18c2ecf20Sopenharmony_ci==================================
28c2ecf20Sopenharmony_ciRegister File Data Sampling (RFDS)
38c2ecf20Sopenharmony_ci==================================
48c2ecf20Sopenharmony_ci
58c2ecf20Sopenharmony_ciRegister File Data Sampling (RFDS) is a microarchitectural vulnerability that
68c2ecf20Sopenharmony_cionly affects Intel Atom parts(also branded as E-cores). RFDS may allow
78c2ecf20Sopenharmony_cia malicious actor to infer data values previously used in floating point
88c2ecf20Sopenharmony_ciregisters, vector registers, or integer registers. RFDS does not provide the
98c2ecf20Sopenharmony_ciability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS.
108c2ecf20Sopenharmony_ci
118c2ecf20Sopenharmony_ciAffected Processors
128c2ecf20Sopenharmony_ci===================
138c2ecf20Sopenharmony_ciBelow is the list of affected Intel processors [#f1]_:
148c2ecf20Sopenharmony_ci
158c2ecf20Sopenharmony_ci   ===================  ============
168c2ecf20Sopenharmony_ci   Common name          Family_Model
178c2ecf20Sopenharmony_ci   ===================  ============
188c2ecf20Sopenharmony_ci   ATOM_GOLDMONT           06_5CH
198c2ecf20Sopenharmony_ci   ATOM_GOLDMONT_D         06_5FH
208c2ecf20Sopenharmony_ci   ATOM_GOLDMONT_PLUS      06_7AH
218c2ecf20Sopenharmony_ci   ATOM_TREMONT_D          06_86H
228c2ecf20Sopenharmony_ci   ATOM_TREMONT            06_96H
238c2ecf20Sopenharmony_ci   ALDERLAKE               06_97H
248c2ecf20Sopenharmony_ci   ALDERLAKE_L             06_9AH
258c2ecf20Sopenharmony_ci   ATOM_TREMONT_L          06_9CH
268c2ecf20Sopenharmony_ci   RAPTORLAKE              06_B7H
278c2ecf20Sopenharmony_ci   RAPTORLAKE_P            06_BAH
288c2ecf20Sopenharmony_ci   ALDERLAKE_N             06_BEH
298c2ecf20Sopenharmony_ci   RAPTORLAKE_S            06_BFH
308c2ecf20Sopenharmony_ci   ===================  ============
318c2ecf20Sopenharmony_ci
328c2ecf20Sopenharmony_ciAs an exception to this table, Intel Xeon E family parts ALDERLAKE(06_97H) and
338c2ecf20Sopenharmony_ciRAPTORLAKE(06_B7H) codenamed Catlow are not affected. They are reported as
348c2ecf20Sopenharmony_civulnerable in Linux because they share the same family/model with an affected
358c2ecf20Sopenharmony_cipart. Unlike their affected counterparts, they do not enumerate RFDS_CLEAR or
368c2ecf20Sopenharmony_ciCPUID.HYBRID. This information could be used to distinguish between the
378c2ecf20Sopenharmony_ciaffected and unaffected parts, but it is deemed not worth adding complexity as
388c2ecf20Sopenharmony_cithe reporting is fixed automatically when these parts enumerate RFDS_NO.
398c2ecf20Sopenharmony_ci
408c2ecf20Sopenharmony_ciMitigation
418c2ecf20Sopenharmony_ci==========
428c2ecf20Sopenharmony_ciIntel released a microcode update that enables software to clear sensitive
438c2ecf20Sopenharmony_ciinformation using the VERW instruction. Like MDS, RFDS deploys the same
448c2ecf20Sopenharmony_cimitigation strategy to force the CPU to clear the affected buffers before an
458c2ecf20Sopenharmony_ciattacker can extract the secrets. This is achieved by using the otherwise
468c2ecf20Sopenharmony_ciunused and obsolete VERW instruction in combination with a microcode update.
478c2ecf20Sopenharmony_ciThe microcode clears the affected CPU buffers when the VERW instruction is
488c2ecf20Sopenharmony_ciexecuted.
