Backport spectre/meltdown fixes on qemu for ppc64 into 16.04 and possibly 14.04 LTS releases
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
The Ubuntu-power-systems project |
Fix Released
|
Critical
|
Canonical Security Team | ||
Ubuntu-14.04 |
Invalid
|
Critical
|
Unassigned | ||
Ubuntu-16.04 |
Invalid
|
Critical
|
Marc Deslauriers | ||
qemu (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Xenial |
Fix Released
|
Critical
|
Unassigned |
Bug Description
== Comment: #0 - Satheesh Rajendran <email address hidden> - 2018-04-19 04:26:51 ==
---Problem Description---
Backport spectre/meltdown fixes on qemu for ppc64 into all LTS releases
Contact Information = <email address hidden>
---uname output---
-
Machine Type = power8,power9
---Debugger---
A debugger is not configured
---Steps to Reproduce---
For pseries guests there are 3 tri-state -machine options/
cap-cfpc: Cache Flush on Privilege Change
cap-sbbc: Speculation Barrier Bounds Checking
cap-ibs: Indirect Branch Serialisation
Details can be found here https:/
Needed qemu commits:
cb931c2108 target/ppc: Check mask when setting cap_ppc_
4f5b039d2b ppc/spapr-caps: Disallow setting workaround for spapr-cap-ibs
8c5909c419 ppc/spapr-caps: Change migration macro to take full spapr-cap name
c59704b254 target/ppc/spapr: Add H-Call H_GET_CPU_
4be8d4e7d9 target/
09114fd817 target/
8f38eaf8f9 target/
6898aed77f target/
8acc2ae5e9 target/ppc/kvm: Add cap_ppc_
Optional commits to introduce a machine type variant pseries-
813f3cf655 ppc/spapr-caps: Define the pseries-2.12-sxxm machine type
c76c0d3090 ppc/spapr-caps: Convert cap-ibs to custom spapr-cap
aaf265ffde ppc/spapr-caps: Convert cap-sbbc to custom spapr-cap
f27aa81e72 ppc/spapr-caps: Convert cap-cfpc to custom spapr-cap
87175d1bc5 ppc/spapr-caps: Add support for custom spapr_capabilities
Userspace tool common name: qemu-kvm
The userspace tool has the following bit modes: both
Userspace rpm: qemu-kvm
Userspace tool obtained from project website: na
*Additional Instructions for <email address hidden>:
-Attach ltrace and strace of userspace application.
CVE References
tags: | added: architecture-ppc64le bugnameltc-166958 severity-critical targetmilestone-inin--- |
Changed in ubuntu: | |
assignee: | nobody → Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) |
affects: | ubuntu → qemu (Ubuntu) |
Changed in ubuntu-power-systems: | |
status: | New → Triaged |
importance: | Undecided → Critical |
assignee: | nobody → Canonical Kernel Team (canonical-kernel-team) |
tags: | added: triage-g |
Changed in ubuntu-power-systems: | |
assignee: | Canonical Kernel Team (canonical-kernel-team) → Canonical Security Team (canonical-security) |
Changed in qemu (Ubuntu): | |
importance: | Undecided → Critical |
information type: | Public → Public Security |
summary: |
- Backport spectre/meltdown fixes on qemu for ppc64 into all LTS releases + Backport spectre/meltdown fixes on qemu for ppc64 into 16.04 and + possibly 14.04 LTS releases |
tags: |
added: triage-a removed: triage-g |
Changed in ubuntu-power-systems: | |
status: | Triaged → Incomplete |
Changed in ubuntu-power-systems: | |
assignee: | Canonical Security Team (canonical-security) → nobody |
Changed in ubuntu-power-systems: | |
status: | Incomplete → In Progress |
Changed in ubuntu-power-systems: | |
assignee: | nobody → Canonical Security Team (canonical-security) |
Changed in ubuntu-power-systems: | |
importance: | Critical → Medium |
importance: | Medium → Critical |
Changed in ubuntu-power-systems: | |
status: | Incomplete → Triaged |
Changed in ubuntu-power-systems: | |
status: | Incomplete → In Progress |
Hi,
thanks for breaking this out of bug 1761372 (which was about the new machine type in 18.04).
I personally Nack the backport of the machine type changes, but the last call will be the Security Team. Thank you a lot for listing them split.
Also the security Team likely has the best overview of the progress of the related kernel patches.
If you have the list at hand (or a bug where they were processed) it would be surely a great help to list the reference here as well.
Assigning to mdeslaur for initial triage by Server team.