[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1043585: Update on this issue



Hi Salvadore,

Thanks for getting in contact regarding this issue,

Yes I did mean to reference the two bugzilla entries, since it seems to be the same patch that's causing issues with the emulated TPM, at least turning off the mitigation the same way they do fixes the problem for me also with the swtpm function.

I did try to apply "x86/retpoline: Don't clobber RFLAGS during srso_safe_ret()" patch as suggested, unfortunately it is incompatible with the 6.1.38 Debian kernel source:

--- I omitted some lines as there is a ton of text ---

Applying patch 0052-Linux-6.1.33-rt11-REBASE.patch
Now at patch 0052-Linux-6.1.33-rt11-REBASE.patch
make[2]: Leaving directory '/home/martin/opt/kernel/debian_test/linux-6.1.38' make[1]: Leaving directory '/home/martin/opt/kernel/debian_test/linux-6.1.38' Importing patch /home/martin/opt/kernel/debian_test/patch.patch (stored as debian/patches/test/patch.patch)
Applying patch debian/patches/test/patch.patch
patching file arch/x86/lib/retpoline.S
Hunk #1 FAILED at 164.
Hunk #2 FAILED at 239.
Hunk #3 FAILED at 252.
3 out of 3 hunks FAILED -- rejects in file arch/x86/lib/retpoline.S
Patch debian/patches/test/patch.patch does not apply (enforce with -f)

Kind Regards,

Martin.


On 17/08/2023 08:38, Salvatore Bonaccorso wrote:
Control: tags -1 + moreinfo upstream

Hi Martin,

On Wed, Aug 16, 2023 at 07:16:58PM +0100, Martin Johnson wrote:
Package: linux-image-amd64

Version: 6.1.0-11-amd64

Update of this recent issue - I might not have specified the package
correctly, sorry for that - its the first bug I tried to report on Debian -
hey Debian really is that good :-)

I found some sort of workaround too, but its far from ideal at present.

To avoid this issue you can set the kernel boot parameter:
spec_rstack_overflow=off

Then the problem no longer exists, obviously with an additional and quite
serious AMD Zen processor security issue.

So the cause is also related to the recent AMD Zen security patch.

The problem seems related to these posts on bugzilla.kernel.org, but is
manifesting in a different way for me:

https://bugzilla.kernel.org/show_bug.cgi?id=217796

and this:

https://bugzilla.kernel.org/show_bug.cgi?id=217796
Did you meant to reference here two different bugzilla enties?

Hope this information is of assistance for anyone who is lucky enough to
find this information :-)
Thanks for providing that. Would it be possible for you to test a
custom kernel built with the following commit applied on top and see
if this resolved the issue you are seeing?

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=ba5ca5e5e6a1d55923e88b4a83da452166f5560e

See
https://kernel-team.pages.debian.net/kernel-handbook/ch-common-tasks.html#id-1.6.6.4
for instructions.

Regards,
Salvatore


Reply to: