• Linus Torvalds's avatar
    Merge tag 'rfds-for-linus-2024-03-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip · 0e33cf95
    Linus Torvalds authored
    Pull x86 RFDS mitigation from Dave Hansen:
     "RFDS is a CPU vulnerability that may allow a malicious userspace to
      infer stale register values from kernel space. Kernel registers can
      have all kinds of secrets in them so the mitigation is basically to
      wait until the kernel is about to return to userspace and has user
      values in the registers. At that point there is little chance of
      kernel secrets ending up in the registers and the microarchitectural
      state can be cleared.
    
      This leverages some recent robustness fixes for the existing MDS
      vulnerability. Both MDS and RFDS use the VERW instruction for
      mitigation"
    
    * tag 'rfds-for-linus-2024-03-11' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip:
      KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests
      x86/rfds: Mitigate Register File Data Sampling (RFDS)
      Documentation/hw-vuln: Add documentation for RFDS
      x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
    0e33cf95
cpufeatures.h 33.4 KB