From unknown Sun Jun 22 03:50:08 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#65165 <65165@debbugs.gnu.org> To: bug#65165 <65165@debbugs.gnu.org> Subject: Status: Patch "x86/speculation: Add force option to GDS mitigation" has been added to the 4.19-stable tree Reply-To: bug#65165 <65165@debbugs.gnu.org> Date: Sun, 22 Jun 2025 10:50:08 +0000 retitle 65165 Patch "x86/speculation: Add force option to GDS mitigation" h= as been added to the 4.19-stable tree reassign 65165 coreutils submitter 65165 severity 65165 normal tag 65165 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Tue Aug 08 22:04:31 2023 Received: (at submit) by debbugs.gnu.org; 9 Aug 2023 02:04:31 +0000 Received: from localhost ([127.0.0.1]:37997 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTYYn-0006S9-T4 for submit@debbugs.gnu.org; Tue, 08 Aug 2023 22:04:31 -0400 Received: from lists.gnu.org ([2001:470:142::17]:42530) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTQfA-0007G9-BO for submit@debbugs.gnu.org; Tue, 08 Aug 2023 13:38:33 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qTQf5-0004as-1y for bug-coreutils@gnu.org; Tue, 08 Aug 2023 13:38:27 -0400 Received: from dfw.source.kernel.org ([2604:1380:4641:c500::1]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qTQf2-0003ue-Rq for bug-coreutils@gnu.org; Tue, 08 Aug 2023 13:38:26 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 97FEE628F1; Tue, 8 Aug 2023 17:38:23 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 76E7EC433C9; Tue, 8 Aug 2023 17:38:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1691516303; bh=tsUKOK8evQOZ7Ax8/I69yIMrMj5D78brvLFQhODnnXc=; h=Subject:To:Cc:From:Date:From; b=oFuyeDaqXIk4uoMoeZA0oicintRUnPe3pbYmwnLPa4aqCOO3Yjgz86LB6UXQM9szz k5prOn395QODf1PLUGaPjis4EoZ1D0tlG7l7YH8L5Mx3MyiPBIQE21I7NSVuHsAOhG qHIq+t9OFfOqvD41WGtuSLWR+3L4TJRV7X9JzCE4= Subject: Patch "x86/speculation: Add force option to GDS mitigation" has been added to the 4.19-stable tree To: bug-coreutils@gnu.org, daniel.sneddon@linux.intel.com, dave.hansen@linux.intel.com, gregkh@linuxfoundation.org, jpoimboe@kernel.org From: Date: Tue, 08 Aug 2023 19:36:47 +0200 Message-ID: <2023080846-grub-elves-eef0@gregkh> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit X-stable: commit X-Patchwork-Hint: ignore Received-SPF: pass client-ip=2604:1380:4641:c500::1; envelope-from=gregkh@linuxfoundation.org; helo=dfw.source.kernel.org X-Spam_score_int: -43 X-Spam_score: -4.4 X-Spam_bar: ---- X-Spam_report: (-4.4 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Tue, 08 Aug 2023 22:04:24 -0400 Cc: stable-commits@vger.kernel.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) This is a note to let you know that I've just added the patch titled x86/speculation: Add force option to GDS mitigation to the 4.19-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: x86-speculation-add-force-option-to-gds-mitigation.patch and it can be found in the queue-4.19 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >From ead252286b6800873dd961075a36939f15e9b163 Mon Sep 17 00:00:00 2001 From: Daniel Sneddon Date: Wed, 12 Jul 2023 19:43:12 -0700 Subject: x86/speculation: Add force option to GDS mitigation From: Daniel Sneddon commit 553a5c03e90a6087e88f8ff878335ef0621536fb upstream The Gather Data Sampling (GDS) vulnerability allows malicious software to infer stale data previously stored in vector registers. This may include sensitive data such as cryptographic keys. GDS is mitigated in microcode, and systems with up-to-date microcode are protected by default. However, any affected system that is running with older microcode will still be vulnerable to GDS attacks. Since the gather instructions used by the attacker are part of the AVX2 and AVX512 extensions, disabling these extensions prevents gather instructions from being executed, thereby mitigating the system from GDS. Disabling AVX2 is sufficient, but we don't have the granularity to do this. The XCR0[2] disables AVX, with no option to just disable AVX2. Add a kernel parameter gather_data_sampling=force that will enable the microcode mitigation if available, otherwise it will disable AVX on affected systems. This option will be ignored if cmdline mitigations=off. This is a *big* hammer. It is known to break buggy userspace that uses incomplete, buggy AVX enumeration. Unfortunately, such userspace does exist in the