Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Documentation/hw-vuln: Add documentation for RFDS
commit 4e42765 upstream. Add the documentation for transient execution vulnerability Register File Data Sampling (RFDS) that affects Intel Atom CPUs. Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com> Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> Reviewed-by: Thomas Gleixner <tglx@linutronix.de> Acked-by: Josh Poimboeuf <jpoimboe@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
- Loading branch information
Showing
2 changed files
with
105 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
104 changes: 104 additions & 0 deletions
104
Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,104 @@ | ||
| ================================== | ||
| Register File Data Sampling (RFDS) | ||
| ================================== | ||
|
|
||
| Register File Data Sampling (RFDS) is a microarchitectural vulnerability that | ||
| only affects Intel Atom parts(also branded as E-cores). RFDS may allow | ||
| a malicious actor to infer data values previously used in floating point | ||
| registers, vector registers, or integer registers. RFDS does not provide the | ||
| ability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS. | ||
|
|
||
| Affected Processors | ||
| =================== | ||
| Below is the list of affected Intel processors [#f1]_: | ||
|
|
||
| =================== ============ | ||
| Common name Family_Model | ||
| =================== ============ | ||
| ATOM_GOLDMONT 06_5CH | ||
| ATOM_GOLDMONT_D 06_5FH | ||
| ATOM_GOLDMONT_PLUS 06_7AH | ||
| ATOM_TREMONT_D 06_86H | ||
| ATOM_TREMONT 06_96H | ||
| ALDERLAKE 06_97H | ||
| ALDERLAKE_L 06_9AH | ||
| ATOM_TREMONT_L 06_9CH | ||
| RAPTORLAKE 06_B7H | ||
| RAPTORLAKE_P 06_BAH | ||
| ATOM_GRACEMONT 06_BEH | ||
| RAPTORLAKE_S 06_BFH | ||
| =================== ============ | ||
|
|
||
| As an exception to this table, Intel Xeon E family parts ALDERLAKE(06_97H) and | ||
| RAPTORLAKE(06_B7H) codenamed Catlow are not affected. They are reported as | ||
| vulnerable in Linux because they share the same family/model with an affected | ||
| part. Unlike their affected counterparts, they do not enumerate RFDS_CLEAR or | ||
| CPUID.HYBRID. This information could be used to distinguish between the | ||
| affected and unaffected parts, but it is deemed not worth adding complexity as | ||
| the reporting is fixed automatically when these parts enumerate RFDS_NO. | ||
|
|
||
| Mitigation | ||
| ========== | ||
| Intel released a microcode update that enables software to clear sensitive | ||
| information using the VERW instruction. Like MDS, RFDS deploys the same | ||
| mitigation strategy to force the CPU to clear the affected buffers before an | ||
| attacker can extract the secrets. This is achieved by using the otherwise | ||
| unused and obsolete VERW instruction in combination with a microcode update. | ||
| The microcode clears the affected CPU buffers when the VERW instruction is | ||
| executed. | ||
|
|
||
| Mitigation points | ||
| ----------------- | ||
| VERW is executed by the kernel before returning to user space, and by KVM | ||
| before VMentry. None of the affected cores support SMT, so VERW is not required | ||
| at C-state transitions. | ||
|
|
||
| New bits in IA32_ARCH_CAPABILITIES | ||
| ---------------------------------- | ||
| Newer processors and microcode update on existing affected processors added new | ||
| bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate | ||
| vulnerability and mitigation capability: | ||
|
|
||
| - Bit 27 - RFDS_NO - When set, processor is not affected by RFDS. | ||
| - Bit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the | ||
| microcode that clears the affected buffers on VERW execution. | ||
|
|
||
| Mitigation control on the kernel command line | ||
| --------------------------------------------- | ||
| The kernel command line allows to control RFDS mitigation at boot time with the | ||
| parameter "reg_file_data_sampling=". The valid arguments are: | ||
|
|
||
| ========== ================================================================= | ||
| on If the CPU is vulnerable, enable mitigation; CPU buffer clearing | ||
| on exit to userspace and before entering a VM. | ||
| off Disables mitigation. | ||
| ========== ================================================================= | ||
|
|
||
| Mitigation default is selected by CONFIG_MITIGATION_RFDS. | ||
|
|
||
| Mitigation status information | ||
| ----------------------------- | ||
| The Linux kernel provides a sysfs interface to enumerate the current | ||
| vulnerability status of the system: whether the system is vulnerable, and | ||
| which mitigations are active. The relevant sysfs file is: | ||
|
|
||
| /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling | ||
|
|
||
| The possible values in this file are: | ||
|
|
||
| .. list-table:: | ||
|
|
||
| * - 'Not affected' | ||
| - The processor is not vulnerable | ||
| * - 'Vulnerable' | ||
| - The processor is vulnerable, but no mitigation enabled | ||
| * - 'Vulnerable: No microcode' | ||
| - The processor is vulnerable but microcode is not updated. | ||
| * - 'Mitigation: Clear Register File' | ||
| - The processor is vulnerable and the CPU buffer clearing mitigation is | ||
| enabled. | ||
|
|
||
| References | ||
| ---------- | ||
| .. [#f1] Affected Processors | ||
| https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html |