Bionic update to v4.15.2 stable release
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Medium
|
Seth Forshee |
Bug Description
SRU Justification
Impact:
The upstream process for stable tree updates is quite similar
in scope to the Ubuntu SRU process, e.g., each patch has to
demonstrably fix a bug, and each patch is vetted by upstream
by originating either directly from a mainline/stable Linux tree or
a minimally backported form of that patch. The v4.15.2 upstream stable
patch set is now available. It should be included in the Ubuntu
kernel as well.
TEST CASE: TBD
The following patches from the v4.15.2 stable release shall be applied:
KVM: x86: Make indirect calls in emulator speculation safe
KVM: VMX: Make indirect call speculation safe
module/retpoline: Warn about missing retpoline in module
x86/cpufeatures: Add CPUID_7_EDX CPUID leaf
x86/cpufeatures: Add Intel feature bits for Speculation Control
x86/cpufeatures: Add AMD feature bits for Speculation Control
x86/msr: Add definitions for new speculation control MSRs
x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes
x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support
x86/alternative: Print unadorned pointers
x86/nospec: Fix header guards names
x86/bugs: Drop one "mitigation" from dmesg
x86/cpu/bugs: Make retpoline module warning conditional
x86/cpufeatures: Clean up Spectre v2 related CPUID flags
x86/retpoline: Simplify vmexit_fill_RSB()
x86/speculation: Simplify indirect_
auxdisplay: img-ascii-lcd: add missing MODULE_
iio: adc/accel: Fix up module licenses
pinctrl: pxa: pxa2xx: add missing MODULE_
ASoC: pcm512x: add missing MODULE_
KVM: nVMX: Eliminate vmcs02 pool
KVM: VMX: introduce alloc_loaded_vmcs
objtool: Improve retpoline alternative handling
objtool: Add support for alternatives at the end of a section
objtool: Warn on stripped section symbol
x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
x86/spectre: Check CONFIG_RETPOLINE in command line parser
x86/entry/64: Remove the SYSCALL64 fast path
x86/entry/64: Push extra regs right away
x86/asm: Move 'status' from thread_struct to thread_info
Documentation: Document array_index_nospec
array_index_nospec: Sanitize speculative array de-references
x86: Implement array_index_
x86: Introduce barrier_nospec
x86: Introduce __uaccess_
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86/uaccess: Use __uaccess_
x86/get_user: Use pointer masking to limit speculation
x86/syscall: Sanitize syscall table de-references under speculation
vfs, fdtable: Prevent bounds-check bypass via speculative execution
nl80211: Sanitize array index in parse_txq_params
x86/spectre: Report get_user mitigation for spectre_v1
x86/spectre: Fix spelling mistake: "vunerable"-> "vulnerable"
x86/cpuid: Fix up "virtual" IBRS/IBPB/STIBP feature bits on Intel
x86/speculation: Use Indirect Branch Prediction Barrier in context switch
x86/paravirt: Remove 'noreplace-
KVM: VMX: make MSR bitmaps per-VCPU
x86/kvm: Update spectre-v1 mitigation
x86/retpoline: Avoid retpolines for built-in __init functions
x86/spectre: Simplify spectre_v2 command line parsing
x86/pti: Mark constant arrays as __initconst
x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL
KVM/x86: Update the reverse_cpuid list to include CPUID_7_EDX
KVM/x86: Add IBPB support
KVM/VMX: Emulate MSR_IA32_
KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL
KVM/SVM: Allow direct access to MSR_IA32_SPEC_CTRL
serial: core: mark port as initialized after successful IRQ change
fpga: region: release of_parse_phandle nodes after use
Linux 4.15.2
CVE References
tags: | added: kernel-stable-tracking-bug |
description: | updated |
Changed in linux (Ubuntu): | |
assignee: | nobody → Seth Forshee (sforshee) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in linux (Ubuntu): | |
status: | In Progress → Fix Committed |
This bug was fixed in the package linux - 4.15.0-10.11
---------------
linux (4.15.0-10.11) bionic; urgency=medium
* linux: 4.15.0-10.11 -proposed tracker (LP: #1749250)
* "swiotlb: coherent allocation failed" dmesg spam with linux 4.15.0-9.10
(LP: #1749202)
- swiotlb: suppress warning when __GFP_NOWARN is set
- drm/ttm: specify DMA_ATTR_NO_WARN for huge page pools
* linux-tools: perf incorrectly linking libbfd (LP: #1748922)
- SAUCE: tools -- add ability to disable libbfd
- [Packaging] correct disablement of libbfd
* [Artful] Realtek ALC225: 2 secs noise when a headset plugged in
(LP: #1744058)
- ALSA: hda/realtek - update ALC225 depop optimize
* [Artful] Support headset mode for DELL WYSE (LP: #1723913)
- SAUCE: ALSA: hda/realtek - Add support headset mode for DELL WYSE
* headset mic can't be detected on two Dell machines (LP: #1748807) ALC285/ ALC289
- ALSA: hda/realtek - Support headset mode for ALC215/
- ALSA: hda - Fix headset mic detection problem for two Dell machines
* Bionic update to v4.15.3 stable release (LP: #1749191) verify_ rtnl() sk_alloc( )" router_ fib_event_ work add_sock( ) LICENSE/ DESCRIPTION DESCRIPTION/ AUTHOR/ LICENSE DESCRIPTION/ AUTHOR/ LICENSE
- ip6mr: fix stale iterator
- net: igmp: add a missing rcu locking section
- qlcnic: fix deadlock bug
- qmi_wwan: Add support for Quectel EP06
- r8169: fix RTL8168EP take too long to complete driver initialization.
- tcp: release sk_frag.page in tcp_disconnect
- vhost_net: stop device during reset owner
- ipv6: addrconf: break critical section in addrconf_
- ipv6: change route cache aging logic
- Revert "defer call to mem_cgroup_
- net: ipv6: send unsolicited NA after DAD
- rocker: fix possible null pointer dereference in
rocker_
- tcp_bbr: fix pacing_gain to always be unity when using lt_bw
- cls_u32: add missing RCU annotation.
- ipv6: Fix SO_REUSEPORT UDP socket with implicit sk_ipv6only
- soreuseport: fix mem leak in reuseport_
- net_sched: get rid of rcu_barrier() in tcf_block_put_ext()
- net: sched: fix use-after-free in tcf_block_put_ext
- media: mtk-vcodec: add missing MODULE_
- media: soc_camera: soc_scale_crop: add missing
MODULE_
- media: tegra-cec: add missing MODULE_
- gpio: uniphier: fix mismatch between license text and MODULE_LICENSE
- crypto: tcrypt - fix S/G table for test_aead_speed()
- Linux 4.15.3
* bnx2x_attn_ int_deasserted3 :4323 MC assert! (LP: #1715519) // 2018-1000026 validate_ mac_len( )
CVE-
- net: create skb_gso_
- bnx2x: disable GSO where gso_size is too big for hardware
* ethtool -p fails to light NIC LED on HiSilicon D05 systems (LP: #1748567)
- net: hns: add ACPI mode support for ethtool -p
* CVE-2017-5715 (Spectre v2 Intel)
- [Packaging] retpoline files must be sorted
- [Packaging] pull in retpoline files
* [Feature] PXE boot with Intel Omni-Path (LP: #1712031)
- d-i: Add hfi1 to nic-modules
* CVE-2017-5715 (Spectre v2 retpoline)
- [Packaging] retpoline -- add call site validation
- [Config] disable retpoline checks for first upload
* Do not dup...