~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst

Version: ~ [ linux-6.12-rc7 ] ~ [ linux-6.11.7 ] ~ [ linux-6.10.14 ] ~ [ linux-6.9.12 ] ~ [ linux-6.8.12 ] ~ [ linux-6.7.12 ] ~ [ linux-6.6.60 ] ~ [ linux-6.5.13 ] ~ [ linux-6.4.16 ] ~ [ linux-6.3.13 ] ~ [ linux-6.2.16 ] ~ [ linux-6.1.116 ] ~ [ linux-6.0.19 ] ~ [ linux-5.19.17 ] ~ [ linux-5.18.19 ] ~ [ linux-5.17.15 ] ~ [ linux-5.16.20 ] ~ [ linux-5.15.171 ] ~ [ linux-5.14.21 ] ~ [ linux-5.13.19 ] ~ [ linux-5.12.19 ] ~ [ linux-5.11.22 ] ~ [ linux-5.10.229 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.285 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.323 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.336 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.337 ] ~ [ linux-4.4.302 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.12 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

Diff markup

Differences between /Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst (Version linux-6.12-rc7) and /Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst (Version linux-6.5.13)


  1 ==================================                
  2 Register File Data Sampling (RFDS)                
  3 ==================================                
  4                                                   
  5 Register File Data Sampling (RFDS) is a microa    
  6 only affects Intel Atom parts(also branded as     
  7 a malicious actor to infer data values previou    
  8 registers, vector registers, or integer regist    
  9 ability to choose which data is inferred. CVE-    
 10                                                   
 11 Affected Processors                               
 12 ===================                               
 13 Below is the list of affected Intel processors    
 14                                                   
 15    ===================  ============              
 16    Common name          Family_Model              
 17    ===================  ============              
 18    ATOM_GOLDMONT           06_5CH                 
 19    ATOM_GOLDMONT_D         06_5FH                 
 20    ATOM_GOLDMONT_PLUS      06_7AH                 
 21    ATOM_TREMONT_D          06_86H                 
 22    ATOM_TREMONT            06_96H                 
 23    ALDERLAKE               06_97H                 
 24    ALDERLAKE_L             06_9AH                 
 25    ATOM_TREMONT_L          06_9CH                 
 26    RAPTORLAKE              06_B7H                 
 27    RAPTORLAKE_P            06_BAH                 
 28    ATOM_GRACEMONT          06_BEH                 
 29    RAPTORLAKE_S            06_BFH                 
 30    ===================  ============              
 31                                                   
 32 As an exception to this table, Intel Xeon E fa    
 33 RAPTORLAKE(06_B7H) codenamed Catlow are not af    
 34 vulnerable in Linux because they share the sam    
 35 part. Unlike their affected counterparts, they    
 36 CPUID.HYBRID. This information could be used t    
 37 affected and unaffected parts, but it is deeme    
 38 the reporting is fixed automatically when thes    
 39                                                   
 40 Mitigation                                        
 41 ==========                                        
 42 Intel released a microcode update that enables    
 43 information using the VERW instruction. Like M    
 44 mitigation strategy to force the CPU to clear     
 45 attacker can extract the secrets. This is achi    
 46 unused and obsolete VERW instruction in combin    
 47 The microcode clears the affected CPU buffers     
 48 executed.                                         
 49                                                   
 50 Mitigation points                                 
 51 -----------------                                 
 52 VERW is executed by the kernel before returnin    
 53 before VMentry. None of the affected cores sup    
 54 at C-state transitions.                           
 55                                                   
 56 New bits in IA32_ARCH_CAPABILITIES                
 57 ----------------------------------                
 58 Newer processors and microcode update on exist    
 59 bits to IA32_ARCH_CAPABILITIES MSR. These bits    
 60 vulnerability and mitigation capability:          
 61                                                   
 62 - Bit 27 - RFDS_NO - When set, processor is no    
 63 - Bit 28 - RFDS_CLEAR - When set, processor is    
 64   microcode that clears the affected buffers o    
 65                                                   
 66 Mitigation control on the kernel command line     
 67 ---------------------------------------------     
 68 The kernel command line allows to control RFDS    
 69 parameter "reg_file_data_sampling=". The valid    
 70                                                   
 71   ==========  ================================    
 72   on          If the CPU is vulnerable, enable    
 73               on exit to userspace and before     
 74   off         Disables mitigation.                
 75   ==========  ================================    
 76                                                   
 77 Mitigation default is selected by CONFIG_MITIG    
 78                                                   
 79 Mitigation status information                     
 80 -----------------------------                     
 81 The Linux kernel provides a sysfs interface to    
 82 vulnerability status of the system: whether th    
 83 which mitigations are active. The relevant sys    
 84                                                   
 85         /sys/devices/system/cpu/vulnerabilitie    
 86                                                   
 87 The possible values in this file are:             
 88                                                   
 89   .. list-table::                                 
 90                                                   
 91      * - 'Not affected'                           
 92        - The processor is not vulnerable          
 93      * - 'Vulnerable'                             
 94        - The processor is vulnerable, but no m    
 95      * - 'Vulnerable: No microcode'               
 96        - The processor is vulnerable but micro    
 97      * - 'Mitigation: Clear Register File'        
 98        - The processor is vulnerable and the C    
 99          enabled.                                 
100                                                   
101 References                                        
102 ----------                                        
103 .. [#f1] Affected Processors                      
104    https://www.intel.com/content/www/us/en/dev    
                                                      

~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

kernel.org | git.kernel.org | LWN.net | Project Home | SVN repository | Mail admin

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

sflogo.php