Go to file
Daniel Sneddon 8974eb5882 x86/speculation: Add Gather Data Sampling mitigation
Gather Data Sampling (GDS) is a hardware vulnerability which allows
unprivileged speculative access to data which was previously stored in
vector registers.

Intel processors that support AVX2 and AVX512 have gather instructions
that fetch non-contiguous data elements from memory. On vulnerable
hardware, when a gather instruction is transiently executed and
encounters a fault, stale data from architectural or internal vector
registers may get transiently stored to the destination vector
register allowing an attacker to infer the stale data using typical
side channel techniques like cache timing attacks.

This mitigation is different from many earlier ones for two reasons.
First, it is enabled by default and a bit must be set to *DISABLE* it.
This is the opposite of normal mitigation polarity. This means GDS can
be mitigated simply by updating microcode and leaving the new control
bit alone.

Second, GDS has a "lock" bit. This lock bit is there because the
mitigation affects the hardware security features KeyLocker and SGX.
It needs to be enabled and *STAY* enabled for these features to be
mitigated against GDS.

The mitigation is enabled in the microcode by default. Disable it by
setting gather_data_sampling=off or by disabling all mitigations with
mitigations=off. The mitigation status can be checked by reading:

    /sys/devices/system/cpu/vulnerabilities/gather_data_sampling

Signed-off-by: Daniel Sneddon <daniel.sneddon@linux.intel.com>
Signed-off-by: Dave Hansen <dave.hansen@linux.intel.com>
Acked-by: Josh Poimboeuf <jpoimboe@kernel.org>
2023-07-19 16:45:37 -07:00
Documentation x86/speculation: Add Gather Data Sampling mitigation 2023-07-19 16:45:37 -07:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
arch x86/speculation: Add Gather Data Sampling mitigation 2023-07-19 16:45:37 -07:00
block SCSI fixes on 20230714 2023-07-14 19:57:29 -07:00
certs KEYS: Add missing function documentation 2023-04-24 16:15:52 +03:00
crypto crypto: algif_hash - Fix race between MORE and non-MORE sends 2023-07-08 22:48:42 +10:00
drivers x86/speculation: Add Gather Data Sampling mitigation 2023-07-19 16:45:37 -07:00
fs Five smb3 client fixes 2023-07-16 12:49:05 -07:00
include - Remove a cgroup from under a polling process properly 2023-07-16 13:22:08 -07:00
init Kbuild updates for v6.5 2023-07-01 09:24:31 -07:00
io_uring io_uring-6.5-2023-07-14 2023-07-14 19:46:54 -07:00
ipc Merge branch 'work.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2023-02-24 19:20:07 -08:00
kernel - Remove a cgroup from under a polling process properly 2023-07-16 13:22:08 -07:00
lib iov_iter: Mark copy_iovec_from_user() noclone 2023-07-10 09:52:28 +02:00
mm mm: lock newly mapped VMA with corrected ordering 2023-07-08 16:44:11 -07:00
net A fix to prevent a potential buffer overrun in the messenger, marked 2023-07-14 09:05:15 -07:00
rust rust: error: `impl Debug` for `Error` with `errname()` integration 2023-06-13 01:24:42 +02:00
samples arm64: ftrace: Add direct call trampoline samples support 2023-07-10 17:51:54 -04:00
scripts kallsyms: strip LTO-only suffixes from promoted global functions 2023-07-12 15:39:34 -07:00
security + Bug Fixes 2023-07-07 09:55:31 -07:00
sound sound fixes for 6.5-rc1 2023-07-07 15:40:17 -07:00
tools - Mark copy_iovec_from_user() __noclone in order to prevent gcc from 2023-07-16 13:34:29 -07:00
usr initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP 2023-06-06 17:54:49 +09:00
virt ARM64: 2023-07-03 15:32:22 -07:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore Revert ".gitignore: ignore *.cover and *.mbx" 2023-07-04 15:05:12 -07:00
.mailmap spi: Fixes for v6.5 2023-07-15 08:51:02 -07:00
.rustfmt.toml rust: add `.rustfmt.toml` 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS - Address -Wmissing-prototype warnings 2023-06-26 16:43:54 -07:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS hardening fixes for v6.5-rc2 2023-07-16 12:18:18 -07:00
Makefile Linux 6.5-rc2 2023-07-16 15:10:37 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.