[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Tags added: cscc -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Invalid Status in linux source package in Precise: Fix Released Status in linux source package in Trusty: Fix Released Status in linux source package in Xenial: Fix Released Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Changed in: linux (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Invalid Status in linux source package in Precise: Fix Released Status in linux source package in Trusty: Fix Released Status in linux source package in Xenial: Fix Released Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Changed in: linux (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: Fix Released Status in linux source package in Trusty: Fix Released Status in linux source package in Xenial: Fix Released Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Changed in: linux (Ubuntu Precise) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: Fix Committed Status in linux source package in Trusty: Fix Released Status in linux source package in Xenial: Fix Released Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Changed in: linux (Ubuntu Precise) Status: New => In Progress ** Changed in: linux (Ubuntu Precise) Assignee: (unassigned) => Juerg Haefliger (juergh) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: In Progress Status in linux source package in Trusty: Fix Released Status in linux source package in Xenial: Fix Released Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
This bug was fixed in the package linux - 3.13.0-157.207
---
linux (3.13.0-157.207) trusty; urgency=medium
* linux: 3.13.0-157.207 -proposed tracker (LP: #1787982)
* CVE-2017-5715 (Spectre v2 retpoline)
- SAUCE: Fix "x86/retpoline/entry: Convert entry assembler indirect jumps"
* CVE-2017-2583
- KVM: x86: fix emulation of "MOV SS, null selector"
* CVE-2017-7518
- KVM: x86: fix singlestepping over syscall
* CVE-2017-18270
- KEYS: prevent creating a different user's keyrings
* Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
- Documentation: Document array_index_nospec
- array_index_nospec: Sanitize speculative array de-references
- x86: Implement array_index_mask_nospec
- x86: Introduce barrier_nospec
- x86/get_user: Use pointer masking to limit speculation
- x86/syscall: Sanitize syscall table de-references under speculation
- vfs, fdtable: Prevent bounds-check bypass via speculative execution
- nl80211: Sanitize array index in parse_txq_params
- x86/spectre: Report get_user mitigation for spectre_v1
- x86/kvm: Update spectre-v1 mitigation
- nospec: Allow index argument to have const-qualified type
- nospec: Move array_index_nospec() parameter checking into separate macro
- nospec: Kill array_index_nospec_mask_check()
- SAUCE: Replace osb() calls with array_index_nospec()
- SAUCE: Rename osb() to barrier_nospec()
- SAUCE: x86: Use barrier_nospec in arch/x86/um/asm/barrier.h
* Prevent speculation on user controlled pointer (LP: #1775137)
- x86: reorganize SMAP handling in user space accesses
- x86: fix SMAP in 32-bit environments
- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
- x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
- x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
* CVE-2016-10208
- ext4: validate s_first_meta_bg at mount time
- ext4: fix fencepost in s_first_meta_bg validation
* CVE-2018-10323
- xfs: set format back to extents if xfs_bmap_extents_to_btree
* CVE-2017-16911
- usbip: prevent vhci_hcd driver from leaking a socket pointer address
* CVE-2018-13406
- video: uvesafb: Fix integer overflow in allocation
* CVE-2018-10877
- ext4: verify the depth of extent tree in ext4_find_extent()
* CVE-2018-10881
- ext4: clear i_data in ext4_inode_info when removing inline data
* CVE-2018-1092
- ext4: fail ext4_iget for root directory if unallocated
* CVE-2018-1093
- ext4: fix block bitmap validation when bigalloc, ^flex_bg
- ext4: add validity checks for bitmap block numbers
* CVE-2018-12233
- jfs: Fix inconsistency between memory allocation and ea_buf->max_size
* CVE-2017-16912
- usbip: fix stub_rx: get_pipe() to validate endpoint number
* CVE-2018-10675
- mm/mempolicy: fix use after free when calling get_mempolicy
* CVE-2017-8831
- saa7164: fix sparse warnings
- saa7164: fix double fetch PCIe access condition
* CVE-2017-16533
- HID: usbhid: fix out-of-bounds bug
* CVE-2017-16538
- media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
- media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
* CVE-2017-16644
- hdpvr: Remove deprecated create_singlethread_workqueue
- media: hdpvr: Fix an error handling path in hdpvr_probe()
* CVE-2017-16645
- Input: ims-psu - check if CDC union descriptor is sane
* CVE-2017-5549
- USB: serial: kl5kusb105: fix line-state error handling
* CVE-2017-16532
- usb: usbtest: fix NULL pointer dereference
* CVE-2017-16537
- media: imon: Fix null-ptr-deref in imon_probe
* CVE-2017-11472
- ACPICA: Add additional debug info/statements
- ACPICA: Namespace: fix operand cache leak
* CVE-2017-16643
- Input: gtco - fix potential out-of-bound access
* CVE-2017-16531
- USB: fix out-of-bounds in usb_set_configuration
* CVE-2018-10124
- kernel/signal.c: avoid undefined behaviour in kill_something_info
* CVE-2017-6348
- irda: Fix lockdep annotations in hashbin_delete().
* CVE-2017-17558
- USB: core: prevent malicious bNumInterfaces overflow
* CVE-2017-5897
- ip6_gre: fix ip6gre_err() invalid reads
* CVE-2017-6345
- SAUCE: import sock_efree()
- net/llc: avoid BUG_ON() in skb_orphan()
* CVE-2017-7645
- nfsd: check for oversized NFSv2/v3 arguments
* CVE-2017-9984
- ALSA: msnd: Optimize / harden DSP and MIDI loops
* CVE-2018-1000204
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
* CVE-2018-10021
- scsi: libsas: defer ata device eh commands to libata
* CVE-2017-16914
- usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
* CVE-2017-16913
- usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
* CVE-2017-16535
- USB: core: fix out-of-bounds access bug in
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
This bug was fixed in the package linux - 3.13.0-157.207
---
linux (3.13.0-157.207) trusty; urgency=medium
* linux: 3.13.0-157.207 -proposed tracker (LP: #1787982)
* CVE-2017-5715 (Spectre v2 retpoline)
- SAUCE: Fix "x86/retpoline/entry: Convert entry assembler indirect jumps"
* CVE-2017-2583
- KVM: x86: fix emulation of "MOV SS, null selector"
* CVE-2017-7518
- KVM: x86: fix singlestepping over syscall
* CVE-2017-18270
- KEYS: prevent creating a different user's keyrings
* Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
- Documentation: Document array_index_nospec
- array_index_nospec: Sanitize speculative array de-references
- x86: Implement array_index_mask_nospec
- x86: Introduce barrier_nospec
- x86/get_user: Use pointer masking to limit speculation
- x86/syscall: Sanitize syscall table de-references under speculation
- vfs, fdtable: Prevent bounds-check bypass via speculative execution
- nl80211: Sanitize array index in parse_txq_params
- x86/spectre: Report get_user mitigation for spectre_v1
- x86/kvm: Update spectre-v1 mitigation
- nospec: Allow index argument to have const-qualified type
- nospec: Move array_index_nospec() parameter checking into separate macro
- nospec: Kill array_index_nospec_mask_check()
- SAUCE: Replace osb() calls with array_index_nospec()
- SAUCE: Rename osb() to barrier_nospec()
- SAUCE: x86: Use barrier_nospec in arch/x86/um/asm/barrier.h
* Prevent speculation on user controlled pointer (LP: #1775137)
- x86: reorganize SMAP handling in user space accesses
- x86: fix SMAP in 32-bit environments
- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
- x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
- x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
* CVE-2016-10208
- ext4: validate s_first_meta_bg at mount time
- ext4: fix fencepost in s_first_meta_bg validation
* CVE-2018-10323
- xfs: set format back to extents if xfs_bmap_extents_to_btree
* CVE-2017-16911
- usbip: prevent vhci_hcd driver from leaking a socket pointer address
* CVE-2018-13406
- video: uvesafb: Fix integer overflow in allocation
* CVE-2018-10877
- ext4: verify the depth of extent tree in ext4_find_extent()
* CVE-2018-10881
- ext4: clear i_data in ext4_inode_info when removing inline data
* CVE-2018-1092
- ext4: fail ext4_iget for root directory if unallocated
* CVE-2018-1093
- ext4: fix block bitmap validation when bigalloc, ^flex_bg
- ext4: add validity checks for bitmap block numbers
* CVE-2018-12233
- jfs: Fix inconsistency between memory allocation and ea_buf->max_size
* CVE-2017-16912
- usbip: fix stub_rx: get_pipe() to validate endpoint number
* CVE-2018-10675
- mm/mempolicy: fix use after free when calling get_mempolicy
* CVE-2017-8831
- saa7164: fix sparse warnings
- saa7164: fix double fetch PCIe access condition
* CVE-2017-16533
- HID: usbhid: fix out-of-bounds bug
* CVE-2017-16538
- media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
- media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
* CVE-2017-16644
- hdpvr: Remove deprecated create_singlethread_workqueue
- media: hdpvr: Fix an error handling path in hdpvr_probe()
* CVE-2017-16645
- Input: ims-psu - check if CDC union descriptor is sane
* CVE-2017-5549
- USB: serial: kl5kusb105: fix line-state error handling
* CVE-2017-16532
- usb: usbtest: fix NULL pointer dereference
* CVE-2017-16537
- media: imon: Fix null-ptr-deref in imon_probe
* CVE-2017-11472
- ACPICA: Add additional debug info/statements
- ACPICA: Namespace: fix operand cache leak
* CVE-2017-16643
- Input: gtco - fix potential out-of-bound access
* CVE-2017-16531
- USB: fix out-of-bounds in usb_set_configuration
* CVE-2018-10124
- kernel/signal.c: avoid undefined behaviour in kill_something_info
* CVE-2017-6348
- irda: Fix lockdep annotations in hashbin_delete().
