From patchwork Fri Aug 11 14:38:15 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
X-Patchwork-Id: 1820305
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=canonical.com header.i=@canonical.com
 header.a=rsa-sha256 header.s=20210705 header.b=Ub/rqEyl;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4RMmd80rk7z1yf6
	for <incoming@patchwork.ozlabs.org>; Sat, 12 Aug 2023 00:38:52 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1qUTHr-0005pL-P6; Fri, 11 Aug 2023 14:38:47 +0000
Received: from smtp-relay-canonical-1.internal ([10.131.114.174]
 helo=smtp-relay-canonical-1.canonical.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <cascardo@canonical.com>) id 1qUTHq-0005na-1s
 for kernel-team@lists.ubuntu.com; Fri, 11 Aug 2023 14:38:46 +0000
Received: from quatroqueijos.lan (201-68-73-134.dsl.telesp.net.br
 [201.68.73.134])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 03E5F42838
 for <kernel-team@lists.ubuntu.com>; Fri, 11 Aug 2023 14:38:44 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
 s=20210705; t=1691764725;
 bh=rCIQzCH8b0Ashen0YHQs7FNkY8Vx7iizxJ6TpMChsIs=;
 h=From:To:Subject:Date:Message-Id:In-Reply-To:References:
 MIME-Version;
 b=Ub/rqEyl3ug90VusWrRKOTH1t4O5EX1O2SbodExM57NW5Nd5AyWvBGwtNq4SP0ijX
 o8DiTdlARGx9JuQBphuK1XgguKXhH1eRD+woMTll+9FQib6ELMlmKXxKSWqfDI58/Y
 s77+V48ujquQYHiZKabatktW037/f56xA+9Ng6v9KyMfW57RN8ouhv850uYrbr3Ipl
 GyC8O4k/4OLuMtL4xANP6tAYTHqxOAgYzguv9F5mtsoL89tIysNL9og5ex451TfcAx
 GknuITdSuwT5bfdwOqBa+szroM8EL9kh0HlmKaWu4mNMKjfFxSocbyNMbmd8A3sG5p
 Zwl9jJLBdQPNw==
From: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU Focal] UBUNTU: [Config]: disable CONFIG_GDS_FORCE_MITIGATION
Date: Fri, 11 Aug 2023 11:38:15 -0300
Message-Id: <20230811143815.12289-4-cascardo@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20230811143815.12289-1-cascardo@canonical.com>
References: <20230811143815.12289-1-cascardo@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: https://bugs.launchpad.net/bugs/2031093

That option will disable AVX on systems where microcode mitigation has not
been provided. Though it can be flipeed by a boot option, it has been shown
to break some versions of gnutls, which are used by apt or git when dealing
with https.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
---
 debian.master/config/annotations          | 2 +-
 debian.master/config/config.common.ubuntu | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian.master/config/annotations b/debian.master/config/annotations
index 4f2cf40117b8..b8677287df45 100644
--- a/debian.master/config/annotations
+++ b/debian.master/config/annotations
@@ -12551,7 +12551,7 @@ CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING        policy<{'amd64': '0xa'}>
 CONFIG_BOOTPARAM_HOTPLUG_CPU0                   policy<{'amd64': 'n', 'i386': 'n'}>
 CONFIG_DEBUG_HOTPLUG_CPU0                       policy<{'amd64': 'n', 'i386': 'n'}>
 CONFIG_MODIFY_LDT_SYSCALL                       policy<{'amd64': 'y', 'i386': 'y'}>
-CONFIG_GDS_FORCE_MITIGATION                     policy<{'amd64': 'y'}>
+CONFIG_GDS_FORCE_MITIGATION                     policy<{'amd64': 'n'}>
 #
 CONFIG_ZONE_DMA                                 note<LP:1628523>
 CONFIG_X86_LEGACY_VM86                          note<LP:1499089>
diff --git a/debian.master/config/config.common.ubuntu b/debian.master/config/config.common.ubuntu
index ef3aa4f8dbb8..489c1a0bb5b0 100644
--- a/debian.master/config/config.common.ubuntu
+++ b/debian.master/config/config.common.ubuntu
@@ -3475,7 +3475,7 @@ CONFIG_GART_IOMMU=y
 CONFIG_GCC_VERSION=90400
 # CONFIG_GCOV_KERNEL is not set
 CONFIG_GDB_SCRIPTS=y
-CONFIG_GDS_FORCE_MITIGATION=y
+CONFIG_GDS_FORCE_MITIGATION=n
 CONFIG_GEMINI_ETHERNET=m
 CONFIG_GENERIC_ADC_BATTERY=m
 CONFIG_GENERIC_ADC_THERMAL=m