498c2ecf20Sopenharmony_ci
508c2ecf20Sopenharmony_ciMitigation points
518c2ecf20Sopenharmony_ci-----------------
528c2ecf20Sopenharmony_ciVERW is executed by the kernel before returning to user space, and by KVM
538c2ecf20Sopenharmony_cibefore VMentry. None of the affected cores support SMT, so VERW is not required
548c2ecf20Sopenharmony_ciat C-state transitions.
558c2ecf20Sopenharmony_ci
568c2ecf20Sopenharmony_ciNew bits in IA32_ARCH_CAPABILITIES
578c2ecf20Sopenharmony_ci----------------------------------
588c2ecf20Sopenharmony_ciNewer processors and microcode update on existing affected processors added new
598c2ecf20Sopenharmony_cibits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate
608c2ecf20Sopenharmony_civulnerability and mitigation capability:
618c2ecf20Sopenharmony_ci
628c2ecf20Sopenharmony_ci- Bit 27 - RFDS_NO - When set, processor is not affected by RFDS.
638c2ecf20Sopenharmony_ci- Bit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the
648c2ecf20Sopenharmony_ci  microcode that clears the affected buffers on VERW execution.
658c2ecf20Sopenharmony_ci
668c2ecf20Sopenharmony_ciMitigation control on the kernel command line
678c2ecf20Sopenharmony_ci---------------------------------------------
688c2ecf20Sopenharmony_ciThe kernel command line allows to control RFDS mitigation at boot time with the
698c2ecf20Sopenharmony_ciparameter "reg_file_data_sampling=". The valid arguments are:
708c2ecf20Sopenharmony_ci
718c2ecf20Sopenharmony_ci  ==========  =================================================================
728c2ecf20Sopenharmony_ci  on          If the CPU is vulnerable, enable mitigation; CPU buffer clearing
738c2ecf20Sopenharmony_ci              on exit to userspace and before entering a VM.
748c2ecf20Sopenharmony_ci  off         Disables mitigation.
758c2ecf20Sopenharmony_ci  ==========  =================================================================
768c2ecf20Sopenharmony_ci
778c2ecf20Sopenharmony_ciMitigation default is selected by CONFIG_MITIGATION_RFDS.
788c2ecf20Sopenharmony_ci
798c2ecf20Sopenharmony_ciMitigation status information
808c2ecf20Sopenharmony_ci-----------------------------
818c2ecf20Sopenharmony_ciThe Linux kernel provides a sysfs interface to enumerate the current
828c2ecf20Sopenharmony_civulnerability status of the system: whether the system is vulnerable, and
838c2ecf20Sopenharmony_ciwhich mitigations are active. The relevant sysfs file is:
848c2ecf20Sopenharmony_ci
858c2ecf20Sopenharmony_ci	/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling
868c2ecf20Sopenharmony_ci
878c2ecf20Sopenharmony_ciThe possible values in this file are:
888c2ecf20Sopenharmony_ci
898c2ecf20Sopenharmony_ci  .. list-table::
908c2ecf20Sopenharmony_ci
918c2ecf20Sopenharmony_ci     * - 'Not affected'
928c2ecf20Sopenharmony_ci       - The processor is not vulnerable
938c2ecf20Sopenharmony_ci     * - 'Vulnerable'
948c2ecf20Sopenharmony_ci       - The processor is vulnerable, but no mitigation enabled
958c2ecf20Sopenharmony_ci     * - 'Vulnerable: No microcode'
968c2ecf20Sopenharmony_ci       - The processor is vulnerable but microcode is not updated.
978c2ecf20Sopenharmony_ci     * - 'Mitigation: Clear Register File'
988c2ecf20Sopenharmony_ci       - The processor is vulnerable and the CPU buffer clearing mitigation is
998c2ecf20Sopenharmony_ci	 enabled.
1008c2ecf20Sopenharmony_ci
1018c2ecf20Sopenharmony_ciReferences
1028c2ecf20Sopenharmony_ci----------
1038c2ecf20Sopenharmony_ci.. [#f1] Affected Processors
1048c2ecf20Sopenharmony_ci   https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html
105