1 ================================== 1 ================================== 2 Register File Data Sampling (RFDS) 2 Register File Data Sampling (RFDS) 3 ================================== 3 ================================== 4 4 5 Register File Data Sampling (RFDS) is a microa 5 Register File Data Sampling (RFDS) is a microarchitectural vulnerability that 6 only affects Intel Atom parts(also branded as 6 only affects Intel Atom parts(also branded as E-cores). RFDS may allow 7 a malicious actor to infer data values previou 7 a malicious actor to infer data values previously used in floating point 8 registers, vector registers, or integer regist 8 registers, vector registers, or integer registers. RFDS does not provide the 9 ability to choose which data is inferred. CVE- 9 ability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS. 10 10 11 Affected Processors 11 Affected Processors 12 =================== 12 =================== 13 Below is the list of affected Intel processors 13 Below is the list of affected Intel processors [#f1]_: 14 14 15 =================== ============ 15 =================== ============ 16 Common name Family_Model 16 Common name Family_Model 17 =================== ============ 17 =================== ============ 18 ATOM_GOLDMONT 06_5CH 18 ATOM_GOLDMONT 06_5CH 19 ATOM_GOLDMONT_D 06_5FH 19 ATOM_GOLDMONT_D 06_5FH 20 ATOM_GOLDMONT_PLUS 06_7AH 20 ATOM_GOLDMONT_PLUS 06_7AH 21 ATOM_TREMONT_D 06_86H 21 ATOM_TREMONT_D 06_86H 22 ATOM_TREMONT 06_96H 22 ATOM_TREMONT 06_96H 23 ALDERLAKE 06_97H 23 ALDERLAKE 06_97H 24 ALDERLAKE_L 06_9AH 24 ALDERLAKE_L 06_9AH 25 ATOM_TREMONT_L 06_9CH 25 ATOM_TREMONT_L 06_9CH 26 RAPTORLAKE 06_B7H 26 RAPTORLAKE 06_B7H 27 RAPTORLAKE_P 06_BAH 27 RAPTORLAKE_P 06_BAH 28 ATOM_GRACEMONT 06_BEH 28 ATOM_GRACEMONT 06_BEH 29 RAPTORLAKE_S 06_BFH 29 RAPTORLAKE_S 06_BFH 30 =================== ============ 30 =================== ============ 31 31 32 As an exception to this table, Intel Xeon E fa 32 As an exception to this table, Intel Xeon E family parts ALDERLAKE(06_97H) and 33 RAPTORLAKE(06_B7H) codenamed Catlow are not af 33 RAPTORLAKE(06_B7H) codenamed Catlow are not affected. They are reported as 34 vulnerable in Linux because they share the sam 34 vulnerable in Linux because they share the same family/model with an affected 35 part. Unlike their affected counterparts, they 35 part. Unlike their affected counterparts, they do not enumerate RFDS_CLEAR or 36 CPUID.HYBRID. This information could be used t 36 CPUID.HYBRID. This information could be used to distinguish between the 37 affected and unaffected parts, but it is deeme 37 affected and unaffected parts, but it is deemed not worth adding complexity as 38 the reporting is fixed automatically when thes 38 the reporting is fixed automatically when these parts enumerate RFDS_NO. 39 39 40 Mitigation 40 Mitigation 41 ========== 41 ========== 42 Intel released a microcode update that enables 42 Intel released a microcode update that enables software to clear sensitive 43 information using the VERW instruction. Like M 43 information using the VERW instruction. Like MDS, RFDS deploys the same 44 mitigation strategy to force the CPU to clear 44 mitigation strategy to force the CPU to clear the affected buffers before an 45 attacker can extract the secrets. This is achi 45 attacker can extract the secrets. This is achieved by using the otherwise 46 unused and obsolete VERW instruction in combin 46 unused and obsolete VERW instruction in combination with a microcode update. 47 The microcode clears the affected CPU buffers 47 The microcode clears the affected CPU buffers when the VERW instruction is 48 executed. 48 executed. 49 49 50 Mitigation points 50 Mitigation points 51 ----------------- 51 ----------------- 52 VERW is executed by the kernel before returnin 52 VERW is executed by the kernel before returning to user space, and by KVM 53 before VMentry. None of the affected cores sup 53 before VMentry. None of the affected cores support SMT, so VERW is not required 54 at C-state transitions. 54 at C-state transitions. 55 55 56 New bits in IA32_ARCH_CAPABILITIES 56 New bits in IA32_ARCH_CAPABILITIES 57 ---------------------------------- 57 ---------------------------------- 58 Newer processors and microcode update on exist 58 Newer processors and microcode update on existing affected processors added new 59 bits to IA32_ARCH_CAPABILITIES MSR. These bits 59 bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate 60 vulnerability and mitigation capability: 60 vulnerability and mitigation capability: 61 61 62 - Bit 27 - RFDS_NO - When set, processor is no 62 - Bit 27 - RFDS_NO - When set, processor is not affected by RFDS. 63 - Bit 28 - RFDS_CLEAR - When set, processor is 63 - Bit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the 64 microcode that clears the affected buffers o 64 microcode that clears the affected buffers on VERW execution. 65 65 66 Mitigation control on the kernel command line 66 Mitigation control on the kernel command line 67 --------------------------------------------- 67 --------------------------------------------- 68 The kernel command line allows to control RFDS 68 The kernel command line allows to control RFDS mitigation at boot time with the 69 parameter "reg_file_data_sampling=". The valid 69 parameter "reg_file_data_sampling=". The valid arguments are: 70 70 71 ========== ================================ 71 ========== ================================================================= 72 on If the CPU is vulnerable, enable 72 on If the CPU is vulnerable, enable mitigation; CPU buffer clearing 73 on exit to userspace and before 73 on exit to userspace and before entering a VM. 74 off Disables mitigation. 74 off Disables mitigation. 75 ========== ================================ 75 ========== ================================================================= 76 76 77 Mitigation default is selected by CONFIG_MITIG 77 Mitigation default is selected by CONFIG_MITIGATION_RFDS. 78 78 79 Mitigation status information 79 Mitigation status information 80 ----------------------------- 80 ----------------------------- 81 The Linux kernel provides a sysfs interface to 81 The Linux kernel provides a sysfs interface to enumerate the current 82 vulnerability status of the system: whether th 82 vulnerability status of the system: whether the system is vulnerable, and 83 which mitigations are active. The relevant sys 83 which mitigations are active. The relevant sysfs file is: 84 84 85 /sys/devices/system/cpu/vulnerabilitie 85 /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling 86 86 87 The possible values in this file are: 87 The possible values in this file are: 88 88 89 .. list-table:: 89 .. list-table:: 90 90 91 * - 'Not affected' 91 * - 'Not affected' 92 - The processor is not vulnerable 92 - The processor is not vulnerable 93 * - 'Vulnerable' 93 * - 'Vulnerable' 94 - The processor is vulnerable, but no m 94 - The processor is vulnerable, but no mitigation enabled 95 * - 'Vulnerable: No microcode' 95 * - 'Vulnerable: No microcode' 96 - The processor is vulnerable but micro 96 - The processor is vulnerable but microcode is not updated. 97 * - 'Mitigation: Clear Register File' 97 * - 'Mitigation: Clear Register File' 98 - The processor is vulnerable and the C 98 - The processor is vulnerable and the CPU buffer clearing mitigation is 99 enabled. 99 enabled. 100 100 101 References 101 References 102 ---------- 102 ---------- 103 .. [#f1] Affected Processors 103 .. [#f1] Affected Processors 104 https://www.intel.com/content/www/us/en/dev 104 https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.