[pve-devel] [PATCH pve-kernel] d/rules: disable CONFIG_GDS_FORCE_MITIGATION

Stoiko Ivanov s.ivanov at proxmox.com
Fri Aug 18 13:35:08 CEST 2023


when not having installed an intel-microcode version containing the
mitigation, this options disables AVX instructions, which breaks quite
a lot of software (e.g. firefox, electron apps)

Reported-by: Stefan Hanreich <s.hanreich at proxmox.com>
Tested-by: Stefan Hanreich <s.hanreich at proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
quickly build a kernel with this and Stefan tested his reproducer from
yesterday without an updated microcode.

 debian/rules | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 9a26a0bf4317..dac31d4e3749 100755
--- a/debian/rules
+++ b/debian/rules
@@ -98,7 +98,7 @@ PMX_CONFIG_OPTS= \
 --set-str CONFIG_LSM lockdown,yama,integrity,apparmor \
 -e CONFIG_PAGE_TABLE_ISOLATION \
 -e CONFIG_ARCH_HAS_CPU_FINALIZE_INIT \
--e CONFIG_GDS_FORCE_MITIGATION
+-d CONFIG_GDS_FORCE_MITIGATION
 
 debian/control: $(wildcard debian/*.in)
 	sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.prerm.in > debian/$(PMX_KERNEL_PKG).prerm
-- 
2.39.2






More information about the pve-devel mailing list