The Performance Impact Of Intel's Register File Data Sampling "RFDS" Mitigation

Written by Michael Larabel in Software on 15 March 2024 at 03:00 PM EDT. Page 1 of 5. 19 Comments.

Intel Core i9 14900K mitigations

Earlier this week on Patch Tuesday was the disclosure by Intel of the Register File Data Sampling (RFDS) vulnerability and mitigation via updated CPU microcode and a kernel patch. RFDS is around malicious user-space software potentially being able to infer stale register values from kernel space. Register File Data Sampling affects recent Intel Atom / E-core bearing processors including the latest Raptor Lake Refresh processors. In this article are some initial benchmarks of the RFDS performance impact under Linux when using the Core i9 14900K processor.

Intel RFDS mitigations

The mitigation for the Intel Register File Data Sampling vulnerability is to wait until the kernel is about to return to user-space and using the VERW instruction to clear the register file. For KVM virtualization use VERW is also used before VM entry. This affects Goldmont and Tremont and Gracemont cores along with the E cores found on Alder Lake and Raptor Lake processors.

Intel RFDS kernel option

The mitigation of RFDS requires both having the new Intel CPU microcode deployed on your system as well as a patched Linux kernel. On patched kernels via the sysfs vulnerabilities the "reg_file_data_sampling" attribute (/sys/devices/system/cpu/vulnerabilities/reg_file_data_sampling) is added to indicate if the mitigation is applied or if not affected or if missing the CPU microcode.

Intel RFDS force disabled

On patched systems, the "reg_file_data_sampling=" kernel option is added if wanting to use reg_file_data_sampling=off to force-disable the Register File Data Sampling mitigation.

Intel Register File Data Sampling Mitigation Benchmark

For today's initial benchmarking of the RFDS mitigation, a Linux Git kernel build as of Wednesday was used along with the latest CPU microcode. The Intel Core i9 14900K desktop processor was tested in its default mitigated state and then repeating a variety of benchmarks while running in the reg_file_data_sampling=off mode for keeping all other mitigations at their defaults but having this new RFDS mitigation disabled. So let's take a look to see what the RFDS mitigation means for the Intel Raptor Lake (Refresh) performance.


Related Articles
Intel Xeon Max Sees Some Performance Gains For OpenVINO & ONNX With Linux 6.9
Linux 6.9 Drives AMD 4th Gen EPYC Performance Even Higher For Some Workloads
Intel Core Ultra "Meteor Lake" Yields Faster Performance With Linux 6.9
Google Cloud's C3D Instances Provide Strong Performance Value For PingCAP's TiDB
Linux 6.9 Features: DM VDO, AMD Preferred Core, Intel FRED & Larger Console Fonts
LLVM Clang Shows Off Great Performance Advantage On NVIDIA GH200's Neoverse-V2 Cores