lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20260129154342.3867-1-moontorise@cfg.kr>
Date: Fri, 30 Jan 2026 00:43:42 +0900
From: moontorise@....kr
To: x86@...nel.org,
	Thomas Gleixner <tglx@...nel.org>,
	Ingo Molnar <mingo@...hat.com>,
	Borislav Petkov <bp@...en8.de>,
	Dave Hansen <dave.hansen@...ux.intel.com>
Cc: "H . Peter Anvin" <hpa@...or.com>,
	Peter Zijlstra <peterz@...radead.org>,
	Pawan Gupta <pawan.kumar.gupta@...ux.intel.com>,
	Josh Poimboeuf <jpoimboe@...nel.org>,
	linux-kernel@...r.kernel.org,
	Joongsun Moon-Lee <moontorise@....kr>
Subject: [PATCH] x86/cpu/intel: Add RFDS mitigation quirk for Goldmont and Tremont-D

Intel's "Guidance for Security Issues on Intel Processors" [1] lists
Goldmont (06_5CH) and Tremont-D (06_86H) as capable of mitigating
Register File Data Sampling (RFDS) [2] starting from specific microcode
revisions as defined in the consolidated product CPU model table.

However, unlike newer models, these processors do not enumerate the
RFDS_CLEAR bit (Bit 28) in the IA32_ARCH_CAPABILITIES MSR even with the
required microcode. This suggests that while the implementation for
clearing the register file via VERW is present, the architectural
reporting bit is missing. Consequently, these systems remain identified
as "Vulnerable: No microcode" because the kernel strictly relies on the
MSR bit.

Introduce a quirk to explicitly set the X86_FEATURE_RFDS_CLEAR feature
flag based on the microcode revisions defined in Intel's guidance [1]:

- Goldmont (06_5CH): 0x28 or later
- Tremont-D (06_86H) Stepping 7: 0x4c000026 or later

Also, update verw_clears_cpu_reg_file() to check for this feature flag
in addition to the MSR bit.

Verification was performed on an Intel NUC8CCHKR (Celeron N3350 / Goldmont)
with microcode 0x48, confirming the status change from
"Vulnerable: No microcode" to "Mitigation: Clear Register File".

[1] https://www.intel.com/content/www/us/en/developer/topic-technology/software-security-guidance/processors-affected-consolidated-product-cpu-model.html#tab-blade-1-1
[2] https://www.intel.com/content/www/us/en/developer/articles/technical/software-security-guidance/advisory-guidance/register-file-data-sampling.html

Signed-off-by: Joongsun Moon-Lee <moontorise@....kr>
---
 arch/x86/include/asm/cpufeatures.h |  1 +
 arch/x86/kernel/cpu/bugs.c         |  3 ++-
 arch/x86/kernel/cpu/intel.c        | 16 ++++++++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h
index 63b0f9aa9b3e..3480d9ddc046 100644
--- a/arch/x86/include/asm/cpufeatures.h
+++ b/arch/x86/include/asm/cpufeatures.h
@@ -513,6 +513,7 @@
 						      * and purposes if CLEAR_CPU_BUF_VM is set).
 						      */
 #define X86_FEATURE_X2AVIC_EXT		(21*32+20) /* AMD SVM x2AVIC support for 4k vCPUs */
+#define X86_FEATURE_RFDS_CLEAR		(21*32+21) /* Clear register file via VERW */
 
 /*
  * BUG word(s)
diff --git a/arch/x86/kernel/cpu/bugs.c b/arch/x86/kernel/cpu/bugs.c
index 83f51cab0b1e..20c1fa47f04b 100644
--- a/arch/x86/kernel/cpu/bugs.c
+++ b/arch/x86/kernel/cpu/bugs.c
@@ -650,7 +650,8 @@ static const char * const rfds_strings[] = {
 
 static inline bool __init verw_clears_cpu_reg_file(void)
 {
-	return (x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR);
+	/* Check the synthetic flag for CPUs not reporting RFDS_CLEAR via MSR. */
+	return (x86_arch_cap_msr & ARCH_CAP_RFDS_CLEAR) || boot_cpu_has(X86_FEATURE_RFDS_CLEAR);
 }
 
 static void __init rfds_select_mitigation(void)
diff --git a/arch/x86/kernel/cpu/intel.c b/arch/x86/kernel/cpu/intel.c
index 646ff33c4651..02f4ac2069f8 100644
--- a/arch/x86/kernel/cpu/intel.c
+++ b/arch/x86/kernel/cpu/intel.c
@@ -325,6 +325,22 @@ static void early_init_intel(struct cpuinfo_x86 *c)
 		setup_clear_cpu_cap(X86_FEATURE_PGE);
 	}
 
+	/*
+	 * Goldmont and Tremont-D support RFDS mitigation via VERW,
+	 * but do not enumerate it in MSRs. Explicitly set the capability
+	 * based on the microcode revision. (Tremont-D requires stepping 7).
+	 */
+	switch (c->x86_vfm) {
+	case INTEL_ATOM_GOLDMONT:
+		if (c->microcode >= 0x28)
+			set_cpu_cap(c, X86_FEATURE_RFDS_CLEAR);
+		break;
+	case INTEL_ATOM_TREMONT_D:
+		if (c->x86_stepping == 7 && c->microcode >= 0x4c000026)
+			set_cpu_cap(c, X86_FEATURE_RFDS_CLEAR);
+		break;
+	}
+
 	check_memory_type_self_snoop_errata(c);
 
 	/*

base-commit: 271605ee159b528465e451e0be90baf8103b52bc
-- 
2.52.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