jIhj ubjJ)}(hhh]h}(h]h ]h"]h$]h&]colwidthKAuh1jIhj ubj)}(hhh](jo)}(hhh](jt)}(hhh]h)}(hfullh]hfull}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1jshj ubjt)}(hhh]h)}(hIf the CPU is vulnerable, enable mitigation; CPU buffer clearing on exit to userspace and when entering a VM. Idle transitions are protected as well. It does not automatically disable SMT.h]hIf the CPU is vulnerable, enable mitigation; CPU buffer clearing on exit to userspace and when entering a VM. Idle transitions are protected as well. It does not automatically disable SMT.}(hj/ hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj, ubah}(h]h ]h"]h$]h&]uh1jshj ubeh}(h]h ]h"]h$]h&]uh1jnhj ubjo)}(hhh](jt)}(hhh]h)}(h full,nosmth]h full,nosmt}(hjO hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjL ubah}(h]h ]h"]h$]h&]uh1jshjI ubjt)}(hhh]h)}(hTSame as full, with SMT disabled on vulnerable CPUs. This is the complete mitigation.h]hTSame as full, with SMT disabled on vulnerable CPUs. This is the complete mitigation.}(hjf hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjc ubah}(h]h ]h"]h$]h&]uh1jshjI ubeh}(h]h ]h"]h$]h&]uh1jnhj ubjo)}(hhh](jt)}(hhh]h)}(hoffh]hoff}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1jshj ubjt)}(hhh]h)}(hDisables mitigation completely.h]hDisables mitigation completely.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1jshj ubeh}(h]h ]h"]h$]h&]uh1jnhj ubeh}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]colsKuh1jDhj ubah}(h]h ]h"]h$]h&]uh1j?hj ubah}(h]h ]h"]h$]h&]uh1j9hhhKhj hhubh)}(hIf the CPU is affected and mmio_stale_data=off is not supplied on the kernel command line, then the kernel selects the appropriate mitigation.h]hIf the CPU is affected and mmio_stale_data=off is not supplied on the kernel command line, then the kernel selects the appropriate mitigation.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubeh}(h]-mitigation-control-on-the-kernel-command-lineah ]h"]-mitigation control on the kernel command lineah$]h&]uh1hhj hhhhhKubh)}(hhh](h)}(hMitigation status informationh]hMitigation status information}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hhhhhKubh)}(hThe Linux kernel provides a sysfs interface to enumerate the current vulnerability status of the system: whether the system is vulnerable, and which mitigations are active. The relevant sysfs file is:h]hThe Linux kernel provides a sysfs interface to enumerate the current vulnerability status of the system: whether the system is vulnerable, and which mitigations are active. The relevant sysfs file is:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubj:)}(h8/sys/devices/system/cpu/vulnerabilities/mmio_stale_data h]h)}(h7/sys/devices/system/cpu/vulnerabilities/mmio_stale_datah]h7/sys/devices/system/cpu/vulnerabilities/mmio_stale_data}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1j9hhhKhj hhubh)}(h%The possible values in this file are:h]h%The possible values in this file are:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubj:)}(hX.. list-table:: * - 'Not affected' - The processor is not vulnerable * - 'Vulnerable' - The processor is vulnerable, but no mitigation enabled * - 'Vulnerable: Clear CPU buffers attempted, no microcode' - The processor is vulnerable but microcode is not updated. The mitigation is enabled on a best effort basis. If the processor is vulnerable but the availability of the microcode based mitigation mechanism is not advertised via CPUID, the kernel selects a best effort mitigation mode. This mode invokes the mitigation instructions without a guarantee that they clear the CPU buffers. This is done to address virtualization scenarios where the host has the microcode update applied, but the hypervisor is not yet updated to expose the CPUID to the guest. If the host has updated microcode the protection takes effect; otherwise a few CPU cycles are wasted pointlessly. * - 'Mitigation: Clear CPU buffers' - The processor is vulnerable and the CPU buffer clearing mitigation is enabled. * - 'Unknown: No mitigations' - The processor vulnerability status is unknown because it is out of Servicing period. Mitigation is not attempted. h]j@)}(hhh]jE)}(hhh](jJ)}(hhh]h}(h]h ]h"]h$]h&]colwidthK2uh1jIhj2 ubjJ)}(hhh]h}(h]h ]h"]h$]h&]j> K2uh1jIhj2 ubj)}(hhh](jo)}(hhh](jt)}(hhh]h)}(h'Not affected'h]h‘Not affected’}(hjQ hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjN ubah}(h]h ]h"]h$]h&]uh1jshjK ubjt)}(hhh]h)}(hThe processor is not vulnerableh]hThe processor is not vulnerable}(hjh hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhje