Public bug reported:
The (supposedly unintended) re-enabling of GDS force migration in the
6.10 kernels causes the AVX instruction to be disabled on older CPUs
which have no available microcode update. This causes various programs
to crash due to the unconditional use of AVX in libgnutls.so, libxul.so,
etc.
When GDS force mitigation appeared in the kernel, with default "y", it
created a lot of issues like these and Ubuntu quickly patched all their
kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff:
```
diff -u linux-6.2.0/debian.master/changelog linux-6.2.0/debian.master/changelog
--- linux-6.2.0/debian.master/changelog
+++ linux-6.2.0/debian.master/changelog
@@ -1,3 +1,13 @@
+linux (6.2.0-31.31) lunar; urgency=medium
+
+ * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146)
+
+ * libgnutls report "trap invalid opcode" when trying to install packages over
+ https (LP: #2031093)
+ - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
+
+ -- Thadeu Lima de Souza Cascardo <casca...@canonical.com> Mon, 14 Aug 2023
08:29:52 -0300
+
linux (6.2.0-28.29) lunar; urgency=medium
* lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547)
diff -u linux-6.2.0/debian.master/config/annotations
linux-6.2.0/debian.master/config/annotations
--- linux-6.2.0/debian.master/config/annotations
+++ linux-6.2.0/debian.master/config/annotations
@@ -4992,7 +4992,7 @@
CONFIG_GCC_VERSION policy<{'amd64': '120200',
'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200',
's390x': '120200'}>
CONFIG_GCOV_KERNEL policy<{'amd64': 'n', 'arm64':
'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64':
'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
-CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}>
+CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}>
CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf':
'm', 'ppc64el': 'm', 'riscv64': 'm'}>
CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm', 'arm64':
'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm', 'arm64':
'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
```
In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when
Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the
6.8.0-31.31_6.10.0-15.15 diff:
```
CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64':
'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
-CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}>
CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf':
'm', 'ppc64el': 'm', 'riscv64': 'm'}>
...
CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}>
+CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}>
```
I am sure this was an oversight, and that the old option was simply dropped
because it didn't exist any longer, without thinking of it being renamed (among
a lot of other renames).
** Affects: linux (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
The (supposedly unintended) re-enabling of GDS force migration in the
6.10 kernels causes the AVX instruction to be disabled on older CPUs
which have no available microcode update. This causes various programs
to crash due to the unconditional use of AVX in libgnutls.so, libxul.so,
etc.
When GDS force mitigation appeared in the kernel, with default "y", it
created a lot of issues like these and Ubuntu quickly patched all their
kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff:
+
```
diff -u linux-6.2.0/debian.master/changelog
linux-6.2.0/debian.master/changelog
--- linux-6.2.0/debian.master/changelog
+++ linux-6.2.0/debian.master/changelog
@@ -1,3 +1,13 @@
+linux (6.2.0-31.31) lunar; urgency=medium
+
+ * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146)
+
+ * libgnutls report "trap invalid opcode" when trying to install packages
over
+ https (LP: #2031093)
+ - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
+
+ -- Thadeu Lima de Souza Cascardo <casca...@canonical.com> Mon, 14 Aug 2023
08:29:52 -0300
+
- linux (6.2.0-28.29) lunar; urgency=medium
-
- * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547)
+ linux (6.2.0-28.29) lunar; urgency=medium
+
+ * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547)
diff -u linux-6.2.0/debian.master/config/annotations
linux-6.2.0/debian.master/config/annotations
--- linux-6.2.0/debian.master/config/annotations
+++ linux-6.2.0/debian.master/config/annotations
@@ -4992,7 +4992,7 @@
- CONFIG_GCC_VERSION policy<{'amd64': '120200',
'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200',
's390x': '120200'}>
- CONFIG_GCOV_KERNEL policy<{'amd64': 'n',
'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
- CONFIG_GDB_SCRIPTS policy<{'amd64': 'y',
'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
+ CONFIG_GCC_VERSION policy<{'amd64': '120200',
'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200',
's390x': '120200'}>
+ CONFIG_GCOV_KERNEL policy<{'amd64': 'n',
'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
+ CONFIG_GDB_SCRIPTS policy<{'amd64': 'y',
'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
-CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}>
+CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}>
- CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm',
'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
- CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm',
'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
- CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm',
'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
+ CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm',
'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
+ CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm',
'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
+ CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm',
'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
```
- In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when
Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the
6.8.0-31.31_6.10.0-15.15 diff:
- ```
- CONFIG_GDB_SCRIPTS policy<{'amd64': 'y',
'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
+
+ In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when
+ Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the
+ 6.8.0-31.31_6.10.0-15.15 diff:
+
+
+ ```
+ CONFIG_GDB_SCRIPTS policy<{'amd64': 'y',
'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
-CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}>
- CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm',
'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
+ CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm',
'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
...
- CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}>
+ CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}>
+CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}>
```
- I am sure this was an oversight, and that the old option was simply
- dropped because it didn't exist any longer, without thinking of it being
- renamed (among a lot of other renames).
+
+ I am sure this was an oversight, and that the old option was simply dropped
because it didn't exist any longer, without thinking of it being renamed (among
a lot of other renames).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2077145
Title:
GDS force mitigation re-enabled in 6.10 causing crashes
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2077145/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
