Received: by 2002:ab2:710b:0:b0:1ef:a325:1205 with SMTP id z11csp1873498lql; Wed, 13 Mar 2024 10:23:47 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW1BQvwTC3H3lE7wcSAMRzIME2YKBYbNqRwVILI3+dT5ZGbTe5uDc9+JG1Mi06QMM8aAwAReklzLBXGDnDohOdYMwIkxyqtPy5p3hBm8w== X-Google-Smtp-Source: AGHT+IG41jja/r1czHRq+paJ8j14JaFpX6UsoKP99AaZaAm8l/DMbhyUKXh4ECsRI0vpGOPh5GrW X-Received: by 2002:a17:902:6546:b0:1dd:d0d3:71a9 with SMTP id d6-20020a170902654600b001ddd0d371a9mr1861435pln.45.1710350626681; Wed, 13 Mar 2024 10:23:46 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1710350626; cv=pass; d=google.com; s=arc-20160816; b=RA7QZPK2dOHeHuJVNvNFjN+58QO+TU3ZM1FIYJziui3vE/Ukt/zR6nQPsjseiL8v/S XDUL0wks+Safn0QhILHFU7dRcAZyOfv1FdB5wLKPjyqNBD8yteOI60zWYonHS7k7Tkh3 iIzXjTKg0sNsixursAZ5zblSrB+hshYk4TBy0BoFpPrSl/SHYjXWzhv1MM/GLZ6eE4O2 I/WvYpIFMD4SI5r182YPDChcLtLEW/ABWZiJ8/9NcVVN9JlGHqv30431v3xLhgcueRN8 yeRMl9RHsHD/ghgJzZcbxp3WYW2YuwI4+2Qng6vrg9t4pCmQfjTVR7WTFbABQkbjnKxW NFCQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=9fL6sPzj4qoL4KorBfybcjc8TtNyNPu+31srrTCRSpE=; fh=yt9bdIl5jWBWQShzSObvYJRlp1hhkB1Bsv7jf7n/3yc=; b=RqQ9N3LkExEUtbkCdAurCNbiS3o1Q7/CghInG1VxJQLVrJjMDGo2VpR+77ZAWIqeO8 EZL4l53rSiTM60Bv/pHaiIo1UvOvFSq4kA4RhJq74iUQ2HkIkhVKeFn1QjjPjnZCKK3u AARWWXs7EQw/axqjSw01891mQkK6oFnYXjQko1lgezZT+GUtKReRuyWAlqrE0OWOV7iN wfABV4OisvpVvXnoLCFQ26P3xTJ6EA6MmZb3+RzeaJQC96ydPz0hjbuFBHyQWgaZZbYL glpAFgzbH9LVjfxPc1/SsNCQ4zgyBQ3gBTYRxVbh87VQ9KFFEiCx5OkZd0BQghm+V5M/ lOGw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pqVhOBjG; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-101912-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-101912-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id je1-20020a170903264100b001dcca361319si8944184plb.261.2024.03.13.10.23.46 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Mar 2024 10:23:46 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-101912-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=pqVhOBjG; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-101912-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-101912-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 5619628D73E for ; Wed, 13 Mar 2024 17:13:59 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id BD61584A5A; Wed, 13 Mar 2024 16:40:52 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="pqVhOBjG" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 91D3084A35; Wed, 13 Mar 2024 16:40:51 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710348051; cv=none; b=AopkEs3dym/LkN81CWxOueuSkWSmg7ONRDFQkENOSi9ZasjRpDRKE+jgrNB5PSmD4WlveS0mkNuxjFEeCg4uFLvcLWXG5Td97aazUF8aunvwjdZPOVZflrVKvR6Tr1xcRQi2Ud7IgJCIhSI+Nb0//uqcYo/CGtWz6W4KQQKaujA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1710348051; c=relaxed/simple; bh=YP45xDFSCLVjmsuY0riiG8ap/nJc9vbofQN4ED1OFDI=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=I6MeX0maQay2PjkaXEApkzme6mswswGNsjZDFXwiP3tyIQtv1FiUyTsIRbM+mJZpyJnXQCjf8KISKaQp3sNZopUdDajBN7fO577esPBCpJEqyU/RVXHNzMcJHFDYJu9evr8xH5RlRDLZFsm9yj4uW+sEwyL4zLVbBvXQkQmn35g= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=pqVhOBjG; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 876F2C433C7; Wed, 13 Mar 2024 16:40:50 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1710348051; bh=YP45xDFSCLVjmsuY0riiG8ap/nJc9vbofQN4ED1OFDI=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=pqVhOBjGc3Lo8HbMvUKPwBRuxvIG8XBojC8ykRLaNwo8X2D24v2faIHx4kEgvrw3L vBfqDiHyaaTL6qk74j1q8RzqKr4J9u56M7DkX6HqodFfz4Tjt7AP1t4WC68vZMNTOE I299+xVhiVWkXhY5UBTxxhf4b84Hs/d4CKCF1VxcidrbVOykmsulBlDufbj32vk/S5 Rvhv7lAI1xiCHFS9trLMf4LGK4peVPvzXiCubofiX1Xi/VzWXyFEoEMWBUij9xWdkm GM5UeChbOAjcZ+hlIYZqweYxcLp5RUfT0/7Z6fNit4F5bn/dqdRKHVkP0bHBLPNPkG ZbxTNue5jq8Dw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Pawan Gupta , Dave Hansen , Thomas Gleixner , Josh Poimboeuf , Greg Kroah-Hartman Subject: [PATCH 6.1 44/71] Documentation/hw-vuln: Add documentation for RFDS Date: Wed, 13 Mar 2024 12:39:30 -0400 Message-ID: <20240313163957.615276-45-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240313163957.615276-1-sashal@kernel.org> References: <20240313163957.615276-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-KernelTest-Patch: http://kernel.org/pub/linux/kernel/v6.x/stable-review/patch-6.1.82-rc1.gz X-KernelTest-Tree: git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git X-KernelTest-Branch: linux-6.1.y X-KernelTest-Patches: git://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git X-KernelTest-Version: 6.1.82-rc1 X-KernelTest-Deadline: 2024-03-15T16:39+00:00 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Pawan Gupta commit 4e42765d1be01111df0c0275bbaf1db1acef346e upstream. Add the documentation for transient execution vulnerability Register File Data Sampling (RFDS) that affects Intel Atom CPUs. Signed-off-by: Pawan Gupta Signed-off-by: Dave Hansen Reviewed-by: Thomas Gleixner Acked-by: Josh Poimboeuf Signed-off-by: Greg Kroah-Hartman --- Documentation/admin-guide/hw-vuln/index.rst | 1 + .../hw-vuln/reg-file-data-sampling.rst | 104 ++++++++++++++++++ 2 files changed, 105 insertions(+) create mode 100644 Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst diff --git a/Documentation/admin-guide/hw-vuln/index.rst b/Documentation/admin-guide/hw-vuln/index.rst index 6828102baaa7a..3e4a14e38b49e 100644 --- a/Documentation/admin-guide/hw-vuln/index.rst +++ b/Documentation/admin-guide/hw-vuln/index.rst @@ -21,3 +21,4 @@ are configurable at compile, boot or run time. cross-thread-rsb.rst gather_data_sampling.rst srso + reg-file-data-sampling diff --git a/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst b/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst new file mode 100644 index 0000000000000..0585d02b9a6cb --- /dev/null +++ b/Documentation/admin-guide/hw-vuln/reg-file-data-sampling.rst @@ -0,0 +1,104 @@ +================================== +Register File Data Sampling (RFDS) +================================== + +Register File Data Sampling (RFDS) is a microarchitectural vulnerability that +only affects Intel Atom parts(also branded as E-cores). RFDS may allow +a malicious actor to infer data values previously used in floating point +registers, vector registers, or integer registers. RFDS does not provide the +ability to choose which data is inferred. CVE-2023-28746 is assigned to RFDS. + +Affected Processors +=================== +Below is the list of affected Intel processors [#f1]_: + + =================== ============ + Common name Family_Model + =================== ============ + ATOM_GOLDMONT 06_5CH + ATOM_GOLDMONT_D 06_5FH + ATOM_GOLDMONT_PLUS 06_7AH + ATOM_TREMONT_D 06_86H + ATOM_TREMONT 06_96H + ALDERLAKE 06_97H + ALDERLAKE_L 06_9AH + ATOM_TREMONT_L 06_9CH + RAPTORLAKE 06_B7H + RAPTORLAKE_P 06_BAH + ATOM_GRACEMONT 06_BEH + RAPTORLAKE_S 06_BFH + =================== ============ + +As an exception to this table, Intel Xeon E family parts ALDERLAKE(06_97H) and +RAPTORLAKE(06_B7H) codenamed Catlow are not affected. They are reported as +vulnerable in Linux because they share the same family/model with an affected +part. Unlike their affected counterparts, they do not enumerate RFDS_CLEAR or +CPUID.HYBRID. This information could be used to distinguish between the +affected and unaffected parts, but it is deemed not worth adding complexity as +the reporting is fixed automatically when these parts enumerate RFDS_NO. + +Mitigation +========== +Intel released a microcode update that enables software to clear sensitive +information using the VERW instruction. Like MDS, RFDS deploys the same +mitigation strategy to force the CPU to clear the affected buffers before an +attacker can extract the secrets. This is achieved by using the otherwise +unused and obsolete VERW instruction in combination with a microcode update. +The microcode clears the affected CPU buffers when the VERW instruction is +executed. + +Mitigation points +----------------- +VERW is executed by the kernel before returning to user space, and by KVM +before VMentry. None of the affected cores support SMT, so VERW is not required +at C-state transitions. + +New bits in IA32_ARCH_CAPABILITIES +---------------------------------- +Newer processors and microcode update on existing affected processors added new +bits to IA32_ARCH_CAPABILITIES MSR. These bits can be used to enumerate +vulnerability and mitigation capability: + +- Bit 27 - RFDS_NO - When set, processor is not affected by RFDS. +- Bit 28 - RFDS_CLEAR - When set, processor is affected by RFDS, and has the + microcode that clears the affected buffers on VERW execution. + +Mitigation control on the kernel command line +--------------------------------------------- +The kernel command line allows to control RFDS mitigation at boot time with the +parameter "reg_file_data_sampling=". The valid arguments are: + + ========== ================================================================= + on If the CPU is vulnerable, enable mitigation; CPU buffer clearing + on exit to userspace and before entering a VM. + off Disables mitigation. + ========== ================================================================= + +Mitigation default is selected by CONFIG_MITIGATION_RFDS. + +Mitigation status information +----------------------------- +The Linux kernel provides a sysfs interface to enumerate the current +vulnerability status of the system: whether the system is vulnerable, and +which mitigations are active. The relevant sysfs file is: + + /sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling + +The possible values in this file are: + + .. list-table:: + + * - 'Not affected' + - The processor is not vulnerable + * - 'Vulnerable' + - The processor is vulnerable, but no mitigation enabled + * - 'Vulnerable: No microcode' + - The processor is vulnerable but microcode is not updated. + * - 'Mitigation: Clear Register File' + - The processor is vulnerable and the CPU buffer clearing mitigation is + enabled. + +References +---------- +.. [#f1] Affected Processors + https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html -- 2.43.0