diff options
Diffstat (limited to 'debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch')
| -rw-r--r-- | debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch | 163 |
1 files changed, 0 insertions, 163 deletions
diff --git a/debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch b/debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch deleted file mode 100644 index 65c4594b1..000000000 --- a/debian/patches/bugfix/x86/gds/x86-speculation-add-force-option-to-gds-mitigation.patch +++ /dev/null @@ -1,163 +0,0 @@ -From ead252286b6800873dd961075a36939f15e9b163 Mon Sep 17 00:00:00 2001 -From: Daniel Sneddon <daniel.sneddon@linux.intel.com> -Date: Wed, 12 Jul 2023 19:43:12 -0700 -Subject: x86/speculation: Add force option to GDS mitigation - -From: Daniel Sneddon <daniel.sneddon@linux.intel.com> - -commit 553a5c03e90a6087e88f8ff878335ef0621536fb upstream - -The Gather Data Sampling (GDS) vulnerability allows malicious software -to infer stale data previously stored in vector registers. This may -include sensitive data such as cryptographic keys. GDS is mitigated in -microcode, and systems with up-to-date microcode are protected by -default. However, any affected system that is running with older -microcode will still be vulnerable to GDS attacks. - -Since the gather instructions used by the attacker are part of the -AVX2 and AVX512 extensions, disabling these extensions prevents gather -instructions from being executed, thereby mitigating the system from -GDS. Disabling AVX2 is sufficient, but we don't have the granularity -to do this. The XCR0[2] disables AVX, with no option to just disable -AVX2. - -Add a kernel parameter gather_data_sampling=force that will enable the -microcode mitigation if available, otherwise it will disable AVX on -affected systems. - -This option will be ignored if cmdline mitigations=off. - -This is a *big* hammer. It is known to break buggy userspace that -uses incomplete, buggy AVX enumeration. Unfortunately, such userspace -does exist in the wild: - - https://www.mail-archive.com/bug-coreutils@gnu.org/msg33046.html - -[ dhansen: add some more ominous warnings about disabling AVX ] - -Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> -Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> -Acked-by: Josh Poimboeuf <jpoimboe@kernel.org> -Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - Documentation/admin-guide/hw-vuln/gather_data_sampling.rst | 18 +++++++++-- - Documentation/admin-guide/kernel-parameters.txt | 8 ++++- - arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++- - 3 files changed, 40 insertions(+), 6 deletions(-) - ---- a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst -+++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst -@@ -60,14 +60,21 @@ bits: - ================================ === ============================ - - GDS can also be mitigated on systems that don't have updated microcode by --disabling AVX. This can be done by setting "clearcpuid=avx" on the kernel --command-line. -+disabling AVX. This can be done by setting gather_data_sampling="force" or -+"clearcpuid=avx" on the kernel command-line. -+ -+If used, these options will disable AVX use by turning on XSAVE YMM support. -+However, the processor will still enumerate AVX support. Userspace that -+does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM -+support will break. - - Mitigation control on the kernel command line - --------------------------------------------- - The mitigation can be disabled by setting "gather_data_sampling=off" or --"mitigations=off" on the kernel command line. Not specifying either will --default to the mitigation being enabled. -+"mitigations=off" on the kernel command line. Not specifying either will default -+to the mitigation being enabled. Specifying "gather_data_sampling=force" will -+use the microcode mitigation when available or disable AVX on affected systems -+where the microcode hasn't been updated to include the mitigation. - - GDS System Information - ------------------------ -@@ -83,6 +90,9 @@ The possible values contained in this fi - Vulnerable Processor vulnerable and mitigation disabled. - Vulnerable: No microcode Processor vulnerable and microcode is missing - mitigation. -+ Mitigation: AVX disabled, -+ no microcode Processor is vulnerable and microcode is missing -+ mitigation. AVX disabled as mitigation. - Mitigation: Microcode Processor is vulnerable and mitigation is in - effect. - Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in ---- a/Documentation/admin-guide/kernel-parameters.txt -+++ b/Documentation/admin-guide/kernel-parameters.txt -@@ -1300,7 +1300,13 @@ - - This issue is mitigated by default in updated microcode. - The mitigation may have a performance impact but can be -- disabled. -+ disabled. On systems without the microcode mitigation -+ disabling AVX serves as a mitigation. -+ -+ force: Disable AVX to mitigate systems without -+ microcode mitigation. No effect if the microcode -+ mitigation is present. Known to cause crashes in -+ userspace with buggy AVX enumeration. - - off: Disable GDS mitigation. - ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -607,6 +607,7 @@ early_param("srbds", srbds_parse_cmdline - enum gds_mitigations { - GDS_MITIGATION_OFF, - GDS_MITIGATION_UCODE_NEEDED, -+ GDS_MITIGATION_FORCE, - GDS_MITIGATION_FULL, - GDS_MITIGATION_FULL_LOCKED, - GDS_MITIGATION_HYPERVISOR, -@@ -617,6 +618,7 @@ static enum gds_mitigations gds_mitigati - static const char * const gds_strings[] = { - [GDS_MITIGATION_OFF] = "Vulnerable", - [GDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode", -+ [GDS_MITIGATION_FORCE] = "Mitigation: AVX disabled, no microcode", - [GDS_MITIGATION_FULL] = "Mitigation: Microcode", - [GDS_MITIGATION_FULL_LOCKED] = "Mitigation: Microcode (locked)", - [GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status", -@@ -642,6 +644,7 @@ void update_gds_msr(void) - rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); - mcu_ctrl &= ~GDS_MITG_DIS; - break; -+ case GDS_MITIGATION_FORCE: - case GDS_MITIGATION_UCODE_NEEDED: - case GDS_MITIGATION_HYPERVISOR: - return; -@@ -676,10 +679,23 @@ static void __init gds_select_mitigation - - /* No microcode */ - if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) { -- gds_mitigation = GDS_MITIGATION_UCODE_NEEDED; -+ if (gds_mitigation == GDS_MITIGATION_FORCE) { -+ /* -+ * This only needs to be done on the boot CPU so do it -+ * here rather than in update_gds_msr() -+ */ -+ setup_clear_cpu_cap(X86_FEATURE_AVX); -+ pr_warn("Microcode update needed! Disabling AVX as mitigation.\n"); -+ } else { -+ gds_mitigation = GDS_MITIGATION_UCODE_NEEDED; -+ } - goto out; - } - -+ /* Microcode has mitigation, use it */ -+ if (gds_mitigation == GDS_MITIGATION_FORCE) -+ gds_mitigation = GDS_MITIGATION_FULL; -+ - rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); - if (mcu_ctrl & GDS_MITG_LOCKED) { - if (gds_mitigation == GDS_MITIGATION_OFF) -@@ -710,6 +726,8 @@ static int __init gds_parse_cmdline(char - - if (!strcmp(str, "off")) - gds_mitigation = GDS_MITIGATION_OFF; -+ else if (!strcmp(str, "force")) -+ gds_mitigation = GDS_MITIGATION_FORCE; - - return 0; - } |