[SRU Focal,Jammy,Lunar 0/1] Disable CONFIG_GDS_FORCE_MITIGATION
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Fri Aug 11 14:38:12 UTC 2023
BugLink: https://bugs.launchpad.net/bugs/2031093
[Impact]
When booting linux with Gather Data Sampling mitigations without updated
microcode on an affected CPU, AVX will be disabled. This will cause programs
connecting to https using gnutls on Jammy to break, including apt and git.
[Test case]
git clone https://git.launchpad.net/~canonical-kernel-team/+git/autotest-client-tests
Cloning into 'autotest-client-tests'...
error: git-remote-https died of signal 4
dmesg:
[ 806.072080] traps: git-remote-http[2561] trap invalid opcode ip:7fa2e7dac44a sp:7ffed6796480 error:0 in libgnutls.so.30.31.0[7fa2e7c85000+129000]
Works fine with the mitigation disabled by default.
[Potential regressions]
Users booting on affected parts without microcode updates will be subject
to Gather Data Sampling attacks (which can be done by local untrusted
attackers), which may leak confidential data, including keys.
[Fix]
Fix is to disable CONFIG_GDS_FORCE_MITIGATION by default. This has only
been applied so far on Focal, Jammy and Lunar, hence only sending for those.
Thadeu Lima de Souza Cascardo (1):
UBUNTU: [Config]: disable CONFIG_GDS_FORCE_MITIGATION
debian.master/config/annotations | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.34.1
More information about the kernel-team
mailing list