ubah}(h]h ]h"]h$]h&]uh1jshjK ubeh}(h]h ]h"]h$]h&]uh1jnhjH ubjo)}(hhh](jt)}(hhh]h)}(h 'Vulnerable'h]h‘Vulnerable’}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1jshj ubjt)}(hhh]h)}(h6The processor is vulnerable, but no mitigation enabledh]h6The processor is vulnerable, but no mitigation enabled}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1jshj ubeh}(h]h ]h"]h$]h&]uh1jnhjH ubjo)}(hhh](jt)}(hhh]h)}(h7'Vulnerable: Clear CPU buffers attempted, no microcode'h]h;‘Vulnerable: Clear CPU buffers attempted, no microcode’}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1jshj ubjt)}(hhh](h)}(hkThe processor is vulnerable but microcode is not updated. The mitigation is enabled on a best effort basis.h]hkThe processor is vulnerable but microcode is not updated. The mitigation is enabled on a best effort basis.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubh)}(hXIf the processor is vulnerable but the availability of the microcode based mitigation mechanism is not advertised via CPUID, the kernel selects a best effort mitigation mode. This mode invokes the mitigation instructions without a guarantee that they clear the CPU buffers.h]hXIf the processor is vulnerable but the availability of the microcode based mitigation mechanism is not advertised via CPUID, the kernel selects a best effort mitigation mode. This mode invokes the mitigation instructions without a guarantee that they clear the CPU buffers.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubh)}(hXThis is done to address virtualization scenarios where the host has the microcode update applied, but the hypervisor is not yet updated to expose the CPUID to the guest. If the host has updated microcode the protection takes effect; otherwise a few CPU cycles are wasted pointlessly.h]hXThis is done to address virtualization scenarios where the host has the microcode update applied, but the hypervisor is not yet updated to expose the CPUID to the guest. If the host has updated microcode the protection takes effect; otherwise a few CPU cycles are wasted pointlessly.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubeh}(h]h ]h"]h$]h&]uh1jshj ubeh}(h]h ]h"]h$]h&]uh1jnhjH ubjo)}(hhh](jt)}(hhh]h)}(h'Mitigation: Clear CPU buffers'h]h#‘Mitigation: Clear CPU buffers’}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj ubah}(h]h ]h"]h$]h&]uh1jshj ubjt)}(hhh]h)}(hNThe processor is vulnerable and the CPU buffer clearing mitigation is enabled.h]hNThe processor is vulnerable and the CPU buffer clearing mitigation is enabled.}(hj) hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj& ubah}(h]h ]h"]h$]h&]uh1jshj ubeh}(h]h ]h"]h$]h&]uh1jnhjH ubjo)}(hhh](jt)}(hhh]h)}(h'Unknown: No mitigations'h]h‘Unknown: No mitigations’}(hjI hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjF ubah}(h]h ]h"]h$]h&]uh1jshjC ubjt)}(hhh]h)}(hqThe processor vulnerability status is unknown because it is out of Servicing period. Mitigation is not attempted.h]hqThe processor vulnerability status is unknown because it is out of Servicing period. Mitigation is not attempted.}(hj` hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj] ubah}(h]h ]h"]h$]h&]uh1jshjC ubeh}(h]h ]h"]h$]h&]uh1jnhjH ubeh}(h]h ]h"]h$]h&]uh1jhj2 ubeh}(h]h ]h"]h$]h&]colsKuh1jDhj/ ubah}(h]h ]h"]h$]h&]uh1j?hj+ ubah}(h]h ]h"]h$]h&]uh1j9hhhKhj hhubeh}(h]mitigation-status-informationah ]h"]mitigation status informationah$]h&]uh1hhj hhhhhKubh)}(hhh](h)}(h Definitions:h]h Definitions:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hhhhhKubh)}(hServicing period: The process of providing functional and security updates to Intel processors or platforms, utilizing the Intel Platform Update (IPU) process or other similar mechanisms.h]hServicing period: The process of providing functional and security updates to Intel processors or platforms, utilizing the Intel Platform Update (IPU) process or other similar mechanisms.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubh)}(hEnd of Servicing Updates (ESU): ESU is the date at which Intel will no longer provide Servicing, such as through IPU or other similar update processes. ESU dates will typically be aligned to end of quarter.h]hEnd of Servicing Updates (ESU): ESU is the date at which Intel will no longer provide Servicing, such as through IPU or other similar update processes. ESU dates will typically be aligned to end of quarter.