* CVE-2017-17558
- USB: core: prevent malicious bNumInterfaces overflow
* CVE-2017-5897
- ip6_gre: fix ip6gre_err() invalid reads
* CVE-2017-6345
- SAUCE: import sock_efree()
- net/llc: avoid BUG_ON() in skb_orphan()
* CVE-2017-7645
- nfsd: check for oversized NFSv2/v3 arguments
* CVE-2017-9984
- ALSA: msnd: Optimize / harden DSP and MIDI loops
* CVE-2018-1000204
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
* CVE-2018-10021
- scsi: libsas: defer ata device eh commands to libata
* CVE-2017-16914
- usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
* CVE-2017-16913
- usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
* CVE-2017-16535
- USB: core: fix out-of-bounds access bug in
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Tags removed: verification-needed-trusty ** Tags added: verification-done-trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: New Status in linux source package in Trusty: Fix Committed Status in linux source package in Xenial: Fix Released Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed- trusty'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-trusty -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: New Status in linux source package in Trusty: Fix Committed Status in linux source package in Xenial: Fix Released Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Changed in: linux (Ubuntu Trusty) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: New Status in linux source package in Trusty: Fix Committed Status in linux source package in Xenial: Fix Released Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
This bug was fixed in the package linux - 4.4.0-130.156 --- linux (4.4.0-130.156) xenial; urgency=medium * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822) * CVE-2018-3665 (x86) - x86/fpu: Fix early FPU command-line parsing - x86/fpu: Fix 'no387' regression - x86/fpu: Disable MPX when eagerfpu is off - x86/fpu: Default eagerfpu=on on all CPUs - x86/fpu: Fix FNSAVE usage in eagerfpu mode - x86/fpu: Fix math emulation in eager fpu mode - x86/fpu: Fix eager-FPU handling on legacy FPU machines linux (4.4.0-129.155) xenial; urgency=medium * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352) * Xenial update to 4.4.134 stable release (LP: #1775771) - MIPS: ptrace: Expose FIR register through FP regset - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" - affs_lookup(): close a race with affs_remove_link() - aio: fix io_destroy(2) vs. lookup_ioctx() race - ALSA: timer: Fix pause event notification - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register - libata: Blacklist some Sandisk SSDs for NCQ - libata: blacklist Micron 500IT SSD with MU01 firmware - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent - Revert "ipc/shm: Fix shmat mmap nil-page protection" - ipc/shm: fix shmat() nil address after round-down when remapping - kasan: fix memory hotplug during boot - kernel/sys.c: fix potential Spectre v1 issue - kernel/signal.c: avoid undefined behaviour in kill_something_info - xfs: remove racy hasattr check from attr ops - do d_instantiate/unlock_new_inode combinations safely - firewire-ohci: work around oversized DMA reads on JMicron controllers - NFSv4: always set NFS_LOCK_LOST when a lock is lost. - ALSA: hda - Use IS_REACHABLE() for dependency on input - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account - PCI: Add function 1 DMA alias quirk for Marvell 9128 - tools lib traceevent: Simplify pointer print logic and fix %pF - perf callchain: Fix attr.sample_max_stack setting - tools lib traceevent: Fix get_field_str() for dynamic strings - dm thin: fix documentation relative to low water mark threshold - nfs: Do not convert nfs_idmap_cache_timeout to jiffies - watchdog: sp5100_tco: Fix watchdog disable bit - kconfig: Don't leak main menus during parsing - kconfig: Fix automatic menu creation mem leak - kconfig: Fix expr_free() E_NOT leak - ipmi/powernv: Fix error return code in ipmi_powernv_probe() - Btrfs: set plug for fsync - btrfs: Fix out of bounds access in btrfs_search_slot - Btrfs: fix scrub to repair raid6 corruption - scsi: fas216: fix sense buffer initialization - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes - powerpc/numa: Ensure nodes initialized for hotplug - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure - ntb_transport: Fix bug with max_mw_size parameter - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute - ocfs2: return error when we attempt to access a dirty bh in jbd2 - mm/mempolicy: fix the check of nodemask from user - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages - asm-generic: provide generic_pmdp_establish() - mm: pin address_space before dereferencing it while isolating an LRU page - IB/ipoib: Fix for potential no-carrier state - x86/power: Fix swsusp_arch_resume prototype - firmware: dmi_scan: Fix handling of empty DMI strings - ACPI: processor_perflib: Do not send _PPC change notification if not ready - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS - xen-netfront: Fix race between device setup and open - xen/grant-table: Use put_page instead of free_page - RDS: IB: Fix null pointer issue - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics - proc: fix /proc/*/map_files lookup - cifs: silence compiler warnings showing up with gcc-8.0.0 - bcache: properly set task state in bch_writeback_thread() - bcache: fix for allocator and register thread race - bcache: fix for data collapse after re-attaching an attached device - bcache: return attach error when no cache set exist - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames - locking/qspinlock: Ensure node->count is updated before initialising node - irqchip/gic-v3: Change pr_debug message to pr_devel - scsi: ufs: Enable quirk to ignore
