summaryrefslogtreecommitdiffstats
path: root/debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-08 04:21:44 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-08 04:22:00 +0000
commit9b228b28ccd91b2f915f0575b7d67a8610b72d30 (patch)
tree3197d6e68ec1f053a5d60a1e0d84fa334ac486f1 /debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch
parentMerging upstream version 4.19.304. (diff)
downloadlinux-9b228b28ccd91b2f915f0575b7d67a8610b72d30.tar.xz
linux-9b228b28ccd91b2f915f0575b7d67a8610b72d30.zip
Merging debian version 4.19.304-1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch')
-rw-r--r--debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch163
1 files changed, 0 insertions, 163 deletions
diff --git a/debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch b/debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch
deleted file mode 100644
index 65c4594b1..000000000
--- a/debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch
+++ /dev/null
@@ -1,163 +0,0 @@
-From ead252286b6800873dd961075a36939f15e9b163 Mon Sep 17 00:00:00 2001
-From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Date: Wed, 12 Jul 2023 19:43:12 -0700
-Subject: x86/speculation: Add force option to GDS mitigation
-
-From: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-
-commit 553a5c03e90a6087e88f8ff878335ef0621536fb upstream
-
-The Gather Data Sampling (GDS) vulnerability allows malicious software
-to infer stale data previously stored in vector registers. This may
-include sensitive data such as cryptographic keys. GDS is mitigated in
-microcode, and systems with up-to-date microcode are protected by
-default. However, any affected system that is running with older
-microcode will still be vulnerable to GDS attacks.
-
-Since the gather instructions used by the attacker are part of the
-AVX2 and AVX512 extensions, disabling these extensions prevents gather
-instructions from being executed, thereby mitigating the system from
-GDS. Disabling AVX2 is sufficient, but we don't have the granularity
-to do this. The XCR0[2] disables AVX, with no option to just disable
-AVX2.
-
-Add a kernel parameter gather_data_sampling=force that will enable the
-microcode mitigation if available, otherwise it will disable AVX on
-affected systems.
-
-This option will be ignored if cmdline mitigations=off.
-
-This is a *big* hammer. It is known to break buggy userspace that
-uses incomplete, buggy AVX enumeration. Unfortunately, such userspace
-does exist in the wild:
-
- https://www.mail-archive.com/bug-coreutils@gnu.org/msg33046.html
-
-[ dhansen: add some more ominous warnings about disabling AVX ]
-
-Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
-Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
-Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- Documentation/admin-guide/hw-vuln/gather_data_sampling.rst | 18 +++++++++--
- Documentation/admin-guide/kernel-parameters.txt | 8 ++++-
- arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++-
- 3 files changed, 40 insertions(+), 6 deletions(-)
-
---- a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
-+++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst
-@@ -60,14 +60,21 @@ bits:
- ================================ === ============================
-
- GDS can also be mitigated on systems that don't have updated microcode by
--disabling AVX. This can be done by setting "clearcpuid=avx" on the kernel
--command-line.
-+disabling AVX. This can be done by setting gather_data_sampling="force" or
-+"clearcpuid=avx" on the kernel command-line.
-+
-+If used, these options will disable AVX use by turning on XSAVE YMM support.
-+However, the processor will still enumerate AVX support. Userspace that
-+does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM
-+support will break.
-
- Mitigation control on the kernel command line
- ---------------------------------------------
- The mitigation can be disabled by setting "gather_data_sampling=off" or
--"mitigations=off" on the kernel command line. Not specifying either will
--default to the mitigation being enabled.
-+"mitigations=off" on the kernel command line. Not specifying either will default
-+to the mitigation being enabled. Specifying "gather_data_sampling=force" will
-+use the microcode mitigation when available or disable AVX on affected systems
-+where the microcode hasn't been updated to include the mitigation.
-
- GDS System Information
- ------------------------
-@@ -83,6 +90,9 @@ The possible values contained in this fi
- Vulnerable Processor vulnerable and mitigation disabled.
- Vulnerable: No microcode Processor vulnerable and microcode is missing
- mitigation.
-+ Mitigation: AVX disabled,
-+ no microcode Processor is vulnerable and microcode is missing
-+ mitigation. AVX disabled as mitigation.
- Mitigation: Microcode Processor is vulnerable and mitigation is in
- effect.
- Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in
---- a/Documentation/admin-guide/kernel-parameters.txt
-+++ b/Documentation/admin-guide/kernel-parameters.txt
-@@ -1300,7 +1300,13 @@
-
- This issue is mitigated by default in updated microcode.
- The mitigation may have a performance impact but can be
-- disabled.
-+ disabled. On systems without the microcode mitigation
-+ disabling AVX serves as a mitigation.
-+
-+ force: Disable AVX to mitigate systems without
-+ microcode mitigation. No effect if the microcode
-+ mitigation is present. Known to cause crashes in
-+ userspace with buggy AVX enumeration.
-
- off: Disable GDS mitigation.
-
---- a/arch/x86/kernel/cpu/bugs.c
-+++ b/arch/x86/kernel/cpu/bugs.c
-@@ -607,6 +607,7 @@ early_param("srbds", srbds_parse_cmdline
- enum gds_mitigations {
- GDS_MITIGATION_OFF,
- GDS_MITIGATION_UCODE_NEEDED,
-+ GDS_MITIGATION_FORCE,
- GDS_MITIGATION_FULL,
- GDS_MITIGATION_FULL_LOCKED,
- GDS_MITIGATION_HYPERVISOR,
-@@ -617,6 +618,7 @@ static enum gds_mitigations gds_mitigati
- static const char * const gds_strings[] = {
- [GDS_MITIGATION_OFF] = "Vulnerable",
- [GDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode",
-+ [GDS_MITIGATION_FORCE] = "Mitigation: AVX disabled, no microcode",
- [GDS_MITIGATION_FULL] = "Mitigation: Microcode",
- [GDS_MITIGATION_FULL_LOCKED] = "Mitigation: Microcode (locked)",
- [GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status",
-@@ -642,6 +644,7 @@ void update_gds_msr(void)
- rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
- mcu_ctrl &= ~GDS_MITG_DIS;
- break;
-+ case GDS_MITIGATION_FORCE:
- case GDS_MITIGATION_UCODE_NEEDED:
- case GDS_MITIGATION_HYPERVISOR:
- return;
-@@ -676,10 +679,23 @@ static void __init gds_select_mitigation
-
- /* No microcode */
- if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) {
-- gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
-+ if (gds_mitigation == GDS_MITIGATION_FORCE) {
-+ /*
-+ * This only needs to be done on the boot CPU so do it
-+ * here rather than in update_gds_msr()
-+ */
-+ setup_clear_cpu_cap(X86_FEATURE_AVX);
-+ pr_warn("Microcode update needed! Disabling AVX as mitigation.\n");
-+ } else {
-+ gds_mitigation = GDS_MITIGATION_UCODE_NEEDED;
-+ }
- goto out;
- }
-
-+ /* Microcode has mitigation, use it */
-+ if (gds_mitigation == GDS_MITIGATION_FORCE)
-+ gds_mitigation = GDS_MITIGATION_FULL;
-+
- rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl);
- if (mcu_ctrl & GDS_MITG_LOCKED) {
- if (gds_mitigation == GDS_MITIGATION_OFF)
-@@ -710,6 +726,8 @@ static int __init gds_parse_cmdline(char
-
- if (!strcmp(str, "off"))
- gds_mitigation = GDS_MITIGATION_OFF;
-+ else if (!strcmp(str, "force"))
-+ gds_mitigation = GDS_MITIGATION_FORCE;
-
- return 0;
- }