k~sphinx.addnodesdocument)}( rawsourcechildren]( translations LanguagesNode)}(hhh](h pending_xref)}(hhh]docutils.nodesTextChinese (Simplified)}parenthsba attributes}(ids]classes]names]dupnames]backrefs] refdomainstdreftypedoc reftargetM/translations/zh_CN/admin-guide/hw-vuln/special-register-buffer-data-samplingmodnameN classnameN refexplicitutagnamehhh ubh)}(hhh]hChinese (Traditional)}hh2sbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftargetM/translations/zh_TW/admin-guide/hw-vuln/special-register-buffer-data-samplingmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hItalian}hhFsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftargetM/translations/it_IT/admin-guide/hw-vuln/special-register-buffer-data-samplingmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hJapanese}hhZsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftargetM/translations/ja_JP/admin-guide/hw-vuln/special-register-buffer-data-samplingmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hKorean}hhnsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftargetM/translations/ko_KR/admin-guide/hw-vuln/special-register-buffer-data-samplingmodnameN classnameN refexplicituh1hhh ubh)}(hhh]hSpanish}hhsbah}(h]h ]h"]h$]h&] refdomainh)reftypeh+ reftargetM/translations/sp_SP/admin-guide/hw-vuln/special-register-buffer-data-samplingmodnameN classnameN refexplicituh1hhh ubeh}(h]h ]h"]h$]h&]current_languageEnglishuh1h hh _documenthsourceNlineNubhcomment)}(h SPDX-License-Identifier: GPL-2.0h]h SPDX-License-Identifier: GPL-2.0}hhsbah}(h]h ]h"]h$]h&] xml:spacepreserveuh1hhhhhhg/var/lib/git/docbuild/linux/Documentation/admin-guide/hw-vuln/special-register-buffer-data-sampling.rsthKubhsection)}(hhh](htitle)}(h-SRBDS - Special Register Buffer Data Samplingh]h-SRBDS - Special Register Buffer Data Sampling}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhhhhKubh paragraph)}(hXkSRBDS is a hardware vulnerability that allows MDS Documentation/admin-guide/hw-vuln/mds.rst techniques to infer values returned from special register accesses. Special register accesses are accesses to off core registers. According to Intel's evaluation, the special register reads that have a security expectation of privacy are RDRAND, RDSEED and SGX EGETKEY.h]hXmSRBDS is a hardware vulnerability that allows MDS Documentation/admin-guide/hw-vuln/mds.rst techniques to infer values returned from special register accesses. Special register accesses are accesses to off core registers. According to Intel’s evaluation, the special register reads that have a security expectation of privacy are RDRAND, RDSEED and SGX EGETKEY.}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hWhen RDRAND, RDSEED and EGETKEY instructions are used, the data is moved to the core through the special register mechanism that is susceptible to MDS attacks.h]hWhen RDRAND, RDSEED and EGETKEY instructions are used, the data is moved to the core through the special register mechanism that is susceptible to MDS attacks.}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK hhhhubh)}(hhh](h)}(hAffected processorsh]hAffected processors}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhhhhhKubh)}(h[Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may be affected.h]h[Core models (desktop, mobile, Xeon-E3) that implement RDRAND and/or RDSEED may be affected.}(hhhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh)}(hXQA processor is affected by SRBDS if its Family_Model and stepping is in the following list, with the exception of the listed processors exporting MDS_NO while Intel TSX is available yet not enabled. The latter class of processors are only affected when Intel TSX is enabled by software using TSX_CTRL_MSR otherwise they are not affected.h]hXQA processor is affected by SRBDS if its Family_Model and stepping is in the following list, with the exception of the listed processors exporting MDS_NO while Intel TSX is available yet not enabled. The latter class of processors are only affected when Intel TSX is enabled by software using TSX_CTRL_MSR otherwise they are not affected.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhhhhubh block_quote)}(hX============= ============ ======== common name Family_Model Stepping ============= ============ ======== IvyBridge 06_3AH All Haswell 06_3CH All Haswell_L 06_45H All Haswell_G 06_46H All Broadwell_G 06_47H All Broadwell 06_3DH All Skylake_L 06_4EH All Skylake 06_5EH All Kabylake_L 06_8EH <= 0xC Kabylake 06_9EH <= 0xD ============= ============ ======== h]htable)}(hhh]htgroup)}(hhh](hcolspec)}(hhh]h}(h]h ]h"]h$]h&]colwidthK uh1j$hj!ubj%)}(hhh]h}(h]h ]h"]h$]h&]colwidthK uh1j$hj!ubj%)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1j$hj!ubhthead)}(hhh]hrow)}(hhh](hentry)}(hhh]h)}(h common nameh]h common name}(hjShhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjPubah}(h]h ]h"]h$]h&]uh1jNhjKubjO)}(hhh]h)}(h Family_Modelh]h