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
For Trusty 3.13, add the following patches: * UBUNTU: SAUCE: filter: Use barrier_nospec() instead of osb() * UBUNTU: SAUCE: Rename osb() to barrier_nospec() * UBUNTU: SAUCE: Replace osb() calls with array_index_nospec() * nospec: Kill array_index_nospec_mask_check() * nospec: Move array_index_nospec() parameter checking into separate macro * nospec: Allow index argument to have const-qualified type * x86/kvm: Update spectre-v1 mitigation * x86/spectre: Report get_user mitigation for spectre_v1 * nl80211: Sanitize array index in parse_txq_params * vfs, fdtable: Prevent bounds-check bypass via speculative execution * x86/syscall: Sanitize syscall table de-references under speculation * x86/get_user: Use pointer masking to limit speculation * x86: Introduce barrier_nospec * x86: Implement array_index_mask_nospec * array_index_nospec: Sanitize speculative array de-references * Documentation: Document array_index_nospec -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: New Status in linux source package in Trusty: New Status in linux source package in Xenial: Fix Committed Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Tags removed: verification-needed-xenial ** Tags added: verification-done-xenial -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: New Status in linux source package in Trusty: New Status in linux source package in Xenial: Fix Committed Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed- xenial'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: New Status in linux source package in Trusty: New Status in linux source package in Xenial: Fix Committed Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Changed in: linux (Ubuntu Xenial) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: New Status in linux source package in Trusty: New Status in linux source package in Xenial: Fix Committed Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Also affects: linux (Ubuntu Precise) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Trusty) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Xenial) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Status in linux source package in Precise: New Status in linux source package in Trusty: New Status in linux source package in Xenial: New Bug description: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Description changed: Xenial is currently lacking full support of upstream's Spectre v1 - mitigation. As a first step to get there, add the array_index_nospec - macro and all the (simple) patches that make use of it. + mitigation. Add the missing patches and merge them with Ubuntu's current + implementation of the v1 mitigation. + + == SRU Justification == + Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, we skipped all those patches. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. + + == Fix == + Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Replace Ubuntu's additional barriers with the masking macro, where appropriate. + + == Regression Potential == + Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. + + == Test Case == + TBD. ** Description changed: - Xenial is currently lacking full support of upstream's Spectre v1 - mitigation. Add the missing patches and merge them with Ubuntu's current - implementation of the v1 mitigation. + Xenial/Trusty/Prexise are currently lacking full support of upstream's + Spectre v1 mitigation. Add the missing patches and merge them with + Ubuntu's current implementation of the v1 mitigation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, we skipped all those patches. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. - == Fix == + == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Replace Ubuntu's additional barriers with the masking macro, where appropriate. - == Regression Potential == + == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. ** Description changed: - Xenial/Trusty/Prexise are currently lacking full support of upstream's + Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation of the v1 mitigation. == SRU Justification == Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, we skipped all those patches. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable. == Fix == Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Replace Ubuntu's additional barriers with the masking macro, where appropriate. == Regression Potential == Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream. == Test Case == TBD. ** Description changed: Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with - Ubuntu's current implementation of the v1 mitigation. + Ubuntu's current implementation. == SRU Justification == - Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, we skipped all those patches. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with
[Kernel-packages] [Bug 1774181] Re: Update to upstream's implementation of Spectre v1 mitigation
** Summary changed: - Add array_index_nospec + Update to upstream's implementation of Spectre v1 mitigation -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1774181 Title: Update to upstream's implementation of Spectre v1 mitigation Status in linux package in Ubuntu: Incomplete Bug description: Xenial is currently lacking full support of upstream's Spectre v1 mitigation. As a first step to get there, add the array_index_nospec macro and all the (simple) patches that make use of it. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1774181/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
