Re: [PATCH v3 01/10] x86/bugs: Add a separate config for GDS
From: Borislav Petkov
Date: Fri Jul 12 2024 - 13:22:11 EST
On Mon, Apr 22, 2024 at 09:58:15AM -0700, Breno Leitao wrote:
> +config MITIGATION_GDS
> + bool "Mitigate Gather Data Sampling"
> + depends on CPU_SUP_INTEL
> + default y
> + help
> + Enable mitigation for Gather Data Sampling (GDS). GDS is a hardware
> + vulnerability which allows unprivileged speculative access to data
> + which was previously stored in vector registers. The attacker uses gather
> + instructions to infer the stale vector register data.
> +
> config MITIGATION_GDS_FORCE
Btw, can we get rid of that thing, while at it?
Ubuntu and SLES don't set it, no clue how to check RHEL configs but if it is
not set there, we probably could unify both options...
I'm looking at
53cf5797f114 ("x86/speculation: Add Kconfig option for GDS")
...
Hmmm.
--
Regards/Gruss,
Boris.
https://people.kernel.org/tglx/notes-about-netiquette