This bug was fixed before the affected kernel was released and, therefore, it never affected a publicly released kernel.
** Changed in: linux (Ubuntu) Status: Triaged => Fix Released ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1772128 Title: [REGRESSION] linux 4.4.0-126.152 disables speculation control when running under a hypervisor Status in linux package in Ubuntu: Fix Released Bug description: The Xenial kernel 4.4.0-126.152, which is to be released on 5/21, introduced a regression that disables speculation control when running under a hypervisor such as QEMU. The problem is caused by pulling in the following upstream commit: a5b296636453 ("x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes") The following upstream commit is needed to fix the bug: 36268223c1e9 ("x86/spectre_v2: Don't check microcode versions when running under hypervisors") However, the following fixes are also likely needed: e3b3121fa8da ("x86/speculation: Remove Skylake C2 from Speculation Control microcode blacklist") d37fc6d360a4 ("x86/speculation: Correct Speculation Control microcode blacklist again") 1751342095f0 ("x86/speculation: Update Speculation Control microcode blacklist") With the required accuracy in maintaining such a list and considering that we don't have the blacklist in the artful or trusty backports, I wonder if it is better to just remove the original offending commit so that we don't have a blacklist. To reproduce, you need to configure libvirt to use CPU passthrough and your CPU needs to be one that matches the family and stepping in the blacklist from commit a5b296636453. See the attached domain xml for an example libvirt xml file. The host can be any Ubuntu release running one of the kernels to be released on 5/21. The guest needs to be running 4.4.0-126.152. Boot the guest and run the following command: $ dmesg | grep -i specul [ 0.000000] Intel Spectre v2 broken microcode detected; disabling Speculation Control [ 0.024568] Spectre V2 : Speculation control IBPB not-supported IBRS not-supported [ 0.024570] Speculative Store Bypass: Vulnerable The first line is the problem. Broken microcode is detected because the guest kernel always sees 0x1 as the microcode revision (you can see this by running 'grep ^microcode /proc/cpuinfo' in the guest). Here's the desired output, which is seen when booting the guest with 4.4.0-124.148 (it is missing the Speculative Store Bypass message because it doesn't contain SSB mitigation): $ dmesg | grep -i specul [ 0.066675] Spectre V2 mitigation: Speculation control IBPB supported IBRS supported To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1772128/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp