x86/rfds: Mitigate Register File Data Sampling (RFDS) (!3961) · Merge requests · Red Hat / centos-stream / src / kernel / centos-stream-9

Waiman Long requested to merge llong1/centos-stream-9:rhel-31226_rfds into main Apr 02, 2024

JIRA: https://issues.redhat.com/browse/RHEL-31226
MR: !3961 (merged)

RFDS (Register File Data Sampling - CVE-2023-28746) is a CPU vulnerability that may allow userspace to infer kernel stale data previously used in floating point registers, vector registers and integer registers. RFDS only affects certain Intel Atom processors.

Intel released a microcode update that uses VERW instruction to clear the affected CPU buffers. Unlike MDS, none of the affected cores support SMT.

This MR backports the upstream kernel mitigation to RHEL. New microcode is also needed to complete the mitigation.

Signed-off-by: Waiman Long longman@redhat.com

Edited Apr 02, 2024 by Waiman Long

x86/rfds: Mitigate Register File Data Sampling (RFDS)

Merge request reports