€•)_      Œsphinx.addnodes”Œdocument”“”)”}”(Œ	rawsource”Œ ”Œchildren”]”(Œtranslations”ŒLanguagesNode”“”)”}”(hhh]”(h Œpending_xref”“”)”}”(hhh]”Œdocutils.nodes”ŒText”“”ŒChinese (Simplified)”…””}”Œparent”hsbaŒ
attributes”}”(Œids”]”Œclasses”]”Œnames”]”Œdupnames”]”Œbackrefs”]”Œ	refdomain”Œstd”Œreftype”Œdoc”Œ	reftarget”Œ>/translations/zh_CN/admin-guide/hw-vuln/reg-file-data-sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuŒtagname”hhhubh)”}”(hhh]”hŒChinese (Traditional)”…””}”hh2sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ>/translations/zh_TW/admin-guide/hw-vuln/reg-file-data-sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒItalian”…””}”hhFsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ>/translations/it_IT/admin-guide/hw-vuln/reg-file-data-sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒJapanese”…””}”hhZsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ>/translations/ja_JP/admin-guide/hw-vuln/reg-file-data-sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒKorean”…””}”hhnsbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ>/translations/ko_KR/admin-guide/hw-vuln/reg-file-data-sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubh)”}”(hhh]”hŒSpanish”…””}”hh‚sbah}”(h]”h ]”h"]”h$]”h&]”Œ	refdomain”h)Œreftype”h+Œ	reftarget”Œ>/translations/sp_SP/admin-guide/hw-vuln/reg-file-data-sampling”Œmodname”NŒ	classname”NŒrefexplicit”ˆuh1hhhubeh}”(h]”h ]”h"]”h$]”h&]”Œcurrent_language”ŒEnglish”uh1h
hhŒ	_document”hŒsource”NŒline”NubhŒsection”“”)”}”(hhh]”(hŒtitle”“”)”}”(hŒ"Register File Data Sampling (RFDS)”h]”hŒ"Register File Data Sampling (RFDS)”…””}”(hh¨hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hh£hžhhŸŒX/var/lib/git/docbuild/linux/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst”h KubhŒ	paragraph”“”)”}”(hXx  Register File Data Sampling (RFDS) is a microarchitectural vulnerability that
only affects Intel Atom parts(also branded as E-cores). RFDS may allow
a malicious actor to infer data values previously used in floating point
registers, vector registers, or integer registers. RFDS does not provide the
ability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS.”h]”hXx  Register File Data Sampling (RFDS) is a microarchitectural vulnerability that
only affects Intel Atom parts(also branded as E-cores). RFDS may allow
a malicious actor to infer data values previously used in floating point
registers, vector registers, or integer registers. RFDS does not provide the
ability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS.”…””}”(hh¹hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khh£hžhubh¢)”}”(hhh]”(h§)”}”(hŒAffected Processors”h]”hŒAffected Processors”…””}”(hhÊhžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hhÇhžhhŸh¶h Kubh¸)”}”(hŒ6Below is the list of affected Intel processors [#f1]_:”h]”(hŒ/Below is the list of affected Intel processors ”…””}”(hhØhžhhŸNh NubhŒfootnote_reference”“”)”}”(hŒ[#f1]_”h]”hŒ1”…””}”(hhâhžhhŸNh Nubah}”(h]”Œid1”ah ]”h"]”h$]”h&]”Œauto”KŒrefid”Œf1”Œdocname”Œ*admin-guide/hw-vuln/reg-file-data-sampling”uh1hàhhØŒresolved”KubhŒ:”…””}”(hhØhžhhŸNh Nubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KhhÇhžhubhŒblock_quote”“”)”}”(hXü  ===================  ============
Common name          Family_Model
===================  ============
ATOM_GOLDMONT           06_5CH
ATOM_GOLDMONT_D         06_5FH
ATOM_GOLDMONT_PLUS      06_7AH
ATOM_TREMONT_D          06_86H
ATOM_TREMONT            06_96H
ALDERLAKE               06_97H
ALDERLAKE_L             06_9AH
ATOM_TREMONT_L          06_9CH
RAPTORLAKE              06_B7H
RAPTORLAKE_P            06_BAH
ATOM_GRACEMONT          06_BEH
RAPTORLAKE_S            06_BFH
===================  ============
”h]”hŒtable”“”)”}”(hhh]”hŒtgroup”“”)”}”(hhh]”(hŒcolspec”“”)”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1j  hj  ubj  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”Kuh1j  hj  ubhŒthead”“”)”}”(hhh]”hŒrow”“”)”}”(hhh]”(hŒentry”“”)”}”(hhh]”h¸)”}”(hŒCommon name”h]”hŒCommon name”…””}”(hj6  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj3  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj.  ubj2  )”}”(hhh]”h¸)”}”(hŒFamily_Model”h]”hŒFamily_Model”…””}”(hjM  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KhjJ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj.  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hj)  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j'  hj  ubhŒtbody”“”)”}”(hhh]”(j-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒATOM_GOLDMONT”h]”hŒATOM_GOLDMONT”…””}”(hjx  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khju  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjr  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_5CH”h]”hŒ06_5CH”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KhjŒ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjr  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒATOM_GOLDMONT_D”h]”hŒATOM_GOLDMONT_D”…””}”(hj¯  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj¬  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj©  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_5FH”h]”hŒ06_5FH”…””}”(hjÆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KhjÃ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj©  