mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-22 02:20:40 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/base
History
Daniel Sneddon 8974eb5882 x86/speculation: Add Gather Data Sampling mitigation 
Gather Data Sampling (GDS) is a hardware vulnerability which allows
unprivileged speculative access to data which was previously stored in
vector registers.

Intel processors that support AVX2 and AVX512 have gather instructions
that fetch non-contiguous data elements from memory. On vulnerable
hardware, when a gather instruction is transiently executed and
encounters a fault, stale data from architectural or internal vector
registers may get transiently stored to the destination vector
register allowing an attacker to infer the stale data using typical
side channel techniques like cache timing attacks.

This mitigation is different from many earlier ones for two reasons.
First, it is enabled by default and a bit must be set to *DISABLE* it.
This is the opposite of normal mitigation polarity. This means GDS can
be mitigated simply by updating microcode and leaving the new control
bit alone.

Second, GDS has a "lock" bit. This lock bit is there because the
mitigation affects the hardware security features KeyLocker and SGX.
It needs to be enabled and *STAY* enabled for these features to be
mitigated against GDS.

The mitigation is enabled in the microcode by default. Disable it by
setting gather_data_sampling=off or by disabling all mitigations with
mitigations=off. The mitigation status can be checked by reading:

    /sys/devices/system/cpu/vulnerabilities/gather_data_sampling

Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
2023-07-19 16:45:37 -07:00
..
firmware_loader firmware_loader: Fix a NULL vs IS_ERR() check 2023-05-31 20:31:00 +01:00
power Merge branches 'pm-sleep' and 'pm-domains' 2023-06-26 17:44:50 +02:00
regmap regmap-irq: Fix out-of-bounds access when allocating config buffers 2023-07-12 12:05:10 +01:00
test Merge 6.2-rc5 into driver-core-next 2023-01-22 12:56:55 +01:00
arch_numa.c mm: percpu: add generic pcpu_populate_pte() function 2022-01-20 08:52:52 +02:00
arch_topology.c arch_topology: Remove early cacheinfo error message if -ENOENT 2023-04-14 10:13:38 +01:00
attribute_container.c
auxiliary.c driver core: make struct bus_type.uevent() take a const * 2023-01-27 13:45:52 +01:00
base.h driver core: class: make class_register() take a const * 2023-04-03 21:42:46 +02:00
bus.c driver core: bus: constify bus_get() 2023-03-23 13:21:24 +01:00
cacheinfo.c drivers: base: cacheinfo: Update cpu_map_populated during CPU Hotplug 2023-05-31 20:36:47 +01:00
class.c driver core: class: properly reference count class_dev_iter() 2023-05-19 11:03:36 +01:00
component.c drivers: base: component: fix memory leak with using debugfs_lookup() 2023-02-08 13:33:10 +01:00
container.c
core.c driver core: update comments in device_rename() 2023-04-20 14:19:25 +02:00
cpu.c x86/speculation: Add Gather Data Sampling mitigation 2023-07-19 16:45:37 -07:00
dd.c driver core: return bool from driver_probe_done 2023-06-05 10:55:20 -06:00
devcoredump.c driver core: class: mark the struct class for sysfs callbacks as constant 2023-03-29 07:54:58 +02:00
devres.c drivers/base: use ARCH_DMA_MINALIGN instead of ARCH_KMALLOC_MINALIGN 2023-06-19 16:19:20 -07:00
devtmpfs.c driver core: clean up the logic to determine which /sys/dev/ directory to use 2023-03-31 17:45:07 +02:00
driver.c driver core: create bus_is_registered() 2023-02-09 10:43:35 +01:00
firmware.c
hypervisor.c
init.c init: Initialize noop_backing_dev_info early 2022-06-16 10:55:57 +02:00
isa.c isa: Remove unnecessary checks 2023-05-31 19:03:39 +01:00
Kconfig driver core: Add CONFIG_FW_DEVLINK_SYNC_STATE_TIMEOUT 2023-03-28 18:45:59 +02:00
Makefile genirq: Get rid of GENERIC_MSI_IRQ_DOMAIN 2022-11-17 15:15:20 +01:00
map.c
memory.c drivers/base/memory: Fix comments for phys_index_show() 2023-01-20 14:15:00 +01:00
module.c
node.c driver core changes for 6.5-rc1 2023-07-03 12:56:23 -07:00
physical_location.c driver core: location: Free struct acpi_pld_info *pld before return false 2023-01-20 14:20:30 +01:00
physical_location.h driver core: physical_location.h remove extern from function prototypes 2023-03-24 15:35:48 +01:00
pinctrl.c
platform-msi.c genirq/msi, platform-msi: Ensure that MSI descriptors are unreferenced 2023-03-02 18:09:44 +01:00
platform.c driver core: platform: simplify __platform_driver_probe() 2023-02-01 14:08:10 +01:00
property.c drivers: fwnode: fix fwnode_irq_get[_byname]() 2023-06-15 13:37:35 +02:00
soc.c base: soc: populate machine name in soc_device_register if empty 2023-03-29 12:21:23 +02:00
swnode.c driver core: make kobj_type structures constant 2023-02-08 13:34:30 +01:00
syscore.c
topology.c drivers/base: fix userspace break from using bin_attributes for cpumap and cpulist 2022-07-15 17:36:33 +02:00
trace.c
trace.h
transport_class.c drivers: base: transport_class: fix resource leak when transport_add_device() fails 2023-01-20 14:22:53 +01:00