Skip to content
Snippets Groups Projects
  1. Oct 30, 2023
    • Daniel Sneddon's avatar
      x86/speculation: Add Gather Data Sampling mitigation · d1409184
      Daniel Sneddon authored and Frieder Schrempf's avatar Frieder Schrempf committed
      
      commit 8974eb58 upstream
      
      Gather Data Sampling (GDS) is a hardware vulnerability which allows
      unprivileged speculative access to data which was previously stored in
      vector registers.
      
      Intel processors that support AVX2 and AVX512 have gather instructions
      that fetch non-contiguous data elements from memory. On vulnerable
      hardware, when a gather instruction is transiently executed and
      encounters a fault, stale data from architectural or internal vector
      registers may get transiently stored to the destination vector
      register allowing an attacker to infer the stale data using typical
      side channel techniques like cache timing attacks.
      
      This mitigation is different from many earlier ones for two reasons.
      First, it is enabled by default and a bit must be set to *DISABLE* it.
      This is the opposite of normal mitigation polarity. This means GDS can
      be mitigated simply by updating microcode and leaving the new control
      bit alone.
      
      Second, GDS has a "lock" bit. This lock bit is there because the
      mitigation affects the hardware security features KeyLocker and SGX.
      It needs to be enabled and *STAY* enabled for these features to be
      mitigated against GDS.
      
      The mitigation is enabled in the microcode by default. Disable it by
      setting gather_data_sampling=off or by disabling all mitigations with
      mitigations=off. The mitigation status can be checked by reading:
      
          /sys/devices/system/cpu/vulnerabilities/gather_data_sampling
      
      Signed-off-by: default avatarDaniel Sneddon <daniel.sneddon@linux.intel.com>
      Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
      Acked-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
      Signed-off-by: default avatarDaniel Sneddon <daniel.sneddon@linux.intel.com>
      Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d1409184
  2. Mar 16, 2023
  3. Jun 10, 2020
  4. Nov 04, 2019
  5. Oct 28, 2019
  6. Jun 26, 2019
  7. Mar 06, 2019
Loading