1================================== 2Register File Data Sampling (RFDS) 3================================== 4 5Register File Data Sampling (RFDS) is a microarchitectural vulnerability that 6only affects Intel Atom parts(also branded as E-cores). RFDS may allow 7a malicious actor to infer data values previously used in floating point 8registers, vector registers, or integer registers. RFDS does not provide the 9ability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS. 10 11Affected Processors 12=================== 13Below is the list of affected Intel processors [#f1]_: 14 15 =================== ============ 16 Common name Family_Model 17 =================== ============ 18 ATOM_GOLDMONT 06_5CH 19 ATOM_GOLDMONT_D 06_5FH 20 ATOM_GOLDMONT_PLUS 06_7AH 21 ATOM_TREMONT_D 06_86H 22 ATOM_TREMONT 06_96H 23 ALDERLAKE 06_97H 24 ALDERLAKE_L 06_9AH 25 ATOM_TREMONT_L 06_9CH 26 RAPTORLAKE 06_B7H 27 RAPTORLAKE_P 06_BAH 28 ATOM_GRACEMONT 06_BEH 29 RAPTORLAKE_S 06_BFH 30 =================== ============ 31 32Mitigation 33========== 34Intel released a microcode update that enables software to clear sensitive 35information using the VERW instruction. Like MDS, RFDS deploys the same 36mitigation strategy to force the CPU to clear the affected buffers before an 37attacker can extract the secrets. This is achieved by using the otherwise 38unused and obsolete VERW instruction in combination with a microcode update. 39The microcode clears the affected CPU buffers when the VERW instruction is 40executed. 41 42Mitigation points 43----------------- 44VERW is executed by the kernel before returning to user space, and by KVM 45before VMentry. None of the affected cores support SMT, so VERW is not required 46at C-state transitions. 47 48New bits in IA32_ARCH_CAPABILITIES 49---------------------------------- 50Newer processors and microcode update on existing affected processors added new 51bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate 52vulnerability and mitigation capability: 53 54- Bit 27 - RFDS_NO - When set, processor is not affected by RFDS. 55- Bit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the 56 microcode that clears the affected buffers on VERW execution. 57 58Mitigation control on the kernel command line 59--------------------------------------------- 60The kernel command line allows to control RFDS mitigation at boot time with the 61parameter "reg_file_data_sampling=". The valid arguments are: 62 63 ========== ================================================================= 64 on If the CPU is vulnerable, enable mitigation; CPU buffer clearing 65 on exit to userspace and before entering a VM. 66 off Disables mitigation. 67 ========== ================================================================= 68 69Mitigation default is selected by CONFIG_MITIGATION_RFDS. 70 71Mitigation status information 72----------------------------- 73The Linux kernel provides a sysfs interface to enumerate the current 74vulnerability status of the system: whether the system is vulnerable, and 75which mitigations are active. The relevant sysfs file is: 76 77 /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling 78 79The possible values in this file are: 80 81 .. list-table:: 82 83 * - 'Not affected' 84 - The processor is not vulnerable 85 * - 'Vulnerable' 86 - The processor is vulnerable, but no mitigation enabled 87 * - 'Vulnerable: No microcode' 88 - The processor is vulnerable but microcode is not updated. 89 * - 'Mitigation: Clear Register File' 90 - The processor is vulnerable and the CPU buffer clearing mitigation is 91 enabled. 92 93References 94---------- 95.. [#f1] Affected Processors 96 https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html 97