** Description changed:
The (supposedly unintended) re-enabling of GDS force migration in the
6.10 kernels causes the AVX instruction to be disabled on older CPUs
which have no available microcode update. This causes various programs
to crash due to the unconditional use of AVX in libgnutls.so, libxul.so,
etc.
+ Typically "traps" of "invalid opcode" will be seen in dmesg output along
+ with the initial notice:
+
+ [ 0.121833] GDS: Microcode update needed! Disabling AVX as mitigation.
+ [ 0.121835] GDS: Mitigation: AVX disabled, no microcode
+
+
When GDS force mitigation appeared in the kernel, with default "y", it
created a lot of issues like these and Ubuntu quickly patched all their
kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff:
-
```
diff -u linux-6.2.0/debian.master/changelog
linux-6.2.0/debian.master/changelog
--- linux-6.2.0/debian.master/changelog
+++ linux-6.2.0/debian.master/changelog
@@ -1,3 +1,13 @@
+linux (6.2.0-31.31) lunar; urgency=medium
+
+ * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146)
+
+ * libgnutls report "trap invalid opcode" when trying to install packages
over
+ https (LP: #2031093)
+ - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
+
+ -- Thadeu Lima de Souza Cascardo <casca...@canonical.com> Mon, 14 Aug 2023
08:29:52 -0300
+
linux (6.2.0-28.29) lunar; urgency=medium
* lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547)
diff -u linux-6.2.0/debian.master/config/annotations
linux-6.2.0/debian.master/config/annotations
--- linux-6.2.0/debian.master/config/annotations
+++ linux-6.2.0/debian.master/config/annotations
@@ -4992,7 +4992,7 @@
CONFIG_GCC_VERSION policy<{'amd64': '120200',
'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200',
's390x': '120200'}>
CONFIG_GCOV_KERNEL policy<{'amd64': 'n',
'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
CONFIG_GDB_SCRIPTS policy<{'amd64': 'y',
'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
-CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}>
+CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}>
CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm',
'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm',
'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm',
'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
```
- In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when
- Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the
- 6.8.0-31.31_6.10.0-15.15 diff:
-
+ In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when
Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the
6.8.0-31.31_6.10.0-15.15 diff:
```
CONFIG_GDB_SCRIPTS policy<{'amd64': 'y',
'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
-CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}>
CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm',
'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
...
CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}>
+CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}>
```
-
- I am sure this was an oversight, and that the old option was simply dropped
because it didn't exist any longer, without thinking of it being renamed (among
a lot of other renames).
+ I am sure this was an oversight, and that the old option was simply
+ dropped because it didn't exist any longer, without thinking of it being
+ renamed (among a lot of other renames).
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/2077145
Title:
GDS force mitigation re-enabled in 6.10 causing crashes
Status in linux package in Ubuntu:
New
Bug description:
The (supposedly unintended) re-enabling of GDS force migration in the
6.10 kernels causes the AVX instruction to be disabled on older CPUs
which have no available microcode update. This causes various programs
to crash due to the unconditional use of AVX in libgnutls.so,
libxul.so, etc.
Typically "traps" of "invalid opcode" will be seen in dmesg output
along with the initial notice:
[ 0.121833] GDS: Microcode update needed! Disabling AVX as mitigation.
[ 0.121835] GDS: Mitigation: AVX disabled, no microcode
When GDS force mitigation appeared in the kernel, with default "y", it
created a lot of issues like these and Ubuntu quickly patched all
their kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff:
```
diff -u linux-6.2.0/debian.master/changelog
linux-6.2.0/debian.master/changelog
--- linux-6.2.0/debian.master/changelog
+++ linux-6.2.0/debian.master/changelog
@@ -1,3 +1,13 @@
+linux (6.2.0-31.31) lunar; urgency=medium
+
+ * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146)
+
+ * libgnutls report "trap invalid opcode" when trying to install packages
over
+ https (LP: #2031093)
+ - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
+
+ -- Thadeu Lima de Souza Cascardo <casca...@canonical.com> Mon, 14 Aug 2023
08:29:52 -0300
+
linux (6.2.0-28.29) lunar; urgency=medium
* lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547)
diff -u linux-6.2.0/debian.master/config/annotations
linux-6.2.0/debian.master/config/annotations
--- linux-6.2.0/debian.master/config/annotations
+++ linux-6.2.0/debian.master/config/annotations
@@ -4992,7 +4992,7 @@
CONFIG_GCC_VERSION policy<{'amd64': '120200',
'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200',
's390x': '120200'}>
CONFIG_GCOV_KERNEL policy<{'amd64': 'n',
'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
CONFIG_GDB_SCRIPTS policy<{'amd64': 'y',
'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
-CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}>
+CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}>
CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm',
'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm',
'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm',
'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
```
In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when
Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the
6.8.0-31.31_6.10.0-15.15 diff:
```
CONFIG_GDB_SCRIPTS policy<{'amd64': 'y',
'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
-CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}>
CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm',
'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
...
CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}>
+CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}>
```
I am sure this was an oversight, and that the old option was simply
dropped because it didn't exist any longer, without thinking of it
being renamed (among a lot of other renames).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2077145/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
