[Bug 2077145] Re: GDS force mitigation re-enabled in 6.10 causing crashes

Tormod Volden Fri, 16 Aug 2024 01:00:45 -0700

** Description changed:

  The (supposedly unintended) re-enabling of GDS force migration in the
- 6.10 kernels causes the AVX instruction to be disabled on older CPUs
- which have no available microcode update. This causes various programs
- to crash due to the unconditional use of AVX in libgnutls.so, libxul.so,
- etc.
+ Ubuntu 6.10 kernels causes the AVX instruction to be disabled on older
+ CPUs which have no available microcode update. This causes various
+ programs to crash due to the unconditional use of AVX in libgnutls.so,
+ libxul.so, etc.
  
  Typically "traps" of "invalid opcode" will be seen in dmesg output along
  with the initial notice:
  
  [    0.121833] GDS: Microcode update needed! Disabling AVX as mitigation.
  [    0.121835] GDS: Mitigation: AVX disabled, no microcode
  
- 
  When GDS force mitigation appeared in the kernel, with default "y", it
  created a lot of issues like these and Ubuntu quickly patched all their
  kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff:
+ 
+ ==========
  
  ```
  diff -u linux-6.2.0/debian.master/changelog 
linux-6.2.0/debian.master/changelog
  --- linux-6.2.0/debian.master/changelog
  +++ linux-6.2.0/debian.master/changelog
  @@ -1,3 +1,13 @@
  +linux (6.2.0-31.31) lunar; urgency=medium
  +
  +  * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146)
  +
  +  * libgnutls report "trap invalid opcode" when trying to install packages 
over
  +    https (LP: #2031093)
  +    - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
  +
  + -- Thadeu Lima de Souza Cascardo <casca...@canonical.com>  Mon, 14 Aug 2023 
08:29:52 -0300
  +
   linux (6.2.0-28.29) lunar; urgency=medium
  
     * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547)
  diff -u linux-6.2.0/debian.master/config/annotations 
linux-6.2.0/debian.master/config/annotations
  --- linux-6.2.0/debian.master/config/annotations
  +++ linux-6.2.0/debian.master/config/annotations
  @@ -4992,7 +4992,7 @@
   CONFIG_GCC_VERSION                              policy<{'amd64': '120200', 
'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200', 
's390x': '120200'}>
   CONFIG_GCOV_KERNEL                              policy<{'amd64': 'n', 
'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
   CONFIG_GDB_SCRIPTS                              policy<{'amd64': 'y', 
'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
  -CONFIG_GDS_FORCE_MITIGATION                     policy<{'amd64': 'y'}>
  +CONFIG_GDS_FORCE_MITIGATION                     policy<{'amd64': 'n'}>
   CONFIG_GEMINI_ETHERNET                          policy<{'arm64': 'm', 
'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
   CONFIG_GENERIC_ADC_BATTERY                      policy<{'amd64': 'm', 
'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
   CONFIG_GENERIC_ADC_THERMAL                      policy<{'amd64': 'm', 
'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
  ```
  
+ ==========
  
- In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when 
Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the 
6.8.0-31.31_6.10.0-15.15 diff:
+ 
+ In upstream 6.9 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but 
when Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the 
6.8.0-31.31_6.10.0-15.15 diff:
+ 
+ ==========
  
   ```
   CONFIG_GDB_SCRIPTS                              policy<{'amd64': 'y', 
'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
  -CONFIG_GDS_FORCE_MITIGATION                     policy<{'amd64': 'n'}>
   CONFIG_GEMINI_ETHERNET                          policy<{'arm64': 'm', 
'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
  ...
   CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY          policy<{'arm64': 'y'}>
  +CONFIG_MITIGATION_CALL_DEPTH_TRACKING           policy<{'amd64': 'y'}>
  +CONFIG_MITIGATION_GDS_FORCE                     policy<{'amd64': 'y'}>
  +CONFIG_MITIGATION_IBPB_ENTRY                    policy<{'amd64': 'y'}>
  +CONFIG_MITIGATION_IBRS_ENTRY                    policy<{'amd64': 'y'}>
  ```
  
+ ==========
+ 
  I am sure this was an oversight, and that the old option was simply
  dropped because it didn't exist any longer, without thinking of it being
  renamed (among a lot of other renames).


-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077145

Title:
  GDS force mitigation re-enabled in 6.10 causing crashes

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2077145/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2077145] Re: GDS force mitigation re-enabled in 6.10 causing crashes

Reply via email to