[Kernel-packages] [Bug 1843291] Re: Add -fcf-protection=none when using retpoline flags
This bug was fixed in the package linux - 4.15.0-66.75 --- linux (4.15.0-66.75) bionic; urgency=medium * bionic/linux: 4.15.0-66.75 -proposed tracker (LP: #1846131) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * CVE-2018-21008 - rsi: add fix for crash during assertions * ipv6: fix neighbour resolution with raw socket (LP: #1834465) - ipv6: constify rt6_nexthop() - ipv6: fix neighbour resolution with raw socket * run_netsocktests from net in ubuntu_kernel_selftests failed with X-4.15 (LP: #1842023) - SAUCE: selftests: net: replace AF_MAX with INT_MAX in socket.c * No sound inputs from the external microphone and headset on a Dell machine (LP: #1842265) - ALSA: hda - Expand pin_match function to match upcoming new tbls - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family * Add -fcf-protection=none when using retpoline flags (LP: #1843291) - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags * Enhanced Hardware Support - Finalize Naming (LP: #1842774) - s390: add support for IBM z15 machines * Bionic update: upstream stable patchset 2019-09-24 (LP: #1845266) - bridge/mdb: remove wrong use of NLM_F_MULTI - cdc_ether: fix rndis support for Mediatek based smartphones - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' - isdn/capi: check message length in capi_write() - net: Fix null de-reference of device refcount - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list - net: phylink: Fix flow control resolution - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR - tipc: add NULL pointer check before calling kfree_rcu - tun: fix use-after-free when register netdev failed - btrfs: compression: add helper for type to string conversion - btrfs: correctly validate compression type - Revert "MIPS: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur" - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist - gpio: fix line flag validation in linehandle_create - gpio: fix line flag validation in lineevent_create - Btrfs: fix assertion failure during fsync and use of stale transaction - genirq: Prevent NULL pointer dereference in resend_irqs() - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl - KVM: x86: work around leak of uninitialized stack contents - KVM: nVMX: handle page fault in vmread - MIPS: VDSO: Prevent use of smp_processor_id() - MIPS: VDSO: Use same -m%-float cflag as the kernel proper - powerpc: Add barrier_nospec to raw_copy_in_user() - drm/meson: Add support for XBGR & ABGR formats - clk: rockchip: Don't yell about bad mmc phases when getting - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue - PCI: Always allow probing with driver_override - ubifs: Correctly use tnc_next() in search_dh_cookie() - driver core: Fix use-after-free and double free on glue directory - crypto: talitos - check AES key size - crypto: talitos - fix CTR alg blocksize - crypto: talitos - check data blocksize in ablkcipher. - crypto: talitos - fix ECB algs ivsize - crypto: talitos - Do not modify req->cryptlen on decryption. - crypto: talitos - HMAC SNOOP NO AFEU mode requires SW icv checking. - firmware: ti_sci: Always request response from firmware - drm/mediatek: mtk_drm_drv.c: Add of_node_put() before goto - Revert "Bluetooth: btusb: driver to enable the usb-wakeup feature" - platform/x86: pmc_atom: Add CB4063 Beckhoff Automation board to critclk_systems DMI table - nvmem: Use the same permissions for eeprom as for nvmem - x86/build: Add -Wnoaddress-of-packed-member to REALMODE_CFLAGS, to silence GCC9 build warning - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us - x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large to fix kexec relocation errors - modules: fix BUG when load module with rodata=n - modules: fix compile error if don't have strict module rwx - HID: wacom: generic: read HID_DG_CONTACTMAX from any feature report - Input: elan_i2c - remove Lenovo Legion Y7000 PnpID - powerpc/mm/radix: Use the right page size for vmemmap mapping - USB: usbcore: Fix slab-out-of-bounds bug during device reset - phy: renesas: rcar-gen3-usb2: Disable clearing VBUS in over-current - media: tm6000: double free if usb disconnect while streaming - xen-netfront: do not assume sk_buff_head list is empty in error handling - net_sched: let qdisc_put() accept NULL pointer - KVM:
[Kernel-packages] [Bug 1843291] Re: Add -fcf-protection=none when using retpoline flags
This bug was fixed in the package linux - 5.0.0-32.34 --- linux (5.0.0-32.34) disco; urgency=medium * disco/linux: 5.0.0-32.34 -proposed tracker (LP: #1846097) * CVE-2019-14814 // CVE-2019-14815 // CVE-2019-14816 - mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings * CVE-2019-15505 - media: technisat-usb2: break out of loop at end of buffer * CVE-2019-2181 - binder: check for overflow when alloc for security context * Support Hi1620 zip hw accelerator (LP: #1845355) - [Config] Enable HiSilicon QM/ZIP as modules - crypto: hisilicon - add queue management driver for HiSilicon QM module - crypto: hisilicon - add hardware SGL support - crypto: hisilicon - add HiSilicon ZIP accelerator support - crypto: hisilicon - add SRIOV support for ZIP - Documentation: Add debugfs doc for hisi_zip - crypto: hisilicon - add debugfs for ZIP and QM - MAINTAINERS: add maintainer for HiSilicon QM and ZIP controller driver - crypto: hisilicon - fix kbuild warnings - crypto: hisilicon - add dependency for CRYPTO_DEV_HISI_ZIP - crypto: hisilicon - init curr_sgl_dma to fix compile warning - crypto: hisilicon - add missing single_release - crypto: hisilicon - fix error handle in hisi_zip_create_req_q - crypto: hisilicon - Fix warning on printing %p with dma_addr_t - crypto: hisilicon - Fix return value check in hisi_zip_acompress() - crypto: hisilicon - avoid unused function warning * xfrm interface: several kernel panic (LP: #1836261) - xfrm interface: fix memory leak on creation - xfrm interface: avoid corruption on changelink - xfrm interface: ifname may be wrong in logs - xfrm interface: fix list corruption for x-netns - xfrm interface: fix management of phydev * shiftfs: drop entries from cache on unlink (LP: #1841977) - SAUCE: shiftfs: fix buggy unlink logic * shiftfs: mark kmem_cache as reclaimable (LP: #1842059) - SAUCE: shiftfs: mark slab objects SLAB_RECLAIM_ACCOUNT * Suspend to RAM(S3) does not wake up for latest megaraid and mpt3sas adapters(SAS3.5 onwards) (LP: #1838751) - PCI: Restore Resizable BAR size bits correctly for 1MB BARs * No sound inputs from the external microphone and headset on a Dell machine (LP: #1842265) - ALSA: hda - Expand pin_match function to match upcoming new tbls - ALSA: hda - Define a fallback_pin_fixup_tbl for alc269 family * Add -fcf-protection=none when using retpoline flags (LP: #1843291) - SAUCE: kbuild: add -fcf-protection=none when using retpoline flags * Disco update: upstream stable patchset 2019-09-25 (LP: #1845390) - bridge/mdb: remove wrong use of NLM_F_MULTI - cdc_ether: fix rndis support for Mediatek based smartphones - ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' - isdn/capi: check message length in capi_write() - ixgbe: Fix secpath usage for IPsec TX offload. - net: Fix null de-reference of device refcount - net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list - net: phylink: Fix flow control resolution - net: sched: fix reordering issues - sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero - sctp: Fix the link time qualifier of 'sctp_ctrlsock_exit()' - sctp: use transport pf_retrans in sctp_do_8_2_transport_strike - tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR - tipc: add NULL pointer check before calling kfree_rcu - tun: fix use-after-free when register netdev failed - gpiolib: acpi: Add gpiolib_acpi_run_edge_events_on_boot option and blacklist - gpio: fix line flag validation in linehandle_create - Btrfs: fix assertion failure during fsync and use of stale transaction - ixgbe: Prevent u8 wrapping of ITR value to something less than 10us - genirq: Prevent NULL pointer dereference in resend_irqs() - KVM: s390: kvm_s390_vm_start_migration: check dirty_bitmap before using it as target for memset() - KVM: s390: Do not leak kernel stack data in the KVM_S390_INTERRUPT ioctl - KVM: x86: work around leak of uninitialized stack contents - KVM: nVMX: handle page fault in vmread - x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large to fix kexec relocation errors - powerpc: Add barrier_nospec to raw_copy_in_user() - drm/meson: Add support for XBGR & ABGR formats - clk: rockchip: Don't yell about bad mmc phases when getting - mtd: rawnand: mtk: Fix wrongly assigned OOB buffer pointer issue - PCI: Always allow probing with driver_override - gpio: fix line flag validation in lineevent_create - ubifs: Correctly use tnc_next() in search_dh_cookie() - driver core: Fix use-after-free and double free on glue directory - crypto: talitos - check AES key size - crypto: talitos - fix CTR alg blocksize - crypto: talitos -
[Kernel-packages] [Bug 1843291] Re: Add -fcf-protection=none when using retpoline flags
Confirmed to be also fixed with Bionic kernel. Fails with 4.15.0-65, fixed with 4.15.0-66. ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1843291 Title: Add -fcf-protection=none when using retpoline flags Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: SRU Justification Impact: Starting in eoan -fcf-protection is enabled by default in gcc, see https://wiki.ubuntu.com/ToolChain/CompilerFlags. This option is incompatible with -mindirect-branch, which is used for building kernels with retpoline support. Building a kernel or dkms modules fails without the patch, and during upgrade to eoan we can get failures due to dkms modules failing to build for older kernels with the new compiler. Fix: Backport upstream patch to add -fcf-protection=none to kernel retpoline flags. Test Case: Upgrade from {bionic,diso} to eoan with dkms modules installed. Regression Potential: The patch probes the compiler for support for -fcf-protection and only adds it if the compiler supports it, and =none was the default prior to the change in eoan. It's also been upstream and in eoan for a while now, so it's unlikely to cause any regressions. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1843291/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1843291] Re: Add -fcf-protection=none when using retpoline flags