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒATOM_GOLDMONT_PLUS”h]”hŒATOM_GOLDMONT_PLUS”…””}”(hjæ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khjã  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjà  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_7AH”h]”hŒ06_7AH”…””}”(hjý  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khjú  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjà  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒATOM_TREMONT_D”h]”hŒATOM_TREMONT_D”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_86H”h]”hŒ06_86H”…””}”(hj4  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj1  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒATOM_TREMONT”h]”hŒATOM_TREMONT”…””}”(hjT  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KhjQ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjN  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_96H”h]”hŒ06_96H”…””}”(hjk  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khjh  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjN  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒ	ALDERLAKE”h]”hŒ	ALDERLAKE”…””}”(hj‹  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khjˆ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj…  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_97H”h]”hŒ06_97H”…””}”(hj¢  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KhjŸ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj…  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒALDERLAKE_L”h]”hŒALDERLAKE_L”…””}”(hjÂ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj¿  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj¼  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_9AH”h]”hŒ06_9AH”…””}”(hjÙ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KhjÖ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj¼  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒATOM_TREMONT_L”h]”hŒATOM_TREMONT_L”…””}”(hjù  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khjö  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjó  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_9CH”h]”hŒ06_9CH”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjó  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒ
RAPTORLAKE”h]”hŒ
RAPTORLAKE”…””}”(hj0  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj-  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj*  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_B7H”h]”hŒ06_B7H”…””}”(hjG  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KhjD  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj*  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒRAPTORLAKE_P”h]”hŒRAPTORLAKE_P”…””}”(hjg  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khjd  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hja  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_BAH”h]”hŒ06_BAH”…””}”(hj~  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj{  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hja  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒATOM_GRACEMONT”h]”hŒATOM_GRACEMONT”…””}”(hjž  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj›  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj˜  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_BEH”h]”hŒ06_BEH”…””}”(hjµ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khj²  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj˜  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒRAPTORLAKE_S”h]”hŒRAPTORLAKE_S”…””}”(hjÕ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KhjÒ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjÏ  ubj2  )”}”(hhh]”h¸)”}”(hŒ06_BFH”h]”hŒ06_BFH”…””}”(hjì  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h Khjé  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjÏ  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hjo  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jm  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1j  hj	  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh¶h KhhÇhžhubeh}”(h]”Œaffected-processors”ah ]”h"]”Œaffected processors”ah$]”h&]”uh1h¡hh£hžhhŸh¶h Kubh¢)”}”(hhh]”(h§)”}”(hŒ
Mitigation”h]”hŒ
Mitigation”…””}”(hj*  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj'  hžhhŸh¶h K!ubh¸)”}”(hXË  Intel released a microcode update that enables software to clear sensitive
information using the VERW instruction. Like MDS, RFDS deploys the same
mitigation strategy to force the CPU to clear the affected buffers before an
attacker can extract the secrets. This is achieved by using the otherwise
unused and obsolete VERW instruction in combination with a microcode update.
The microcode clears the affected CPU buffers when the VERW instruction is
executed.”h]”hXË  Intel released a microcode update that enables software to clear sensitive
information using the VERW instruction. Like MDS, RFDS deploys the same
mitigation strategy to force the CPU to clear the affected buffers before an
attacker can extract the secrets. This is achieved by using the otherwise
unused and obsolete VERW instruction in combination with a microcode update.
The microcode clears the affected CPU buffers when the VERW instruction is
executed.”…””}”(hj8  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K"hj'  hžhubh¢)”}”(hhh]”(h§)”}”(hŒMitigation points”h]”hŒMitigation points”…””}”(hjI  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjF  hžhhŸh¶h K+ubh¸)”}”(hŒ±VERW is executed by the kernel before returning to user space, and by KVM
before VMentry. None of the affected cores support SMT, so VERW is not required
at C-state transitions.”h]”hŒ±VERW is executed by the kernel before returning to user space, and by KVM
before VMentry. None of the affected cores support SMT, so VERW is not required
at C-state transitions.”…””}”(hjW  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K,hjF  hžhubeh}”(h]”Œmitigation-points”ah ]”h"]”Œmitigation points”ah$]”h&]”uh1h¡hj'  hžhhŸh¶h K+ubh¢)”}”(hhh]”(h§)”}”(hŒ"New bits in IA32_ARCH_CAPABILITIES”h]”hŒ"New bits in IA32_ARCH_CAPABILITIES”…””}”(hjp  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjm  hžhhŸh¶h K1ubh¸)”}”(hŒÀNewer processors and microcode update on existing affected processors added new
bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate
vulnerability and mitigation capability:”h]”hŒÀNewer processors and microcode update on existing affected processors added new
bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate
vulnerability and mitigation capability:”…””}”(hj~  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K2hjm  hžhubhŒbullet_list”“”)”}”(hhh]”(hŒ	list_item”“”)”}”(hŒ?Bit 27 - RFDS_NO - When set, processor is not affected by RFDS.”h]”h¸)”}”(hj•  h]”hŒ?Bit 27 - RFDS_NO - When set, processor is not affected by RFDS.”…””}”(hj—  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K6hj“  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j‘  hjŽ  hžhhŸh¶h Nubj’  )”}”(hŒ‰Bit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the
microcode that clears the affected buffers on VERW execution.
”h]”h¸)”}”(hŒˆBit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the
microcode that clears the affected buffers on VERW execution.”h]”hŒˆBit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the
microcode that clears the affected buffers on VERW execution.”…””}”(hj®  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K7hjª  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j‘  hjŽ  hžhhŸh¶h Nubeh}”(h]”h ]”h"]”h$]”h&]”Œbullet”Œ-”uh1jŒ  hŸh¶h K6hjm  hžhubeh}”(h]”Œ"new-bits-in-ia32-arch-capabilities”ah ]”h"]”Œ"new bits in ia32_arch_capabilities”ah$]”h&]”uh1h¡hj'  hžhhŸh¶h K1ubh¢)”}”(hhh]”(h§)”}”(hŒ-Mitigation control on the kernel command line”h]”hŒ-Mitigation control on the kernel command line”…””}”(hjÕ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hjÒ  hžhhŸh¶h K;ubh¸)”}”(hŒThe kernel command line allows to control RFDS mitigation at boot time with the
parameter "reg_file_data_sampling=". The valid arguments are:”h]”hŒ‘The kernel command line allows to control RFDS mitigation at boot time with the
parameter â€œreg_file_data_sampling=â€. The valid arguments are:”…””}”(hjã  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K<hjÒ  hžhubj  )”}”(hXE  ==========  =================================================================
on          If the CPU is vulnerable, enable mitigation; CPU buffer clearing
            on exit to userspace and before entering a VM.
off         Disables mitigation.
==========  =================================================================
”h]”j  )”}”(hhh]”j  )”}”(hhh]”(j  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K
uh1j  hjø  ubj  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”KAuh1j  hjø  ubjn  )”}”(hhh]”(j-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒon”h]”hŒon”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K@hj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj  ubj2  )”}”(hhh]”h¸)”}”(hŒoIf the CPU is vulnerable, enable mitigation; CPU buffer clearing
on exit to userspace and before entering a VM.”h]”hŒoIf the CPU is vulnerable, enable mitigation; CPU buffer clearing
