Public bug reported:
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The v4.15.2 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
git://git.kernel.org/
TEST CASE: TBD
The following patches from the v4.15.2 stable release shall be
applied:
KVM: x86: Make indirect calls in emulator speculation safe
KVM: VMX: Make indirect call speculation safe
module/retpoline: Warn about missing retpoline in module
x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
x86/cpufeatures: Add Intel feature bits for Speculation Control
x86/cpufeatures: Add AMD feature bits for Speculation Control
x86/msr: Add definitions for new speculation control MSRs
x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
x86/alternative: Print unadorned pointers
x86/nospec: Fix header guards names
x86/bugs: Drop one "mitigation" from dmesg
x86/cpu/bugs: Make retpoline module warning conditional
x86/cpufeatures: Clean up Spectre v2 related CPUID flags
x86/retpoline: Simplify vmexit_fill_RSB()
x86/speculation: Simplify indirect_branch_prediction_barrier()
auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
iio: adc/accel: Fix up module licenses
pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
KVM: nVMX: Eliminate vmcs02 pool
KVM: VMX: introduce alloc_loaded_vmcs
objtool: Improve retpoline alternative handling
objtool: Add support for alternatives at the end of a section
objtool: Warn on stripped section symbol
x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
x86/spectre: Check CONFIG_RETPOLINE in command line parser
x86/entry/64: Remove the SYSCALL64 fast path
x86/entry/64: Push extra regs right away
x86/asm: Move 'status' from thread_struct to thread_info
Documentation: Document array_index_nospec
array_index_nospec: Sanitize speculative array de-references
x86: Implement array_index_mask_nospec
x86: Introduce barrier_nospec
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/get_user: Use pointer masking to limit speculation
x86/syscall: Sanitize syscall table de-references under speculation
vfs, fdtable: Prevent bounds-check bypass via speculative execution
nl80211: Sanitize array index in parse_txq_params
x86/spectre: Report get_user mitigation for spectre_v1
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
x86/speculation: Use Indirect Branch Prediction Barrier in context switch
x86/paravirt: Remove 'noreplace-paravirt' cmdline option
KVM: VMX: make MSR bitmaps per-VCPU
x86/kvm: Update spectre-v1 mitigation
x86/retpoline: Avoid retpolines for built-in __init functions
x86/spectre: Simplify spectre_v2 command line parsing
x86/pti: Mark constant arrays as __initconst
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
KVM/x86: Update the reverse_cpuid list to include CPUID_7_EDX
KVM/x86: Add IBPB support
KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
serial: core: mark port as initialized after successful IRQ change
fpga: region: release of_parse_phandle nodes after use
Linux 4.15.2
** Affects: linux (Ubuntu)
Importance: Medium
Assignee: Seth Forshee (sforshee)
Status: Fix Committed
** Tags: kernel-stable-tracking-bug
** Tags added: kernel-stable-tracking-bug
** Description changed:
+ SRU Justification
- SRU Justification
+ Impact:
+ The upstream process for stable tree updates is quite similar
+ in scope to the Ubuntu SRU process, e.g., each patch has to
+ demonstrably fix a bug, and each patch is vetted by upstream
+ by originating either directly from a mainline/stable Linux tree or
+ a minimally backported form of that patch. The v4.15.2 upstream stable
+ patch set is now available. It should be included in the Ubuntu
+ kernel as well.
- Impact:
- The upstream process for stable tree updates is quite similar
- in scope to the Ubuntu SRU process, e.g., each patch has to
- demonstrably fix a bug, and each patch is vetted by upstream
- by originating either directly from a mainline/stable Linux tree or
- a minimally backported form of that patch. The v4.15.2 upstream stable
- patch set is now available. It should be included in the Ubuntu
- kernel as well.
+ git://git.kernel.org/
- git://git.kernel.org/
+ TEST CASE: TBD
- TEST CASE: TBD
+ The following patches from the v4.15.2 stable release shall be
+ applied:
- The following patches from the v4.15.2 stable release shall be
- applied:
+ KVM: x86: Make indirect calls in emulator speculation safe
+ KVM: VMX: Make indirect call speculation safe
+ module/retpoline: Warn about missing retpoline in module
+ x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
+ x86/cpufeatures: Add Intel feature bits for Speculation Control
+ x86/cpufeatures: Add AMD feature bits for Speculation Control
+ x86/msr: Add definitions for new speculation control MSRs
+ x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
+ x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
+ x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
+ x86/alternative: Print unadorned pointers
+ x86/nospec: Fix header guards names
+ x86/bugs: Drop one "mitigation" from dmesg
+ x86/cpu/bugs: Make retpoline module warning conditional
+ x86/cpufeatures: Clean up Spectre v2 related CPUID flags
+ x86/retpoline: Simplify vmexit_fill_RSB()
+ x86/speculation: Simplify indirect_branch_prediction_barrier()
+ auxdisplay: img-ascii-lcd: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+ iio: adc/accel: Fix up module licenses
+ pinctrl: pxa: pxa2xx: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+ ASoC: pcm512x: add missing MODULE_DESCRIPTION/AUTHOR/LICENSE
+ KVM: nVMX: Eliminate vmcs02 pool
+ KVM: VMX: introduce alloc_loaded_vmcs
+ objtool: Improve retpoline alternative handling
+ objtool: Add support for alternatives at the end of a section
+ objtool: Warn on stripped section symbol
+ x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
+ x86/spectre: Check CONFIG_RETPOLINE in command line parser
+ x86/entry/64: Remove the SYSCALL64 fast path
+ x86/entry/64: Push extra regs right away
+ x86/asm: Move 'status' from thread_struct to thread_info
+ Documentation: Document array_index_nospec
+ array_index_nospec: Sanitize speculative array de-references
+ x86: Implement array_index_mask_nospec
+ x86: Introduce barrier_nospec
+ x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+ x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
+ x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
+ x86/get_user: Use pointer masking to limit speculation
+ x86/syscall: Sanitize syscall table de-references under speculation
+ vfs, fdtable: Prevent bounds-check bypass via speculative execution
+ nl80211: Sanitize array index in parse_txq_params
+ x86/spectre: Report get_user mitigation for spectre_v1
+ x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
+ x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
+ x86/speculation: Use Indirect Branch Prediction Barrier in context switch
+ x86/paravirt: Remove 'noreplace-paravirt' cmdline option
+ KVM: VMX: make MSR bitmaps per-VCPU
+ x86/kvm: Update spectre-v1 mitigation
+ x86/retpoline: Avoid retpolines for built-in __init functions
+ x86/spectre: Simplify spectre_v2 command line parsing
+ x86/pti: Mark constant arrays as __initconst
+ x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
+ KVM/x86: Update the reverse_cpuid list to include CPUID_7_EDX
+ KVM/x86: Add IBPB support
+ KVM/VMX: Emulate MSR_IA32_ARCH_CAPABILITIES
+ KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
+ KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
+ serial: core: mark port as initialized after successful IRQ change
+ fpga: region: release of_parse_phandle nodes after use
+ Linux 4.15.2
** Changed in: linux (Ubuntu)
Importance: Undecided => Medium
** Changed in: linux (Ubuntu)
Status: New => In Progress
** Changed in: linux (Ubuntu)
Assignee: (unassigned) => Seth Forshee (sforshee)
** Changed in: linux (Ubuntu)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1748072
Title:
Bionic update to v4.15.2 stable release
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748072/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
