APPLIED[L/J]: [SRU Focal,Jammy,Lunar 0/1] Disable CONFIG_GDS_FORCE_MITIGATION

Stefan Bader stefan.bader at canonical.com
Mon Aug 14 09:26:53 UTC 2023 

On 11.08.23 16:38, Thadeu Lima de Souza Cascardo wrote:
> BugLink: https://bugs.launchpad.net/bugs/2031093
> 
> [Impact]
> When booting linux with Gather Data Sampling mitigations without updated
> microcode on an affected CPU, AVX will be disabled. This will cause programs
> connecting to https using gnutls on Jammy to break, including apt and git.
> 
> [Test case]
> git clone https://git.launchpad.net/~canonical-kernel-team/+git/autotest-client-tests
> Cloning into 'autotest-client-tests'...
> error: git-remote-https died of signal 4
> 
> dmesg:
> [ 806.072080] traps: git-remote-http[2561] trap invalid opcode ip:7fa2e7dac44a sp:7ffed6796480 error:0 in libgnutls.so.30.31.0[7fa2e7c85000+129000]
> 
> Works fine with the mitigation disabled by default.
> 
> [Potential regressions]
> Users booting on affected parts without microcode updates will be subject
> to Gather Data Sampling attacks (which can be done by local untrusted
> attackers), which may leak confidential data, including keys.
> 
> [Fix]
> Fix is to disable CONFIG_GDS_FORCE_MITIGATION by default. This has only
> been applied so far on Focal, Jammy and Lunar, hence only sending for those.
> 
> 
> Thadeu Lima de Souza Cascardo (1):
>    UBUNTU: [Config]: disable CONFIG_GDS_FORCE_MITIGATION
> 
>   debian.master/config/annotations | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 

Applied to lunar,jammy:linux/master-next. Thanks.

-Stefan

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230814/64b65808/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230814/64b65808/attachment-0001.sig>

More information about the kernel-team mailing list