Running kernel 5.0.0-31-generic in a Eoan install I get the following error when I try to install lttng-modules-dkms: CC [M] /var/lib/dkms/lttng-modules/2.10.8/build/lib/ringbuffer/ring_buffer_backend.o In file included from ./include/linux/export.h:45, from ./include/linux/linkage.h:7, from ./include/linux/kernel.h:7, from ./include/linux/list.h:9, from ./include/linux/module.h:9, from /var/lib/dkms/lttng-modules/2.10.8/build/lib/ringbuffer/ring_buffer_backend.c:2 2: ./include/linux/compiler.h: In function ‘__read_once_size’: ./include/linux/compiler.h:192:1: error: ‘-mindirect-branch’ and ‘-fcf-protection’ are not compatible 192 | { | ^ With kernel 5.0.0-32-generic the modules are built and loaded successfully. Therefore I'm marking verification-done for Disco. ** Tags removed: verification-needed-disco ** Tags added: verification-done-disco -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1843291 Title: Add -fcf-protection=none when using retpoline flags Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: SRU Justification Impact: Starting in eoan -fcf-protection is enabled by default in gcc, see https://wiki.ubuntu.com/ToolChain/CompilerFlags. This option is incompatible with -mindirect-branch, which is used for building kernels with retpoline support. Building a kernel or dkms modules fails without the patch, and during upgrade to eoan we can get failures due to dkms modules failing to build for older kernels with the new compiler. Fix: Backport upstream patch to add -fcf-protection=none to kernel retpoline flags. Test Case: Upgrade from {bionic,diso} to eoan with dkms modules installed. Regression Potential: The patch probes the compiler for support for -fcf-protection and only adds it if the compiler supports it, and =none was the default prior to the change in eoan. It's also been upstream and in eoan for a while now, so it's unlikely to cause any regressions. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1843291/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1843291] Re: Add -fcf-protection=none when using retpoline flags
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-disco -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1843291 Title: Add -fcf-protection=none when using retpoline flags Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: SRU Justification Impact: Starting in eoan -fcf-protection is enabled by default in gcc, see https://wiki.ubuntu.com/ToolChain/CompilerFlags. This option is incompatible with -mindirect-branch, which is used for building kernels with retpoline support. Building a kernel or dkms modules fails without the patch, and during upgrade to eoan we can get failures due to dkms modules failing to build for older kernels with the new compiler. Fix: Backport upstream patch to add -fcf-protection=none to kernel retpoline flags. Test Case: Upgrade from {bionic,diso} to eoan with dkms modules installed. Regression Potential: The patch probes the compiler for support for -fcf-protection and only adds it if the compiler supports it, and =none was the default prior to the change in eoan. It's also been upstream and in eoan for a while now, so it's unlikely to cause any regressions. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1843291/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1843291] Re: Add -fcf-protection=none when using retpoline flags
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed- bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1843291 Title: Add -fcf-protection=none when using retpoline flags Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: SRU Justification Impact: Starting in eoan -fcf-protection is enabled by default in gcc, see https://wiki.ubuntu.com/ToolChain/CompilerFlags. This option is incompatible with -mindirect-branch, which is used for building kernels with retpoline support. Building a kernel or dkms modules fails without the patch, and during upgrade to eoan we can get failures due to dkms modules failing to build for older kernels with the new compiler. Fix: Backport upstream patch to add -fcf-protection=none to kernel retpoline flags. Test Case: Upgrade from {bionic,diso} to eoan with dkms modules installed. Regression Potential: The patch probes the compiler for support for -fcf-protection and only adds it if the compiler supports it, and =none was the default prior to the change in eoan. It's also been upstream and in eoan for a while now, so it's unlikely to cause any regressions. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1843291/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1843291] Re: Add -fcf-protection=none when using retpoline flags
** Also affects: linux (Ubuntu Disco) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Disco) Status: New => Fix Committed ** Changed in: linux (Ubuntu Bionic) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1843291 Title: Add -fcf-protection=none when using retpoline flags Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Disco: Fix Committed Bug description: SRU Justification Impact: Starting in eoan -fcf-protection is enabled by default in gcc, see https://wiki.ubuntu.com/ToolChain/CompilerFlags. This option is incompatible with -mindirect-branch, which is used for building kernels with retpoline support. Building a kernel or dkms modules fails without the patch, and during upgrade to eoan we can get failures due to dkms modules failing to build for older kernels with the new compiler. Fix: Backport upstream patch to add -fcf-protection=none to kernel retpoline flags. Test Case: Upgrade from {bionic,diso} to eoan with dkms modules installed. Regression Potential: The patch probes the compiler for support for -fcf-protection and only adds it if the compiler supports it, and =none was the default prior to the change in eoan. It's also been upstream and in eoan for a while now, so it's unlikely to cause any regressions. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1843291/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp