Ubuntu
linux package

Bug #2077145
Activity log

Activity log for bug #2077145

Date	Who	What changed	Old value	New value	Message
2024-08-16 07:27:15	Tormod Volden	bug			added bug
2024-08-16 07:28:34	Tormod Volden	description	The (supposedly unintended) re-enabling of GDS force migration in the 6.10 kernels causes the AVX instruction to be disabled on older CPUs which have no available microcode update. This causes various programs to crash due to the unconditional use of AVX in libgnutls.so, libxul.so, etc. When GDS force mitigation appeared in the kernel, with default "y", it created a lot of issues like these and Ubuntu quickly patched all their kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff: ``` diff -u linux-6.2.0/debian.master/changelog linux-6.2.0/debian.master/changelog --- linux-6.2.0/debian.master/changelog +++ linux-6.2.0/debian.master/changelog @@ -1,3 +1,13 @@ +linux (6.2.0-31.31) lunar; urgency=medium + + * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146) + + * libgnutls report "trap invalid opcode" when trying to install packages over + https (LP: #2031093) + - [Config]: disable CONFIG_GDS_FORCE_MITIGATION + + -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Mon, 14 Aug 2023 08:29:52 -0300 + linux (6.2.0-28.29) lunar; urgency=medium * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547) diff -u linux-6.2.0/debian.master/config/annotations linux-6.2.0/debian.master/config/annotations --- linux-6.2.0/debian.master/config/annotations +++ linux-6.2.0/debian.master/config/annotations @@ -4992,7 +4992,7 @@ CONFIG_GCC_VERSION policy<{'amd64': '120200', 'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200', 's390x': '120200'}> CONFIG_GCOV_KERNEL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}> +CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ``` In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the 6.8.0-31.31_6.10.0-15.15 diff: ``` CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ... CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}> +CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}> +CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}> ``` I am sure this was an oversight, and that the old option was simply dropped because it didn't exist any longer, without thinking of it being renamed (among a lot of other renames).	The (supposedly unintended) re-enabling of GDS force migration in the 6.10 kernels causes the AVX instruction to be disabled on older CPUs which have no available microcode update. This causes various programs to crash due to the unconditional use of AVX in libgnutls.so, libxul.so, etc. When GDS force mitigation appeared in the kernel, with default "y", it created a lot of issues like these and Ubuntu quickly patched all their kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff: ``` diff -u linux-6.2.0/debian.master/changelog linux-6.2.0/debian.master/changelog --- linux-6.2.0/debian.master/changelog +++ linux-6.2.0/debian.master/changelog @@ -1,3 +1,13 @@ +linux (6.2.0-31.31) lunar; urgency=medium + + * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146) + + * libgnutls report "trap invalid opcode" when trying to install packages over + https (LP: #2031093) + - [Config]: disable CONFIG_GDS_FORCE_MITIGATION + + -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Mon, 14 Aug 2023 08:29:52 -0300 + linux (6.2.0-28.29) lunar; urgency=medium * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547) diff -u linux-6.2.0/debian.master/config/annotations linux-6.2.0/debian.master/config/annotations --- linux-6.2.0/debian.master/config/annotations +++ linux-6.2.0/debian.master/config/annotations @@ -4992,7 +4992,7 @@ CONFIG_GCC_VERSION policy<{'amd64': '120200', 'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200', 's390x': '120200'}> CONFIG_GCOV_KERNEL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}> +CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ``` In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the 6.8.0-31.31_6.10.0-15.15 diff: ``` CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ... CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}> +CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}> +CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}> ``` I am sure this was an oversight, and that the old option was simply dropped because it didn't exist any longer, without thinking of it being renamed (among a lot of other renames).
2024-08-16 07:43:05	Tormod Volden	description	The (supposedly unintended) re-enabling of GDS force migration in the 6.10 kernels causes the AVX instruction to be disabled on older CPUs which have no available microcode update. This causes various programs to crash due to the unconditional use of AVX in libgnutls.so, libxul.so, etc. When GDS force mitigation appeared in the kernel, with default "y", it created a lot of issues like these and Ubuntu quickly patched all their kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff: ``` diff -u linux-6.2.0/debian.master/changelog linux-6.2.0/debian.master/changelog --- linux-6.2.0/debian.master/changelog +++ linux-6.2.0/debian.master/changelog @@ -1,3 +1,13 @@ +linux (6.2.0-31.31) lunar; urgency=medium + + * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146) + + * libgnutls report "trap invalid opcode" when trying to install packages over + https (LP: #2031093) + - [Config]: disable CONFIG_GDS_FORCE_MITIGATION + + -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Mon, 14 Aug 2023 08:29:52 -0300 + linux (6.2.0-28.29) lunar; urgency=medium * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547) diff -u linux-6.2.0/debian.master/config/annotations linux-6.2.0/debian.master/config/annotations --- linux-6.2.0/debian.master/config/annotations +++ linux-6.2.0/debian.master/config/annotations @@ -4992,7 +4992,7 @@ CONFIG_GCC_VERSION policy<{'amd64': '120200', 'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200', 's390x': '120200'}> CONFIG_GCOV_KERNEL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}> +CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ``` In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the 6.8.0-31.31_6.10.0-15.15 diff: ``` CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ... CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}> +CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}> +CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}> ``` I am sure this was an oversight, and that the old option was simply dropped because it didn't exist any longer, without thinking of it being renamed (among a lot of other renames).	The (supposedly unintended) re-enabling of GDS force migration in the 6.10 kernels causes the AVX instruction to be disabled on older CPUs which have no available microcode update. This causes various programs to crash due to the unconditional use of AVX in libgnutls.so, libxul.so, etc. Typically "traps" of "invalid opcode" will be seen in dmesg output along with the initial notice: [ 0.121833] GDS: Microcode update needed! Disabling AVX as mitigation. [ 0.121835] GDS: Mitigation: AVX disabled, no microcode When GDS force mitigation appeared in the kernel, with default "y", it created a lot of issues like these and Ubuntu quickly patched all their kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff: ``` diff -u linux-6.2.0/debian.master/changelog linux-6.2.0/debian.master/changelog --- linux-6.2.0/debian.master/changelog +++ linux-6.2.0/debian.master/changelog @@ -1,3 +1,13 @@ +linux (6.2.0-31.31) lunar; urgency=medium + + * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146) + + * libgnutls report "trap invalid opcode" when trying to install packages over + https (LP: #2031093) + - [Config]: disable CONFIG_GDS_FORCE_MITIGATION + + -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Mon, 14 Aug 2023 08:29:52 -0300 + linux (6.2.0-28.29) lunar; urgency=medium * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547) diff -u linux-6.2.0/debian.master/config/annotations linux-6.2.0/debian.master/config/annotations --- linux-6.2.0/debian.master/config/annotations +++ linux-6.2.0/debian.master/config/annotations @@ -4992,7 +4992,7 @@ CONFIG_GCC_VERSION policy<{'amd64': '120200', 'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200', 's390x': '120200'}> CONFIG_GCOV_KERNEL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}> +CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ``` In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the 6.8.0-31.31_6.10.0-15.15 diff: ``` CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ... CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}> +CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}> +CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}> ``` I am sure this was an oversight, and that the old option was simply dropped because it didn't exist any longer, without thinking of it being renamed (among a lot of other renames).
2024-08-16 07:53:39	Tormod Volden	description	The (supposedly unintended) re-enabling of GDS force migration in the 6.10 kernels causes the AVX instruction to be disabled on older CPUs which have no available microcode update. This causes various programs to crash due to the unconditional use of AVX in libgnutls.so, libxul.so, etc. Typically "traps" of "invalid opcode" will be seen in dmesg output along with the initial notice: [ 0.121833] GDS: Microcode update needed! Disabling AVX as mitigation. [ 0.121835] GDS: Mitigation: AVX disabled, no microcode When GDS force mitigation appeared in the kernel, with default "y", it created a lot of issues like these and Ubuntu quickly patched all their kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff: ``` diff -u linux-6.2.0/debian.master/changelog linux-6.2.0/debian.master/changelog --- linux-6.2.0/debian.master/changelog +++ linux-6.2.0/debian.master/changelog @@ -1,3 +1,13 @@ +linux (6.2.0-31.31) lunar; urgency=medium + + * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146) + + * libgnutls report "trap invalid opcode" when trying to install packages over + https (LP: #2031093) + - [Config]: disable CONFIG_GDS_FORCE_MITIGATION + + -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Mon, 14 Aug 2023 08:29:52 -0300 + linux (6.2.0-28.29) lunar; urgency=medium * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547) diff -u linux-6.2.0/debian.master/config/annotations linux-6.2.0/debian.master/config/annotations --- linux-6.2.0/debian.master/config/annotations +++ linux-6.2.0/debian.master/config/annotations @@ -4992,7 +4992,7 @@ CONFIG_GCC_VERSION policy<{'amd64': '120200', 'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200', 's390x': '120200'}> CONFIG_GCOV_KERNEL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}> +CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ``` In 6.10 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the 6.8.0-31.31_6.10.0-15.15 diff: ``` CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ... CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}> +CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}> +CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}> ``` I am sure this was an oversight, and that the old option was simply dropped because it didn't exist any longer, without thinking of it being renamed (among a lot of other renames).	The (supposedly unintended) re-enabling of GDS force migration in the Ubuntu 6.10 kernels causes the AVX instruction to be disabled on older CPUs which have no available microcode update. This causes various programs to crash due to the unconditional use of AVX in libgnutls.so, libxul.so, etc. Typically "traps" of "invalid opcode" will be seen in dmesg output along with the initial notice: [ 0.121833] GDS: Microcode update needed! Disabling AVX as mitigation. [ 0.121835] GDS: Mitigation: AVX disabled, no microcode When GDS force mitigation appeared in the kernel, with default "y", it created a lot of issues like these and Ubuntu quickly patched all their kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff: ========== ``` diff -u linux-6.2.0/debian.master/changelog linux-6.2.0/debian.master/changelog --- linux-6.2.0/debian.master/changelog +++ linux-6.2.0/debian.master/changelog @@ -1,3 +1,13 @@ +linux (6.2.0-31.31) lunar; urgency=medium + + * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146) + + * libgnutls report "trap invalid opcode" when trying to install packages over + https (LP: #2031093) + - [Config]: disable CONFIG_GDS_FORCE_MITIGATION + + -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Mon, 14 Aug 2023 08:29:52 -0300 + linux (6.2.0-28.29) lunar; urgency=medium * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547) diff -u linux-6.2.0/debian.master/config/annotations linux-6.2.0/debian.master/config/annotations --- linux-6.2.0/debian.master/config/annotations +++ linux-6.2.0/debian.master/config/annotations @@ -4992,7 +4992,7 @@ CONFIG_GCC_VERSION policy<{'amd64': '120200', 'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200', 's390x': '120200'}> CONFIG_GCOV_KERNEL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}> +CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ``` ========== In upstream 6.9 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the 6.8.0-31.31_6.10.0-15.15 diff: ========== ``` CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ... CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}> +CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}> +CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}> ``` ========== I am sure this was an oversight, and that the old option was simply dropped because it didn't exist any longer, without thinking of it being renamed (among a lot of other renames).
2024-08-16 08:09:09	Tormod Volden	description	The (supposedly unintended) re-enabling of GDS force migration in the Ubuntu 6.10 kernels causes the AVX instruction to be disabled on older CPUs which have no available microcode update. This causes various programs to crash due to the unconditional use of AVX in libgnutls.so, libxul.so, etc. Typically "traps" of "invalid opcode" will be seen in dmesg output along with the initial notice: [ 0.121833] GDS: Microcode update needed! Disabling AVX as mitigation. [ 0.121835] GDS: Mitigation: AVX disabled, no microcode When GDS force mitigation appeared in the kernel, with default "y", it created a lot of issues like these and Ubuntu quickly patched all their kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff: ========== ``` diff -u linux-6.2.0/debian.master/changelog linux-6.2.0/debian.master/changelog --- linux-6.2.0/debian.master/changelog +++ linux-6.2.0/debian.master/changelog @@ -1,3 +1,13 @@ +linux (6.2.0-31.31) lunar; urgency=medium + + * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146) + + * libgnutls report "trap invalid opcode" when trying to install packages over + https (LP: #2031093) + - [Config]: disable CONFIG_GDS_FORCE_MITIGATION + + -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Mon, 14 Aug 2023 08:29:52 -0300 + linux (6.2.0-28.29) lunar; urgency=medium * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547) diff -u linux-6.2.0/debian.master/config/annotations linux-6.2.0/debian.master/config/annotations --- linux-6.2.0/debian.master/config/annotations +++ linux-6.2.0/debian.master/config/annotations @@ -4992,7 +4992,7 @@ CONFIG_GCC_VERSION policy<{'amd64': '120200', 'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200', 's390x': '120200'}> CONFIG_GCOV_KERNEL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}> +CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ``` ========== In upstream 6.9 the option was renamed from CONFIG_GDS_FORCE_MITIGATION but when Ubuntu jumped from 6.8 to 6.10, this customization was lost, from the 6.8.0-31.31_6.10.0-15.15 diff: ========== ``` CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ... CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}> +CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}> +CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}> ``` ========== I am sure this was an oversight, and that the old option was simply dropped because it didn't exist any longer, without thinking of it being renamed (among a lot of other renames).	The (supposedly unintended) re-enabling of GDS force migration in the Ubuntu 6.10 kernels causes the AVX instruction to be disabled on older CPUs which have no available microcode update. This causes various programs to crash due to the unconditional use of AVX in libgnutls.so, libxul.so, etc. Typically "traps" of "invalid opcode" will be seen in dmesg output along with the initial notice: [ 0.121833] GDS: Microcode update needed! Disabling AVX as mitigation. [ 0.121835] GDS: Mitigation: AVX disabled, no microcode When GDS force mitigation appeared in the kernel, with default "y", it created a lot of issues like these and Ubuntu quickly patched all their kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff: ========== ``` diff -u linux-6.2.0/debian.master/changelog linux-6.2.0/debian.master/changelog --- linux-6.2.0/debian.master/changelog +++ linux-6.2.0/debian.master/changelog @@ -1,3 +1,13 @@ +linux (6.2.0-31.31) lunar; urgency=medium + + * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146) + + * libgnutls report "trap invalid opcode" when trying to install packages over + https (LP: #2031093) + - [Config]: disable CONFIG_GDS_FORCE_MITIGATION + + -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Mon, 14 Aug 2023 08:29:52 -0300 + linux (6.2.0-28.29) lunar; urgency=medium * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547) diff -u linux-6.2.0/debian.master/config/annotations linux-6.2.0/debian.master/config/annotations --- linux-6.2.0/debian.master/config/annotations +++ linux-6.2.0/debian.master/config/annotations @@ -4992,7 +4992,7 @@ CONFIG_GCC_VERSION policy<{'amd64': '120200', 'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200', 's390x': '120200'}> CONFIG_GCOV_KERNEL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}> CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}> +CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ``` ========== In upstream 6.9 the option was renamed from CONFIG_GDS_FORCE_MITIGATION to CONFIG_MITIGATION_GDS_FORCE, but when Ubuntu jumped from 6.8 to 6.10, this customization was lost, seen in the 6.8.0-31.31_6.10.0-15.15 diff: ========== ``` CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}> -CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}> CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}> ... CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}> +CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}> +CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}> +CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}> ``` ========== I am sure this was an oversight, and that the old option was simply dropped because it didn't exist any longer, without thinking of it being renamed (among a lot of other renames).
2024-08-19 10:20:30	Matthew Ruffell	bug			added subscriber Matthew Ruffell
2024-08-19 13:27:02	Philip Cox	linux (Ubuntu): assignee		Philip Cox (philcox)
2024-08-19 13:29:08	Philip Cox	linux (Ubuntu): status	New	Fix Committed
2024-08-19 13:29:19	Philip Cox	linux (Ubuntu): importance	Undecided	Medium
2024-08-19 13:29:33	Philip Cox	linux (Ubuntu): status	Fix Committed	Invalid
2024-08-19 19:41:16	Tormod Volden	linux (Ubuntu): status	Invalid	New
2024-08-25 21:35:08	Tormod Volden	summary	GDS force mitigation re-enabled in 6.10 causing crashes	GDS force mitigation re-enabled in 6.10 (and 6.11) causing crashes
2024-08-26 16:00:37	Timo Aaltonen	linux (Ubuntu): status	New	In Progress

Ubuntulinux package

Activity log for bug #2077145

Ubuntu
linux package