wild: https://www.mail-archive.com/bug-coreutils@gnu.org/msg33046.html [ dhansen: add some more ominous warnings about disabling AVX ] Signed-off-by: Daniel Sneddon Signed-off-by: Dave Hansen Acked-by: Josh Poimboeuf Signed-off-by: Daniel Sneddon Signed-off-by: Greg Kroah-Hartman --- Documentation/admin-guide/hw-vuln/gather_data_sampling.rst | 18 +++++++++-- Documentation/admin-guide/kernel-parameters.txt | 8 ++++- arch/x86/kernel/cpu/bugs.c | 20 ++++++++++++- 3 files changed, 40 insertions(+), 6 deletions(-) --- a/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst +++ b/Documentation/admin-guide/hw-vuln/gather_data_sampling.rst @@ -60,14 +60,21 @@ bits: ================================ === ============================ GDS can also be mitigated on systems that don't have updated microcode by -disabling AVX. This can be done by setting "clearcpuid=avx" on the kernel -command-line. +disabling AVX. This can be done by setting gather_data_sampling="force" or +"clearcpuid=avx" on the kernel command-line. + +If used, these options will disable AVX use by turning on XSAVE YMM support. +However, the processor will still enumerate AVX support. Userspace that +does not follow proper AVX enumeration to check both AVX *and* XSAVE YMM +support will break. Mitigation control on the kernel command line --------------------------------------------- The mitigation can be disabled by setting "gather_data_sampling=off" or -"mitigations=off" on the kernel command line. Not specifying either will -default to the mitigation being enabled. +"mitigations=off" on the kernel command line. Not specifying either will default +to the mitigation being enabled. Specifying "gather_data_sampling=force" will +use the microcode mitigation when available or disable AVX on affected systems +where the microcode hasn't been updated to include the mitigation. GDS System Information ------------------------ @@ -83,6 +90,9 @@ The possible values contained in this fi Vulnerable Processor vulnerable and mitigation disabled. Vulnerable: No microcode Processor vulnerable and microcode is missing mitigation. + Mitigation: AVX disabled, + no microcode Processor is vulnerable and microcode is missing + mitigation. AVX disabled as mitigation. Mitigation: Microcode Processor is vulnerable and mitigation is in effect. Mitigation: Microcode (locked) Processor is vulnerable and mitigation is in --- a/Documentation/admin-guide/kernel-parameters.txt +++ b/Documentation/admin-guide/kernel-parameters.txt @@ -1300,7 +1300,13 @@ This issue is mitigated by default in updated microcode. The mitigation may have a performance impact but can be - disabled. + disabled. On systems without the microcode mitigation + disabling AVX serves as a mitigation. + + force: Disable AVX to mitigate systems without + microcode mitigation. No effect if the microcode + mitigation is present. Known to cause crashes in + userspace with buggy AVX enumeration. off: Disable GDS mitigation. --- a/arch/x86/kernel/cpu/bugs.c +++ b/arch/x86/kernel/cpu/bugs.c @@ -607,6 +607,7 @@ early_param("srbds", srbds_parse_cmdline enum gds_mitigations { GDS_MITIGATION_OFF, GDS_MITIGATION_UCODE_NEEDED, + GDS_MITIGATION_FORCE, GDS_MITIGATION_FULL, GDS_MITIGATION_FULL_LOCKED, GDS_MITIGATION_HYPERVISOR, @@ -617,6 +618,7 @@ static enum gds_mitigations gds_mitigati static const char * const gds_strings[] = { [GDS_MITIGATION_OFF] = "Vulnerable", [GDS_MITIGATION_UCODE_NEEDED] = "Vulnerable: No microcode", + [GDS_MITIGATION_FORCE] = "Mitigation: AVX disabled, no microcode", [GDS_MITIGATION_FULL] = "Mitigation: Microcode", [GDS_MITIGATION_FULL_LOCKED] = "Mitigation: Microcode (locked)", [GDS_MITIGATION_HYPERVISOR] = "Unknown: Dependent on hypervisor status", @@ -642,6 +644,7 @@ void update_gds_msr(void) rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); mcu_ctrl &= ~GDS_MITG_DIS; break; + case GDS_MITIGATION_FORCE: case GDS_MITIGATION_UCODE_NEEDED: case GDS_MITIGATION_HYPERVISOR: return; @@ -676,10 +679,23 @@ static void __init gds_select_mitigation /* No microcode */ if (!(x86_read_arch_cap_msr() & ARCH_CAP_GDS_CTRL)) { - gds_mitigation = GDS_MITIGATION_UCODE_NEEDED; + if (gds_mitigation == GDS_MITIGATION_FORCE) { + /* + * This only needs to be done on the boot CPU so do it + * here rather than in update_gds_msr() + */ + setup_clear_cpu_cap(X86_FEATURE_AVX); + pr_warn("Microcode update needed! Disabling AVX as mitigation.\n"); + } else { + gds_mitigation = GDS_MITIGATION_UCODE_NEEDED; + } goto out; } + /* Microcode has mitigation, use it */ + if (gds_mitigation == GDS_MITIGATION_FORCE) + gds_mitigation = GDS_MITIGATION_FULL; + rdmsrl(MSR_IA32_MCU_OPT_CTRL, mcu_ctrl); if (mcu_ctrl & GDS_MITG_LOCKED) { if (gds_mitigation == GDS_MITIGATION_OFF) @@ -710,6 +726,8 @@ static int __init gds_parse_cmdline(char if (!strcmp(str, "off")) gds_mitigation = GDS_MITIGATION_OFF; + else if (!strcmp(str, "force")) + gds_mitigation = GDS_MITIGATION_FORCE; return 0; } Patches currently in stable-queue which might be from daniel.sneddon@linux.intel.com are queue-4.19/x86-cpu-switch-to-arch_cpu_finalize_init.patch queue-4.19/arm-cpu-switch-to-arch_cpu_finalize_init.patch queue-4.19/x86-speculation-add-kconfig-option-for-gds.patch queue-4.19/um-cpu-switch-to-arch_cpu_finalize_init.patch queue-4.19/mips-cpu-switch-to-arch_cpu_finalize_init.patch queue-4.19/init-x86-move-mem_encrypt_init-into-arch_cpu_finalize_init.patch queue-4.19/sh-cpu-switch-to-arch_cpu_finalize_init.patch queue-4.19/x86-speculation-add-gather-data-sampling-mitigation.patch queue-4.19/init-invoke-arch_cpu_finalize_init-earlier.patch queue-4.19/kvm-add-gds_no-support-to-kvm.patch queue-4.19/x86-fpu-move-fpu-initialization-into-arch_cpu_finalize_init.patch queue-4.19/x86-speculation-add-force-option-to-gds-mitigation.patch queue-4.19/init-remove-check_bugs-leftovers.patch queue-4.19/init-provide-arch_cpu_finalize_init.patch queue-4.19/m68k-cpu-switch-to-arch_cpu_finalize_init.patch queue-4.19/sparc-cpu-switch-to-arch_cpu_finalize_init.patch queue-4.19/x86-fpu-mark-init-functions-__init.patch queue-4.19/ia64-cpu-switch-to-arch_cpu_finalize_init.patch queue-4.19/x86-fpu-remove-cpuinfo-argument-from-init-functions.patch From debbugs-submit-bounces@debbugs.gnu.org Wed Aug 09 18:46:47 2023 Received: (at control) by debbugs.gnu.org; 9 Aug 2023 22:46:47 +0000 Received: from localhost ([127.0.0.1]:40652 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTrx1-0002rT-II for submit@debbugs.gnu.org; Wed, 09 Aug 2023 18:46:47 -0400 Received: from mail.cs.ucla.edu ([131.179.128.66]:60858) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qTrwz-0002rD-1e for control@debbugs.gnu.org; Wed, 09 Aug 2023 18:46:46 -0400 Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id 06DB53C011BD8 for ; Wed, 9 Aug 2023 15:46:39 -0700 (PDT) Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id BVxvY_b07wFZ for ; Wed, 9 Aug 2023 15:46:38 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.cs.ucla.edu (Postfix) with ESMTP id B3BC23C011BD9 for ; Wed, 9 Aug 2023 15:46:38 -0700 (PDT) DKIM-Filter: OpenDKIM Filter v2.10.3 mail.cs.ucla.edu B3BC23C011BD9 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.ucla.edu; s=9D0B346E-2AEB-11ED-9476-E14B719DCE6C; t=1691621198; bh=lCU/aiw5UbmA6Rg0K5WA0EPrmX95Tp1df/XSPNnEMB4=; h=Message-ID:Date:MIME-Version:To:From; b=NcJyvNNbd0xFCBy1w8dJ9sbk8QmY/jj0M5XzqKTb1Ncvea6DsZl9U+bc2r6+b8NQx Aoo2gZrTxQiItAaaPVMhD1/5xz1UPb+kA8b2S50YEScyPul3iq55xdI9KWgijJ1sN+ sFQUBrpwTSIIHoHLuEWdY8kMezHj6GpEraXrD8gDmxzBWznPNzwJoOPZvoyteAo8e+ DmkM1iMjUYGzmLtDOgGnoZfJFaDJgYxGI0pare5CRSYOH3scWWk1gvYZsh1+N/1Wtl QDg0Ibu0ZnvknyE3ZH07Pj+vaPSLCGw8kA5b+MJUtHrm+oJIO6hxlZGppgHhuzhHb2 4rILhET7BPlWA== X-Virus-Scanned: amavisd-new at mail.cs.ucla.edu Received: from mail.cs.ucla.edu ([127.0.0.1]) by localhost (mail.cs.ucla.edu [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id dzWun1eFKNTI for ; Wed, 9 Aug 2023 15:46:38 -0700 (PDT) Received: from [192.168.1.9] (cpe-172-91-119-151.socal.res.rr.com [172.91.119.151]) by mail.cs.ucla.edu (Postfix) with ESMTPSA id 98F9F3C011BD8 for ; Wed, 9 Aug 2023 15:46:38 -0700 (PDT) Message-ID: <8542dfd4-e056-171e-3f92-bf9d271189e0@cs.ucla.edu> Date: Wed, 9 Aug 2023 15:46:38 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.13.0 Content-Language: en-US To: control@debbugs.gnu.org From: Paul Eggert Subject: bugs related to 64058 Organization: UCLA Computer Science Department Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) unarchive 64058 close 65164 close 65165 close 65166 close 65167 close 65168 close 65169 close 65170 merge 64058 65164 65165 65166 65167 65168 65169 65170 From unknown Sun Jun 22 03:50:08 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 07 Sep 2023 11:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator