[Bug 2077145] Re: GDS force mitigation re-enabled in 6.10 (and 6.11) causing crashes

This bug is awaiting verification that the linux-
hwe-6.11/6.11.0-9.9~24.04.1 kernel in -proposed solves the problem.
Please test the kernel and update this bug with the results. If the
problem is solved, change the tag 'verification-needed-noble-linux-
hwe-6.11' to 'verification-done-noble-linux-hwe-6.11'. If the problem
still exists, change the tag 'verification-needed-noble-linux-hwe-6.11'
to 'verification-failed-noble-linux-hwe-6.11'.


If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.


See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: kernel-spammed-noble-linux-hwe-6.11-v2 verification-needed-noble-linux-hwe-6.11

--
You received this bug notification because you are subscribed to linux
in Ubuntu.
Matching subscriptions: Bgg, Bmail, Nb
https://bugs.launchpad.net/bugs/2077145

Title:
GDS force mitigation re-enabled in 6.10 (and 6.11) causing crashes

Status in linux package in Ubuntu:
Fix Released

Bug description:
The (supposedly unintended) re-enabling of GDS force migration in the
Ubuntu 6.10 kernels causes the AVX instruction to be disabled on older
CPUs which have no available microcode update. This causes various
programs to crash due to the unconditional use of AVX in libgnutls.so,
libxul.so, etc.

Typically "traps" of "invalid opcode" will be seen in dmesg output
along with the initial notice:

[ 0.121833] GDS: Microcode update needed! Disabling AVX as mitigation.
[ 0.121835] GDS: Mitigation: AVX disabled, no microcode

When GDS force mitigation appeared in the kernel, with default "y", it
created a lot of issues like these and Ubuntu quickly patched all
their kernels, this from the 6.2.0-28.29_6.2.0-31.31 diff:

==========

```
diff -u linux-6.2.0/debian.master/changelog linux-6.2.0/debian.master/changelog
--- linux-6.2.0/debian.master/changelog
+++ linux-6.2.0/debian.master/changelog
@@ -1,3 +1,13 @@
+linux (6.2.0-31.31) lunar; urgency=medium
+
+ * lunar/linux: 6.2.0-31.31 -proposed tracker (LP: #2031146)
+
+ * libgnutls report "trap invalid opcode" when trying to install packages over
+ https (LP: #2031093)
+ - [Config]: disable CONFIG_GDS_FORCE_MITIGATION
+
+ -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Mon, 14 Aug 2023 08:29:52 -0300
+
 linux (6.2.0-28.29) lunar; urgency=medium

   * lunar/linux: 6.2.0-28.29 -proposed tracker (LP: #2030547)
diff -u linux-6.2.0/debian.master/config/annotations linux-6.2.0/debian.master/config/annotations
--- linux-6.2.0/debian.master/config/annotations
+++ linux-6.2.0/debian.master/config/annotations
@@ -4992,7 +4992,7 @@
 CONFIG_GCC_VERSION policy<{'amd64': '120200', 'arm64': '120200', 'armhf': '120200', 'ppc64el': '120200', 'riscv64': '120200', 's390x': '120200'}>
 CONFIG_GCOV_KERNEL policy<{'amd64': 'n', 'arm64': 'n', 'armhf': 'n', 'ppc64el': 'n', 'riscv64': 'n', 's390x': 'n'}>
 CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
-CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'y'}>
+CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}>
 CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
 CONFIG_GENERIC_ADC_BATTERY policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
 CONFIG_GENERIC_ADC_THERMAL policy<{'amd64': 'm', 'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
```

==========

In upstream 6.9 the option was renamed from
CONFIG_GDS_FORCE_MITIGATION to CONFIG_MITIGATION_GDS_FORCE, but when
Ubuntu jumped from 6.8 to 6.10, this customization was lost, seen in
the 6.8.0-31.31_6.10.0-15.15 diff:

==========

 ```
 CONFIG_GDB_SCRIPTS policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'ppc64el': 'y', 'riscv64': 'y', 's390x': 'y'}>
-CONFIG_GDS_FORCE_MITIGATION policy<{'amd64': 'n'}>
 CONFIG_GEMINI_ETHERNET policy<{'arm64': 'm', 'armhf': 'm', 'ppc64el': 'm', 'riscv64': 'm'}>
...
 CONFIG_MITIGATE_SPECTRE_BRANCH_HISTORY policy<{'arm64': 'y'}>
+CONFIG_MITIGATION_CALL_DEPTH_TRACKING policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_GDS_FORCE policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_IBPB_ENTRY policy<{'amd64': 'y'}>
+CONFIG_MITIGATION_IBRS_ENTRY policy<{'amd64': 'y'}>
```

==========

I am sure this was an oversight, and that the old option was simply
dropped because it didn't exist any longer, without thinking of it
being renamed (among a lot of other renames).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2077145/+subscriptions