diff options
Diffstat (limited to 'debian/patches/bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch')
| -rw-r--r-- | debian/patches/bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch | 68 |
1 files changed, 0 insertions, 68 deletions
diff --git a/debian/patches/bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch b/debian/patches/bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch deleted file mode 100644 index 5d01d4fa9..000000000 --- a/debian/patches/bugfix/x86/gds/x86-speculation-add-kconfig-option-for-gds.patch +++ /dev/null @@ -1,68 +0,0 @@ -From dc9710d3e8c3a26fbd764f4bd733814c9464bf31 Mon Sep 17 00:00:00 2001 -From: Daniel Sneddon <daniel.sneddon@linux.intel.com> -Date: Wed, 12 Jul 2023 19:43:13 -0700 -Subject: x86/speculation: Add Kconfig option for GDS - -From: Daniel Sneddon <daniel.sneddon@linux.intel.com> - -commit 53cf5797f114ba2bd86d23a862302119848eff19 upstream - -Gather Data Sampling (GDS) is mitigated in microcode. However, on -systems that haven't received the updated microcode, disabling AVX -can act as a mitigation. Add a Kconfig option that uses the microcode -mitigation if available and disables AVX otherwise. Setting this -option has no effect on systems not affected by GDS. This is the -equivalent of setting gather_data_sampling=force. - -Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> -Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> -Acked-by: Josh Poimboeuf <jpoimboe@kernel.org> -Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> -Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> ---- - arch/x86/Kconfig | 19 +++++++++++++++++++ - arch/x86/kernel/cpu/bugs.c | 4 ++++ - 2 files changed, 23 insertions(+) - ---- a/arch/x86/Kconfig -+++ b/arch/x86/Kconfig -@@ -2438,6 +2438,25 @@ config ARCH_ENABLE_SPLIT_PMD_PTLOCK - def_bool y - depends on X86_64 || X86_PAE - -+config GDS_FORCE_MITIGATION -+ bool "Force GDS Mitigation" -+ depends on CPU_SUP_INTEL -+ default n -+ help -+ Gather Data Sampling (GDS) is a hardware vulnerability which allows -+ unprivileged speculative access to data which was previously stored in -+ vector registers. -+ -+ This option is equivalent to setting gather_data_sampling=force on the -+ command line. The microcode mitigation is used if present, otherwise -+ AVX is disabled as a mitigation. On affected systems that are missing -+ the microcode any userspace code that unconditionally uses AVX will -+ break with this option set. -+ -+ Setting this option on systems not vulnerable to GDS has no effect. -+ -+ If in doubt, say N. -+ - config ARCH_ENABLE_HUGEPAGE_MIGRATION - def_bool y - depends on X86_64 && HUGETLB_PAGE && MIGRATION ---- a/arch/x86/kernel/cpu/bugs.c -+++ b/arch/x86/kernel/cpu/bugs.c -@@ -613,7 +613,11 @@ enum gds_mitigations { - GDS_MITIGATION_HYPERVISOR, - }; - -+#if IS_ENABLED(CONFIG_GDS_FORCE_MITIGATION) -+static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FORCE; -+#else - static enum gds_mitigations gds_mitigation __ro_after_init = GDS_MITIGATION_FULL; -+#endif - - static const char * const gds_strings[] = { - [GDS_MITIGATION_OFF] = "Vulnerable", |