- Red Hat Enterprise Linux
- Selected Intel CPUs
Gather Data Sampling (GDS) (also known as “Downfall”) is a transient execution side-channel vulnerability affecting certain Intel CPUs. It may allow an attacker to use a data sampling attack, similar to Microarchitectural Data Sampling (MDS), to retrieve stale data from previously used AVX2 or AVX-512 vector registers. In the worst case scenario, such an attack can be used to extract cryptographic keys.
The vulnerability can be mitigated by installing the updated CPU microcode - use the package
microcode_ctl provided by Red Hat, Release version
20230808 or more recent.
Once the microcode has been installed, the mitigation is enabled by default on affected CPUs, irrespective of the installed kernel version.
In addition to updating the microcode, it is also recommended to update the kernel, which adds vulnerability and mitigation status reporting. It also adds the ability to disable the mitigation.
Gather is a feature provided by Intel Advanced Vector Extensions 2 (Intel AVX2) and Intel Advanced Vector Extensions 512 (Intel AVX-512), which has a collection of single-instruction, multiple data (SIMD) instructions that read non-contiguous data from memory using vector-index memory addressing. It's important to note that Downfall does not impact AVX* instructions in general. It only impacts the
vgather* instructions, which are a tiny subset of the AVX* instructions.
When a gather instruction performs loads from memory, in some situations, stale data from previous usage of vector registers may get transiently forwarded to dependent instructions due to CPU hardware optimization. This issue allows a malicious attacker to infer stale data from previously used vector registers.
The scope of stale data exposure is limited to the same physical processor core. An attacker with local code execution permissions may observe stale data on a sampling basis (similar to Microarchitectural Data Sampling) but cannot directly control or specify the source of the stale data.
Data processed by instructions that use AVX instructions or that use internal vector registers implicitly (for example,
REP MOVS instructions) may be vulnerable to subsequent GDS attacks.
The performance impact of the microcode mitigation is limited to applications that use the gather instructions provided by Intel Advanced Vector Extensions (AVX2 and AVX-512) and the
CLWB instruction. Actual performance impact will depend on how heavily an application uses those instructions. Red Hat’s internal performance testing of a worst-case microbenchmark showed a significant slowdown. However, more realistic applications that utilize vector gathering showed only low single-digit percentage slowdowns.
If the user decides to disable the mitigation after doing a thorough risk analysis (for example the system isn’t multi-tenant and doesn’t execute untrusted code), the user can disable the mitigation. After applying the microcode and kernel updates, the user can disable the mitigation by adding
gather_data_sampling=off to the kernel command line.
Alternatively, to disable all CPU speculative execution mitigations, including GDS, use
Note that the
CLWB performance loss is permanent on Skylake architectures - even disabling the mitigation will not recoup the original performance.
After applying the microcode and kernel updates, the mitigation status can be checked by running one of the following commands:
# dmesg | grep "GDS: " [ 0.162571] GDS: Mitigation: Microcode # cat /sys/devices/system/cpu/vulnerabilities/gather_data_sampling Mitigation: Microcode
- Red Hat Enterprise Linux
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.