Skip to content
Snippets Groups Projects
Select Git revision
  • feature/v6.1-ktn/add-st1633-touch-imx8mm
  • v6.12-ktn
  • v6.1-ktn default protected
  • v5.10-ktn protected
  • v5.4-ktn protected
  • feature/v6.12-ktn/mx8mp-osm-s-uart4-pinmux-fix
  • ci/upstream-sync
  • v6.10-ktn
  • feature/v6.1-ktn/ksz-switch-backports
  • feature/v6.9-ktn/mx93-dev-lvds
  • feature/v6.1-ktn/kontron-mx8m-osm-improvements
  • v4.14-ktn protected
  • feature/master/upstream-spinand-rx-delay
  • feature/next/upstream-imx8mm-dts-sync
  • feature/fix-w25n02kv-clk-to-rx-delay
  • develop-v5.10-stm32mp-ktn
  • feature/v6.1-ktn/mx8mp-hdmi-patch-sync
  • feature/v6.5/mx8mp-support
  • feature/v5.10-ktn/rtc-bsm-fix
  • v5.10-ktn-remoteproc-rpmsg-backport-5.19-rc5
  • v5.15.37
  • st-alpha
22 results
Search by author
  • Any Author
  • Alexander Arndt Alexander Arndt aarndt
  • Andreas Findeklee Andreas Findeklee afindeklee
  • Annette Kobou Annette Kobou akobou
  • Armin Mück Armin Mück amueck
  • **** **** project_143_bot_c8bbc40375b18788e4765d3c396612d5
  • Daniel Ehrler Daniel Ehrler dehrler
  • Devran Ölcer Devran Ölcer doelcer
  • Dieter Scheufele Dieter Scheufele dscheufele
  • Dietmar Kolbus Dietmar Kolbus dkolbus
  • Dominik Wurster Dominik Wurster Wurster
  • Eberhard Stoll Eberhard Stoll estoll
  • Florian Mayer Florian Mayer fmayer
  • Frieder Schrempf Frieder Schrempf fschrempf
  • Julian Bauknecht Julian Bauknecht jbauknecht
  • Jó Bitsch Jó Bitsch jbitsch
  • Jürgen Kling Jürgen Kling jgkling
  • Klemenz Christof Klemenz Christof kchristof
  • Lukas Loosli Lukas Loosli lloosli
  • Marc Gonser Marc Gonser mgonser
  • Markus Abegg Markus Abegg mabegg
20 authors
  1. Oct 30, 2023
    • Daniel Sneddon's avatar
      x86/speculation: Add Gather Data Sampling mitigation · d1409184
      Daniel Sneddon authored and Frieder Schrempf's avatar Frieder Schrempf committed 
      
commit 8974eb58 upstream

Gather Data Sampling (GDS) is a hardware vulnerability which allows
unprivileged speculative access to data which was previously stored in
vector registers.

Intel processors that support AVX2 and AVX512 have gather instructions
that fetch non-contiguous data elements from memory. On vulnerable
hardware, when a gather instruction is transiently executed and
encounters a fault, stale data from architectural or internal vector
registers may get transiently stored to the destination vector
register allowing an attacker to infer the stale data using typical
side channel techniques like cache timing attacks.

This mitigation is different from many earlier ones for two reasons.
First, it is enabled by default and a bit must be set to *DISABLE* it.
This is the opposite of normal mitigation polarity. This means GDS can
be mitigated simply by updating microcode and leaving the new control
bit alone.

Second, GDS has a "lock" bit. This lock bit is there because the
mitigation affects the hardware security features KeyLocker and SGX.
It needs to be enabled and *STAY* enabled for these features to be
mitigated against GDS.

The mitigation is enabled in the microcode by default. Disable it by
setting gather_data_sampling=off or by disabling all mitigations with
mitigations=off. The mitigation status can be checked by reading:

    /sys/devices/system/cpu/vulnerabilities/gather_data_sampling

Signed-off-by: default avatarDaniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: default avatarDave Hansen <dave.hansen@linux.intel.com>
Acked-by: default avatarJosh Poimboeuf <jpoimboe@kernel.org>
Signed-off-by: default avatarDaniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
      d1409184
  3. Mar 16, 2023
  5. Jun 10, 2020
  7. Nov 04, 2019
  9. Oct 28, 2019
  11. Jun 26, 2019
  13. Mar 06, 2019