diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-40982.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-40982.patch | 77 |
1 files changed, 77 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-40982.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-40982.patch new file mode 100644 index 000000000..96f861bcf --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2022-40982.patch @@ -0,0 +1,77 @@ +From 8974eb588283b7d44a7c91fa09fcbaf380339f3a Mon Sep 17 00:00:00 2001 +From: Daniel Sneddon <daniel.sneddon@linux.intel.com> +Date: Wed, 12 Jul 2023 19:43:11 -0700 +Subject: [PATCH] x86/speculation: Add Gather Data Sampling mitigation + +Gather Data Sampling (GDS) is a hardware vulnerability which allows +unprivileged speculative access to data which was previously stored in +vector registers. + +Intel processors that support AVX2 and AVX512 have gather instructions +that fetch non-contiguous data elements from memory. On vulnerable +hardware, when a gather instruction is transiently executed and +encounters a fault, stale data from architectural or internal vector +registers may get transiently stored to the destination vector +register allowing an attacker to infer the stale data using typical +side channel techniques like cache timing attacks. + +This mitigation is different from many earlier ones for two reasons. +First, it is enabled by default and a bit must be set to *DISABLE* it. +This is the opposite of normal mitigation polarity. This means GDS can +be mitigated simply by updating microcode and leaving the new control +bit alone. + +Second, GDS has a "lock" bit. This lock bit is there because the +mitigation affects the hardware security features KeyLocker and SGX. +It needs to be enabled and *STAY* enabled for these features to be +mitigated against GDS. + +The mitigation is enabled in the microcode by default. Disable it by +setting gather_data_sampling=off or by disabling all mitigations with +mitigations=off. The mitigation status can be checked by reading: + + /sys/devices/system/cpu/vulnerabilities/gather_data_sampling + +Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com> +Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com> +Acked-by: Josh Poimboeuf <jpoimboe@kernel.org> +--- + drivers/base/cpu.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c +index 5fc258073bc7..3dd3fe80f8fc 100644 +--- a/drivers/base/cpu.c ++++ b/drivers/base/cpu.c +@@ -564,6 +564,12 @@ ssize_t __weak cpu_show_srbds(struct device *dev, + return sysfs_emit(buf, "Not affected\n"); + } + ++ssize_t __weak cpu_show_gds(struct device *dev, ++ struct device_attribute *attr, char *buf) ++{ ++ return sysfs_emit(buf, "Not affected\n"); ++} ++ + static DEVICE_ATTR(meltdown, 0444, cpu_show_meltdown, NULL); + static DEVICE_ATTR(spectre_v1, 0444, cpu_show_spectre_v1, NULL); + static DEVICE_ATTR(spectre_v2, 0444, cpu_show_spectre_v2, NULL); +@@ -573,6 +579,7 @@ static DEVICE_ATTR(mds, 0444, cpu_show_mds, NULL); + static DEVICE_ATTR(tsx_async_abort, 0444, cpu_show_tsx_async_abort, NULL); + static DEVICE_ATTR(itlb_multihit, 0444, cpu_show_itlb_multihit, NULL); + static DEVICE_ATTR(srbds, 0444, cpu_show_srbds, NULL); ++static DEVICE_ATTR(gather_data_sampling, 0444, cpu_show_gds, NULL); + + static struct attribute *cpu_root_vulnerabilities_attrs[] = { + &dev_attr_meltdown.attr, +@@ -584,6 +591,7 @@ static struct attribute *cpu_root_vulnerabilities_attrs[] = { + &dev_attr_tsx_async_abort.attr, + &dev_attr_itlb_multihit.attr, + &dev_attr_srbds.attr, ++ &dev_attr_gather_data_sampling.attr, + NULL + }; + +-- +2.25.1 + |