}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubh)}(hcIf the processor is vulnerable then the following information is appended to the above information:h]hcIf the processor is vulnerable then the following information is appended to the above information:}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj hhubj:)}(hX%======================== =========================================== 'SMT vulnerable' SMT is enabled 'SMT disabled' SMT is disabled 'SMT Host state unknown' Kernel runs in a VM, Host SMT state unknown ======================== =========================================== h]j@)}(hhh]jE)}(hhh](jJ)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1jIhj ubjJ)}(hhh]h}(h]h ]h"]h$]h&]colwidthK+uh1jIhj ubj)}(hhh](jo)}(hhh](jt)}(hhh]h)}(h'SMT vulnerable'h]h‘SMT vulnerable’}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj ubah}(h]h ]h"]h$]h&]uh1jshj ubjt)}(hhh]h)}(hSMT is enabledh]hSMT is enabled}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjubah}(h]h ]h"]h$]h&]uh1jshj ubeh}(h]h ]h"]h$]h&]uh1jnhj ubjo)}(hhh](jt)}(hhh]h)}(h'SMT disabled'h]h‘SMT disabled’}(hj4hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhj1ubah}(h]h ]h"]h$]h&]uh1jshj.ubjt)}(hhh]h)}(hSMT is disabledh]hSMT is disabled}(hjKhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhMhjHubah}(h]h ]h"]h$]h&]uh1jshj.ubeh}(h]h ]h"]h$]h&]uh1jnhj ubjo)}(hhh](jt)}(hhh]h)}(h'SMT Host state unknown'h]h‘SMT Host state unknown’}(hjkhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM hjhubah}(h]h ]h"]h$]h&]uh1jshjeubjt)}(hhh]h)}(h+Kernel runs in a VM, Host SMT state unknownh]h+Kernel runs in a VM, Host SMT state unknown}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhM hjubah}(h]h ]h"]h$]h&]uh1jshjeubeh}(h]h ]h"]h$]h&]uh1jnhj ubeh}(h]h ]h"]h$]h&]uh1jhj ubeh}(h]h ]h"]h$]h&]colsKuh1jDhj ubah}(h]h ]h"]h$]h&]uh1j?hj ubah}(h]h ]h"]h$]h&]uh1j9hhhMhj hhubeh}(h] definitionsah ]h"] definitions:ah$]h&]uh1hhj hhhhhKubh)}(hhh](h)}(h Referencesh]h References}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhM ubhfootnote)}(hAffected Processors https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.htmlh](hlabel)}(hhh]h1}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1jhjhhhNhNubh)}(hAffected Processors https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.htmlh](hAffected Processors }(hjhhhNhNubh reference)}(hhttps://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.htmlh]hhttps://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html}(hjhhhNhNubah}(h]h ]h"]h$]h&]refurijuh1jhjubeh}(h]h ]h"]h$]h&]uh1hhhhMhjubeh}(h]j+ah ]h"]f1ah$]h&]j$aj)Kj,j-uh1jhhhMhjhhubeh}(h] referencesah ]h"] referencesah$]h&]uh1hhj hhhhhM ubeh}(h] mitigationah ]h"] mitigationah$]h&]uh1hhhhhhhhKubeh}(h])processor-mmio-stale-data-vulnerabilitiesah ]h"])processor mmio stale data vulnerabilitiesah$]h&]uh1hhhhhhhhKubeh}(h]h ]h"]h$]h&]sourcehuh1hcurrent_sourceN current_lineNsettingsdocutils.frontendValues)}(hN generatorN datestampN source_linkN source_urlN toc_backlinksjsfootnote_backlinksK sectnum_xformKstrip_commentsNstrip_elements_with_classesN strip_classesN report_levelK halt_levelKexit_status_levelKdebugNwarning_streamN tracebackinput_encoding utf-8-siginput_encoding_error_handlerstrictoutput_encodingutf-8output_encoding_error_handlerjCerror_encodingutf-8error_encoding_error_handlerbackslashreplace language_codeenrecord_dependenciesNconfigN id_prefixhauto_id_prefixid dump_settingsNdump_internalsNdump_transformsNdump_pseudo_xmlNexpose_internalsNstrict_visitorN_disable_configN_sourceh _destinationN _config_files]7/var/lib/git/docbuild/linux/Documentation/docutils.confafile_insertion_enabled raw_enabledKline_length_limitM'pep_referencesN pep_base_urlhttps://peps.python.org/pep_file_url_templatepep-%04drfc_referencesN rfc_base_url&https://datatracker.ietf.org/doc/html/ tab_widthKtrim_footnote_reference_spacesyntax_highlightlong smart_quotessmartquotes_locales]character_level_inline_markupdoctitle_xform docinfo_xformKsectsubtitle_xform image_loadinglinkembed_stylesheetcloak_email_addressessection_self_linkenvNubreporterNindirect_targets]substitution_defs}substitution_names}refnames}f1]jasrefids}j+]jasnameids}(jjj`j]j jj1j.jXjUjjjjjjjjjojlj j j j j j jjj j jy jv j j j j j j j j jjjj jj+u nametypes}(jj`j j1jXjjjjjoj j j jj jy j j j j jjjuh}(jhj]hjhj.j jUj4jjcjjtjjjjjljj$jj jrj jj j jj j jD jv jU j j| j j j j j j jj j jj+ju footnote_refs}j]jas citation_refs} autofootnotes]jaautofootnote_refs]jasymbol_footnotes]symbol_footnote_refs] footnotes] citations]autofootnote_startKsymbol_footnote_startK id_counter collectionsCounter}jQKsRparse_messages]transform_messages] transformerN include_log] decorationNhhub.