1 From stable+bounces-27550-greg=kroah.com@vger.kernel.org Tue Mar 12 23:41:21 2024
2 From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
3 Date: Tue, 12 Mar 2024 15:41:13 -0700
4 Subject: Documentation/hw-vuln: Add documentation for RFDS
5 To: stable@vger.kernel.org
6 Cc: Dave Hansen <dave.hansen@linux.intel.com>, Thomas Gleixner <tglx@linutronix.de>, Josh Poimboeuf <jpoimboe@kernel.org>
7 Message-ID: <20240312-delay-verw-backport-5-10-y-v2-9-ad081ccd89ca@linux.intel.com>
8 Content-Disposition: inline
10 From: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
12 commit 4e42765d1be01111df0c0275bbaf1db1acef346e upstream.
14 Add the documentation for transient execution vulnerability Register
15 File Data Sampling (RFDS) that affects Intel Atom CPUs.
17 [ pawan: s/ATOM_GRACEMONT/ALDERLAKE_N/ ]
19 Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
20 Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
21 Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
22 Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
23 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
25 Documentation/admin-guide/hw-vuln/index.rst | 1
26 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst | 104 +++++++++++
27 2 files changed, 105 insertions(+)
29 --- a/Documentation/admin-guide/hw-vuln/index.rst
30 +++ b/Documentation/admin-guide/hw-vuln/index.rst
31 @@ -18,3 +18,4 @@ are configurable at compile, boot or run
32 processor_mmio_stale_data.rst
33 gather_data_sampling.rst
35 + reg-file-data-sampling
37 +++ b/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst
39 +==================================
40 +Register File Data Sampling (RFDS)
41 +==================================
43 +Register File Data Sampling (RFDS) is a microarchitectural vulnerability that
44 +only affects Intel Atom parts(also branded as E-cores). RFDS may allow
45 +a malicious actor to infer data values previously used in floating point
46 +registers, vector registers, or integer registers. RFDS does not provide the
47 +ability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS.
51 +Below is the list of affected Intel processors [#f1]_:
53 + =================== ============
54 + Common name Family_Model
55 + =================== ============
56 + ATOM_GOLDMONT 06_5CH
57 + ATOM_GOLDMONT_D 06_5FH
58 + ATOM_GOLDMONT_PLUS 06_7AH
59 + ATOM_TREMONT_D 06_86H
63 + ATOM_TREMONT_L 06_9CH
68 + =================== ============
70 +As an exception to this table, Intel Xeon E family parts ALDERLAKE(06_97H) and
71 +RAPTORLAKE(06_B7H) codenamed Catlow are not affected. They are reported as
72 +vulnerable in Linux because they share the same family/model with an affected
73 +part. Unlike their affected counterparts, they do not enumerate RFDS_CLEAR or
74 +CPUID.HYBRID. This information could be used to distinguish between the
75 +affected and unaffected parts, but it is deemed not worth adding complexity as
76 +the reporting is fixed automatically when these parts enumerate RFDS_NO.
80 +Intel released a microcode update that enables software to clear sensitive
81 +information using the VERW instruction. Like MDS, RFDS deploys the same
82 +mitigation strategy to force the CPU to clear the affected buffers before an
83 +attacker can extract the secrets. This is achieved by using the otherwise
84 +unused and obsolete VERW instruction in combination with a microcode update.
85 +The microcode clears the affected CPU buffers when the VERW instruction is
90 +VERW is executed by the kernel before returning to user space, and by KVM
91 +before VMentry. None of the affected cores support SMT, so VERW is not required
92 +at C-state transitions.
94 +New bits in IA32_ARCH_CAPABILITIES
95 +----------------------------------
96 +Newer processors and microcode update on existing affected processors added new
97 +bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate
98 +vulnerability and mitigation capability:
100 +- Bit 27 - RFDS_NO - When set, processor is not affected by RFDS.
101 +- Bit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the
102 + microcode that clears the affected buffers on VERW execution.
104 +Mitigation control on the kernel command line
105 +---------------------------------------------
106 +The kernel command line allows to control RFDS mitigation at boot time with the
107 +parameter "reg_file_data_sampling=". The valid arguments are:
109 + ========== =================================================================
110 + on If the CPU is vulnerable, enable mitigation; CPU buffer clearing
111 + on exit to userspace and before entering a VM.
112 + off Disables mitigation.
113 + ========== =================================================================
115 +Mitigation default is selected by CONFIG_MITIGATION_RFDS.
117 +Mitigation status information
118 +-----------------------------
119 +The Linux kernel provides a sysfs interface to enumerate the current
120 +vulnerability status of the system: whether the system is vulnerable, and
121 +which mitigations are active. The relevant sysfs file is:
123 + /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling
125 +The possible values in this file are:
130 + - The processor is not vulnerable
132 + - The processor is vulnerable, but no mitigation enabled
133 + * - 'Vulnerable: No microcode'
134 + - The processor is vulnerable but microcode is not updated.
135 + * - 'Mitigation: Clear Register File'
136 + - The processor is vulnerable and the CPU buffer clearing mitigation is
141 +.. [#f1] Affected Processors
142 + https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
projects / thirdparty / kernel / stable-queue.git / blob