Family_Model}(hjjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjgubah}(h]h ]h"]h$]h&]uh1jNhjKubjO)}(hhh]h)}(hSteppingh]hStepping}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj~ubah}(h]h ]h"]h$]h&]uh1jNhjKubeh}(h]h ]h"]h$]h&]uh1jIhjFubah}(h]h ]h"]h$]h&]uh1jDhj!ubhtbody)}(hhh](jJ)}(hhh](jO)}(hhh]h)}(h IvyBridgeh]h IvyBridge}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(h06_3AHh]h06_3AH}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(hAllh]hAll}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(hHaswellh]hHaswell}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK!hjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(h06_3CHh]h06_3CH}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK!hjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(hAllh]hAll}(hj(hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK!hj%ubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(h Haswell_Lh]h Haswell_L}(hjHhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK"hjEubah}(h]h ]h"]h$]h&]uh1jNhjBubjO)}(hhh]h)}(h06_45Hh]h06_45H}(hj_hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK"hj\ubah}(h]h ]h"]h$]h&]uh1jNhjBubjO)}(hhh]h)}(hAllh]hAll}(hjvhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK"hjsubah}(h]h ]h"]h$]h&]uh1jNhjBubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(h Haswell_Gh]h Haswell_G}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK#hjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(h06_46Hh]h06_46H}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK#hjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(hAllh]hAll}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK#hjubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(h Broadwell_Gh]h Broadwell_G}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK%hjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(h06_47Hh]h06_47H}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK%hjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(hAllh]hAll}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK%hjubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(h Broadwellh]h Broadwell}(hj2hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK&hj/ubah}(h]h ]h"]h$]h&]uh1jNhj,ubjO)}(hhh]h)}(h06_3DHh]h06_3DH}(hjIhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK&hjFubah}(h]h ]h"]h$]h&]uh1jNhj,ubjO)}(hhh]h)}(hAllh]hAll}(hj`hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK&hj]ubah}(h]h ]h"]h$]h&]uh1jNhj,ubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(h Skylake_Lh]h Skylake_L}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK(hj}ubah}(h]h ]h"]h$]h&]uh1jNhjzubjO)}(hhh]h)}(h06_4EHh]h06_4EH}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK(hjubah}(h]h ]h"]h$]h&]uh1jNhjzubjO)}(hhh]h)}(hAllh]hAll}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK(hjubah}(h]h ]h"]h$]h&]uh1jNhjzubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(hSkylakeh]hSkylake}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK)hjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(h06_5EHh]h06_5EH}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK)hjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(hAllh]hAll}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK)hjubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(h Kabylake_Lh]h Kabylake_L}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK+hjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(h06_8EHh]h06_8EH}(hj3hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK+hj0ubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(h<= 0xCh]h<= 0xC}(hjJhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK+hjGubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(hKabylakeh]hKabylake}(hjjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK,hjgubah}(h]h ]h"]h$]h&]uh1jNhjdubjO)}(hhh]h)}(h06_9EHh]h06_9EH}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK,hj~ubah}(h]h ]h"]h$]h&]uh1jNhjdubjO)}(hhh]h)}(h<= 0xDh]h<= 0xD}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK,hjubah}(h]h ]h"]h$]h&]uh1jNhjdubeh}(h]h ]h"]h$]h&]uh1jIhjubeh}(h]h ]h"]h$]h&]uh1jhj!ubeh}(h]h ]h"]h$]h&]colsKuh1jhjubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1jhhhKhhhhubeh}(h]affected-processorsah ]h"]affected processorsah$]h&]uh1hhhhhhhhKubh)}(hhh](h)}(h Related CVEsh]h Related CVEs}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhK0ubh)}(h7The following CVE entry is related to this SRBDS issue:h]h7The following CVE entry is related to this SRBDS issue:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK2hjhhubj)}(h============== ===== ===================================== CVE-2020-0543 SRBDS Special Register Buffer Data Sampling ============== ===== ===================================== h]j)}(hhh]j )}(hhh](j%)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1j$hjubj%)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1j$hjubj%)}(hhh]h}(h]h ]h"]h$]h&]colwidthK%uh1j$hjubj)}(hhh]jJ)}(hhh](jO)}(hhh]h)}(h CVE-2020-0543h]h CVE-2020-0543}(hj#hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK5hj ubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(hSRBDSh]hSRBDS}(hj:hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK5hj7ubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(h%Special Register Buffer Data Samplingh]h%Special Register Buffer Data Sampling}(hjQhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK5hjNubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]colsKuh1jhjubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1jhhhK4hjhhubeh}(h] related-cvesah ]h"] related cvesah$]h&]uh1hhhhhhhhK0ubh)}(hhh](h)}(hAttack scenariosh]hAttack scenarios}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhK9ubh)}(hAn unprivileged user can extract values returned from RDRAND and RDSEED executed on another core or sibling thread using MDS techniques.h]hAn unprivileged user can extract values returned from RDRAND and RDSEED executed on another core or sibling thread using MDS techniques.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK:hjhhubeh}(h]attack-scenariosah ]h"]attack scenariosah$]h&]uh1hhhhhhhhK9ubh)}(hhh](h)}(hMitigation mechanismh]hMitigation mechanism}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhjhhhhhK?ubh)}(hIntel will release microcode updates that modify the RDRAND, RDSEED, and EGETKEY instructions to overwrite secret special register data in the shared staging buffer before the secret data can be accessed by another logical processor.h]hIntel will release microcode updates that modify the RDRAND, RDSEED, and EGETKEY instructions to overwrite secret special register data in the shared staging buffer before the secret data can be accessed by another logical processor.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK@hjhhubh)}(hDuring execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core accesses from other logical processors will be delayed until the special register read is complete and the secret data in the shared staging buffer is overwritten.h]hDuring execution of the RDRAND, RDSEED, or EGETKEY instructions, off-core accesses from other logical processors will be delayed until the special register read is complete and the secret data in the shared staging buffer is overwritten.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKEhjhhubh)}(h&This has three effects on performance:h]h&This has three effects on performance:}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKJhjhhubhenumerated_list)}(hhh](h list_item)}(h=RDRAND, RDSEED, or EGETKEY instructions have higher latency. h]h)}(huh1j$hjubj)}(hhh]jJ)}(hhh](jO)}(hhh]h)}(hoffh]hoff}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKuhjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(hRThis option disables SRBDS mitigation for RDRAND and RDSEED on affected platforms.h]hRThis option disables SRBDS mitigation for RDRAND and RDSEED on affected platforms.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKuhjubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubah}(h]h ]h"]h$]h&]uh1jhjubeh}(h]h ]h"]h$]h&]colsKuh1jhjubah}(h]h ]h"]h$]h&]uh1jhjubah}(h]h ]h"]h$]h&]uh1jhhhKthjhhubeh}(h]-mitigation-control-on-the-kernel-command-lineah ]h"]-mitigation control on the kernel command lineah$]h&]uh1hhhhhhhhKpubh)}(hhh](h)}(hSRBDS System Informationh]hSRBDS System Information}(hj<hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj9hhhhhKzubh)}(hThe Linux kernel provides vulnerability status information through sysfs. For SRBDS this can be accessed by the following sysfs file: /sys/devices/system/cpu/vulnerabilities/srbdsh]hThe Linux kernel provides vulnerability status information through sysfs. For SRBDS this can be accessed by the following sysfs file: /sys/devices/system/cpu/vulnerabilities/srbds}(hjJhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhK{hj9hhubh)}(h/The possible values contained in this file are:h]h/The possible values contained in this file are:}(hjXhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj9hhubj)}(hX============================== ============================================= Not affected Processor not vulnerable Vulnerable Processor vulnerable and mitigation disabled Vulnerable: No microcode Processor vulnerable and microcode is missing mitigation Mitigation: Microcode Processor is vulnerable and mitigation is in effect. Mitigation: TSX disabled Processor is only vulnerable when TSX is enabled while this system was booted with TSX disabled. Unknown: Dependent on hypervisor status Running on virtual guest processor that is affected but with no way to know if host processor is mitigated or vulnerable. ============================== ============================================= h]j)}(hhh]j )}(hhh](j%)}(hhh]h}(h]h ]h"]h$]h&]colwidthKuh1j$hjmubj%)}(hhh]h}(h]h ]h"]h$]h&]colwidthK-uh1j$hjmubj)}(hhh](jJ)}(hhh](jO)}(hhh]h)}(h Not affectedh]h Not