1 ==================================
2 Register File Data Sampling (RFDS)
3 ==================================
5 Register File Data Sampling (RFDS) is a microarchitectural vulnerability that
6 only affects Intel Atom parts(also branded as E-cores). RFDS may allow
7 a malicious actor to infer data values previously used in floating point
8 registers, vector registers, or integer registers. RFDS does not provide the
9 ability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS.
13 Below is the list of affected Intel processors [#f1]_:
15 =================== ============
16 Common name Family_Model
17 =================== ============
19 ATOM_GOLDMONT_D 06_5FH
20 ATOM_GOLDMONT_PLUS 06_7AH
30 =================== ============
32 As an exception to this table, Intel Xeon E family parts ALDERLAKE(06_97H) and
33 RAPTORLAKE(06_B7H) codenamed Catlow are not affected. They are reported as
34 vulnerable in Linux because they share the same family/model with an affected
35 part. Unlike their affected counterparts, they do not enumerate RFDS_CLEAR or
36 CPUID.HYBRID. This information could be used to distinguish between the
37 affected and unaffected parts, but it is deemed not worth adding complexity as
38 the reporting is fixed automatically when these parts enumerate RFDS_NO.
42 Intel released a microcode update that enables software to clear sensitive
43 information using the VERW instruction. Like MDS, RFDS deploys the same
44 mitigation strategy to force the CPU to clear the affected buffers before an
45 attacker can extract the secrets. This is achieved by using the otherwise
46 unused and obsolete VERW instruction in combination with a microcode update.
47 The microcode clears the affected CPU buffers when the VERW instruction is
52 VERW is executed by the kernel before returning to user space, and by KVM
53 before VMentry. None of the affected cores support SMT, so VERW is not required
54 at C-state transitions.
56 New bits in IA32_ARCH_CAPABILITIES
57 ----------------------------------
58 Newer processors and microcode update on existing affected processors added new
59 bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate
60 vulnerability and mitigation capability:
62 - Bit 27 - RFDS_NO - When set, processor is not affected by RFDS.
63 - Bit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the
64 microcode that clears the affected buffers on VERW execution.
66 Mitigation control on the kernel command line
67 ---------------------------------------------
68 The kernel command line allows to control RFDS mitigation at boot time with the
69 parameter "reg_file_data_sampling=". The valid arguments are:
71 ========== =================================================================
72 on If the CPU is vulnerable, enable mitigation; CPU buffer clearing
73 on exit to userspace and before entering a VM.
74 off Disables mitigation.
75 ========== =================================================================
77 Mitigation default is selected by CONFIG_MITIGATION_RFDS.
79 Mitigation status information
80 -----------------------------
81 The Linux kernel provides a sysfs interface to enumerate the current
82 vulnerability status of the system: whether the system is vulnerable, and
83 which mitigations are active. The relevant sysfs file is:
85 /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling
87 The possible values in this file are:
92 - The processor is not vulnerable
94 - The processor is vulnerable, but no mitigation enabled
95 * - 'Vulnerable: No microcode'
96 - The processor is vulnerable but microcode is not updated.
97 * - 'Mitigation: Clear Register File'
98 - The processor is vulnerable and the CPU buffer clearing mitigation is
103 .. [#f1] Affected Processors
104 https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
projects / releases.git / blob