on exit to userspace and before entering a VM.”…””}”(hj/  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K@hj,  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hj  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒoff”h]”hŒoff”…””}”(hjO  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KBhjL  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjI  ubj2  )”}”(hhh]”h¸)”}”(hŒDisables mitigation.”h]”hŒDisables mitigation.”…””}”(hjf  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KBhjc  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjI  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jm  hjø  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1j  hjõ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjñ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh¶h K?hjÒ  hžhubh¸)”}”(hŒ9Mitigation default is selected by CONFIG_MITIGATION_RFDS.”h]”hŒ9Mitigation default is selected by CONFIG_MITIGATION_RFDS.”…””}”(hj™  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KEhjÒ  hžhubeh}”(h]”Œ-mitigation-control-on-the-kernel-command-line”ah ]”h"]”Œ-mitigation control on the kernel command line”ah$]”h&]”uh1h¡hj'  hžhhŸh¶h K;ubh¢)”}”(hhh]”(h§)”}”(hŒMitigation status information”h]”hŒMitigation status information”…””}”(hj²  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj¯  hžhhŸh¶h KHubh¸)”}”(hŒÈThe Linux kernel provides a sysfs interface to enumerate the current
vulnerability status of the system: whether the system is vulnerable, and
which mitigations are active. The relevant sysfs file is:”h]”hŒÈThe Linux kernel provides a sysfs interface to enumerate the current
vulnerability status of the system: whether the system is vulnerable, and
which mitigations are active. The relevant sysfs file is:”…””}”(hjÀ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KIhj¯  hžhubj  )”}”(hŒ?/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling
”h]”h¸)”}”(hŒ>/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling”h]”hŒ>/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling”…””}”(hjÒ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KMhjÎ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh¶h KMhj¯  hžhubh¸)”}”(hŒ%The possible values in this file are:”h]”hŒ%The possible values in this file are:”…””}”(hjæ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KOhj¯  hžhubj  )”}”(hX‰  .. list-table::

   * - 'Not affected'
     - The processor is not vulnerable
   * - 'Vulnerable'
     - The processor is vulnerable, but no mitigation enabled
   * - 'Vulnerable: No microcode'
     - The processor is vulnerable but microcode is not updated.
   * - 'Mitigation: Clear Register File'
     - The processor is vulnerable and the CPU buffer clearing mitigation is
       enabled.
”h]”j  )”}”(hhh]”j  )”}”(hhh]”(j  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”Œcolwidth”K2uh1j  hjû  ubj  )”}”(hhh]”h}”(h]”h ]”h"]”h$]”h&]”j  K2uh1j  hjû  ubjn  )”}”(hhh]”(j-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒ'Not affected'”h]”hŒâ€˜Not affectedâ€™”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KShj  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj  ubj2  )”}”(hhh]”h¸)”}”(hŒThe processor is not vulnerable”h]”hŒThe processor is not vulnerable”…””}”(hj1  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KThj.  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hj  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒ'Vulnerable'”h]”hŒâ€˜Vulnerableâ€™”…””}”(hjQ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KUhjN  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjK  ubj2  )”}”(hhh]”h¸)”}”(hŒ6The processor is vulnerable, but no mitigation enabled”h]”hŒ6The processor is vulnerable, but no mitigation enabled”…””}”(hjh  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KVhje  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hjK  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hj  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒ'Vulnerable: No microcode'”h]”hŒâ€˜Vulnerable: No microcodeâ€™”…””}”(hjˆ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KWhj…  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj‚  ubj2  )”}”(hhh]”h¸)”}”(hŒ9The processor is vulnerable but microcode is not updated.”h]”hŒ9The processor is vulnerable but microcode is not updated.”…””}”(hjŸ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KXhjœ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj‚  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hj  ubj-  )”}”(hhh]”(j2  )”}”(hhh]”h¸)”}”(hŒ!'Mitigation: Clear Register File'”h]”hŒ%â€˜Mitigation: Clear Register Fileâ€™”…””}”(hj¿  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KYhj¼  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj¹  ubj2  )”}”(hhh]”h¸)”}”(hŒNThe processor is vulnerable and the CPU buffer clearing mitigation is
enabled.”h]”hŒNThe processor is vulnerable and the CPU buffer clearing mitigation is
enabled.”…””}”(hjÖ  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h KZhjÓ  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j1  hj¹  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1j,  hj  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1jm  hjû  ubeh}”(h]”h ]”h"]”h$]”h&]”Œcols”Kuh1j  hjø  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hjô  ubah}”(h]”h ]”h"]”h$]”h&]”uh1j  hŸh¶h KQhj¯  hžhubeh}”(h]”Œmitigation-status-information”ah ]”h"]”Œmitigation status information”ah$]”h&]”uh1h¡hj'  hžhhŸh¶h KHubh¢)”}”(hhh]”(h§)”}”(hŒ
References”h]”hŒ
References”…””}”(hj  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1h¦hj  hžhhŸh¶h K^ubhŒfootnote”“”)”}”(hŒ©Affected Processors
https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html”h]”(hŒlabel”“”)”}”(hhh]”hŒ1”…””}”(hj*  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”uh1j(  hj$  hžhhŸNh Nubh¸)”}”(hŒ©Affected Processors
https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html”h]”(hŒAffected Processors
”…””}”(hj7  hžhhŸNh NubhŒ	reference”“”)”}”(hŒ•https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html”h]”hŒ•https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html”…””}”(hjA  hžhhŸNh Nubah}”(h]”h ]”h"]”h$]”h&]”Œrefuri”jC  uh1j?  hj7  ubeh}”(h]”h ]”h"]”h$]”h&]”uh1h·hŸh¶h K_hj$  ubeh}”(h]”hóah ]”h"]”Œf1”ah$]”h&]”hìahñKhôhõuh1j"  hŸh¶h K_hj  hžhubeh}”(h]”Œ
references”ah ]”h"]”Œ
references”ah$]”h&]”uh1h¡hj'  hžhhŸh¶h K^ubeh}”(h]”Œ
mitigation”ah ]”h"]”Œ
mitigation”ah$]”h&]”uh1h¡hh£hžhhŸh¶h K!ubeh}”(h]”Œ register-file-data-sampling-rfds”ah ]”h"]”Œ"register file data sampling (rfds)”ah$]”h&]”uh1h¡hhhžhhŸh¶h Kubeh}”(h]”h ]”h"]”h$]”h&]”Œsource”h¶uh1hŒcurrent_source”NŒcurrent_line”NŒsettings”Œdocutils.frontend”ŒValues”“”)”}”(h¦NŒ	generator”NŒ	datestamp”NŒsource_link”NŒ
source_url”NŒtoc_backlinks”j1  Œfootnote_backlinks”KŒsectnum_xform”KŒstrip_comments”NŒstrip_elements_with_classes”NŒstrip_classes”NŒreport_level”KŒ
halt_level”KŒexit_status_level”KŒdebug”NŒwarning_stream”NŒ	traceback”ˆŒinput_encoding”Œ	utf-8-sig”Œinput_encoding_error_handler”Œstrict”Œoutput_encoding”Œutf-8”Œoutput_encoding_error_handler”j—  Œerror_encoding”Œutf-8”Œerror_encoding_error_handler”Œbackslashreplace”Œlanguage_code”Œen”Œrecord_dependencies”NŒconfig”NŒ	id_prefix”hŒauto_id_prefix”Œid”Œdump_settings”NŒdump_internals”NŒdump_transforms”NŒdump_pseudo_xml”NŒexpose_internals”NŒstrict_visitor”NŒ_disable_config”NŒ_source”h¶Œ_destination”NŒ_config_files”]”Œ7/var/lib/git/docbuild/linux/Documentation/docutils.conf”aŒfile_insertion_enabled”ˆŒraw_enabled”KŒline_length_limit”M'Œpep_references”NŒpep_base_url”Œhttps://peps.python.org/”Œpep_file_url_template”Œpep-%04d”Œrfc_references”NŒrfc_base_url”Œ&https://datatracker.ietf.org/doc/html/”Œ	tab_width”KŒtrim_footnote_reference_space”‰Œsyntax_highlight”Œlong”Œsmart_quotes”ˆŒsmartquotes_locales”]”Œcharacter_level_inline_markup”‰Œdoctitle_xform”‰Œdocinfo_xform”KŒsectsubtitle_xform”‰Œimage_loading”Œlink”Œembed_stylesheet”‰Œcloak_email_addresses”ˆŒsection_self_link”‰Œenv”NubŒreporter”NŒindirect_targets”]”Œsubstitution_defs”}”Œsubstitution_names”}”Œrefnames”}”Œf1”]”hâasŒrefids”}”hó]”hâasŒnameids”}”(jr  jo  j$  j!  jj  jg  jj  jg  jÏ  jÌ  j¬  j©  j  j  jb  j_  jZ  hóuŒ	nametypes”}”(jr  ‰j$  ‰jj  ‰jj  ‰jÏ  ‰j¬  ‰j  ‰jb  ‰jZ  ˆuh}”(jo  h£j!  hÇhìhâjg  j'  jg  jF  jÌ  jm  j©  jÒ  j  j¯  j_  j  hój$  uŒfootnote_refs”}”j×  ]”hâasŒcitation_refs”}”Œautofootnotes”]”j$  aŒautofootnote_refs”]”hâaŒsymbol_footnotes”]”Œsymbol_footnote_refs”]”Œ	footnotes”]”Œ	citations”]”Œautofootnote_start”KŒsymbol_footnote_start”K Œ
id_counter”Œcollections”ŒCounter”“”}”j¥  Ks…”R”Œparse_messages”]”Œtransform_messages”]”Œtransformer”NŒinclude_log”]”Œ
decoration”Nhžhub.