affected}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(hProcessor not vulnerableh]hProcessor not vulnerable}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(h Vulnerableh]h Vulnerable}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(h,Processor vulnerable and mitigation disabledh]h,Processor vulnerable and mitigation disabled}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(hVulnerable: No microcodeh]hVulnerable: No microcode}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(h8Processor vulnerable and microcode is missing mitigationh]h8Processor vulnerable and microcode is missing mitigation}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(hMitigation: Microcodeh]hMitigation: Microcode}(hj2hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj/ubah}(h]h ]h"]h$]h&]uh1jNhj,ubjO)}(hhh]h)}(h4Processor is vulnerable and mitigation is in effect.h]h4Processor is vulnerable and mitigation is in effect.}(hjIhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjFubah}(h]h ]h"]h$]h&]uh1jNhj,ubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(hMitigation: TSX disabledh]hMitigation: TSX disabled}(hjihhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjfubah}(h]h ]h"]h$]h&]uh1jNhjcubjO)}(hhh]h)}(h`Processor is only vulnerable when TSX is enabled while this system was booted with TSX disabled.h]h`Processor is only vulnerable when TSX is enabled while this system was booted with TSX disabled.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj}ubah}(h]h ]h"]h$]h&]uh1jNhjcubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(hUnknown: Dependent onh]hUnknown: Dependent on}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubjJ)}(hhh](jO)}(hhh]h)}(hhypervisor statush]hhypervisor status}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubjO)}(hhh]h)}(hyRunning on virtual guest processor that is affected but with no way to know if host processor is mitigated or vulnerable.h]hyRunning on virtual guest processor that is affected but with no way to know if host processor is mitigated or vulnerable.}(hjhhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhjubah}(h]h ]h"]h$]h&]uh1jNhjubeh}(h]h ]h"]h$]h&]uh1jIhjubeh}(h]h ]h"]h$]h&]uh1jhjmubeh}(h]h ]h"]h$]h&]colsKuh1jhjjubah}(h]h ]h"]h$]h&]uh1jhjfubah}(h]h ]h"]h$]h&]uh1jhhhKhj9hhubeh}(h]srbds-system-informationah ]h"]srbds system informationah$]h&]uh1hhhhhhhhKzubh)}(hhh](h)}(hSRBDS Default mitigationh]hSRBDS Default mitigation}(hj hhhNhNubah}(h]h ]h"]h$]h&]uh1hhj hhhhhKubh)}(hThis new microcode serializes processor access during execution of RDRAND, RDSEED ensures that the shared buffer is overwritten before it is released for reuse. Use the "srbds=off" kernel command line to disable the mitigation for RDRAND and RDSEED.h]hThis new microcode serializes processor access during execution of RDRAND, RDSEED ensures that the shared buffer is overwritten before it is released for reuse. Use the “srbds=off” kernel command line to disable the mitigation for RDRAND and RDSEED.}(hj, hhhNhNubah}(h]h ]h"]h$]h&]uh1hhhhKhj hhubeh}(h]srbds-default-mitigationah ]h"]srbds default mitigationah$]h&]uh1hhhhhhhhKubeh}(h]+srbds-special-register-buffer-data-samplingah ]h"]-srbds - special register buffer data samplingah$]h&]uh1hhhhhhhhKubeh}(h]h ]h"]h$]h&]sourcehuh1hcurrent_sourceN current_lineNsettingsdocutils.frontendValues)}(hN generatorN datestampN source_linkN source_urlN toc_backlinksjNfootnote_backlinksK sectnum_xformKstrip_commentsNstrip_elements_with_classesN strip_classesN report_levelK halt_levelKexit_status_levelKdebugNwarning_streamN tracebackinput_encoding utf-8-siginput_encoding_error_handlerstrictoutput_encodingutf-8output_encoding_error_handlerjl error_encodingutf-8error_encoding_error_handlerbackslashreplace language_codeenrecord_dependenciesNconfigN id_prefixhauto_id_prefixid dump_settingsNdump_internalsNdump_transformsNdump_pseudo_xmlNexpose_internalsNstrict_visitorN_disable_configN_sourceh _destinationN _config_files]7/var/lib/git/docbuild/linux/Documentation/docutils.confafile_insertion_enabled raw_enabledKline_length_limitM'pep_referencesN pep_base_urlhttps://peps.python.org/pep_file_url_templatepep-%04drfc_referencesN rfc_base_url&https://datatracker.ietf.org/doc/html/ tab_widthKtrim_footnote_reference_spacesyntax_highlightlong smart_quotessmartquotes_locales]character_level_inline_markupdoctitle_xform docinfo_xformKsectsubtitle_xform image_loadinglinkembed_stylesheetcloak_email_addressessection_self_linkenvNubreporterNindirect_targets]substitution_defs}substitution_names}refnames}refids}nameids}(jG jD jjjjjjj[jXjjj6j3j j j? j< u nametypes}(jG jjjj[jj6j j? uh}(jD hjhjjjjjXjjj^j3jj j9j< j u footnote_refs} citation_refs} autofootnotes]autofootnote_refs]symbol_footnotes]symbol_footnote_refs] footnotes] citations]autofootnote_startKsymbol_footnote_startK id_counter collectionsCounter}Rparse_messages]transform_messages] transformerN include_log] decorationNhhub.