Bug #1769997 “linux-azure: 4.13.0-1017.20 -proposed tracker” : Bugs : linux-azure package : Ubuntu

Stefan Bader (smb) on 2018-05-08

tags:	added: kernel-release-tracking-bug
tags:	added: kernel-release-tracking-bug-live
tags:	added: xenial
Changed in linux-azure (Ubuntu Xenial):
status:	New → Confirmed
Changed in linux-azure (Ubuntu):
status:	New → Invalid
Changed in linux-azure (Ubuntu Xenial):
importance:	Undecided → Medium
Changed in kernel-sru-workflow:
status:	New → In Progress
importance:	Undecided → Medium
tags:	added: kernel-sru-cycle-2018.04.23-2
tags:	added: kernel-sru-backport-of-1769993

Brad Figg (brad-figg) on 2018-05-09

description:	updated
description:	updated

Revision history for this message

Joshua R. Poulson (jrp) wrote on 2018-05-09:

#1

I'm hoping this is based off the same 4.15 that's going into bionic, 4.15.0-1010.

Kamal Mostafa (kamalmostafa) on 2018-05-10

summary:

- linux-azure: <version to be filled> -proposed tracker
+ linux-azure: 4.13.0-1017.20 -proposed tracker

Brad Figg (brad-figg) on 2018-05-10

description:	updated
description:	updated

Brad Figg (brad-figg) on 2018-05-10

tags:	added: block-proposed-xenial
tags:	added: block-proposed
description:	updated

Brad Figg (brad-figg) on 2018-05-10

description:	updated
description:	updated

Revision history for this message

Joshua R. Poulson (jrp) wrote on 2018-05-16:

#2

Our testing on this kernel is complete and we are good with publishing.

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2018-05-18:

#3

4.13.0-1017.20 - azure
Regression test CMPL.

Issue to note in x86_64 (azure):
  ebizzy - failed on Standard_A0, passed on the rest
  libhugetlbfs - 1 failed (brk_near_huge, bug 1653597), Killed by signal 1, bad config 3, passed on the rest
  monotonic_time - all three tests (or just tsc test) failed on some instances, passed on the rest
  ubuntu_docker_smoke_test - test case issue
  ubuntu_kvm_unit_tests - test skipped due to no KVM support, vmx_control will crash E4 nodes (bug 1747892)
  ubuntu_lttng_smoke_test - failed on Standard_A0 (bug 1765035) and B1s, passed on the rest
  ubuntu_lxc - lxc-test-ubuntu failed (Failed to start networking in ubuntu-cloud container, Failed creating ubuntu-cloud container due to too many open files), passed on the rest
  ubuntu_qrt_apparmor - failed on Standard_A0 only, passed on the rest
  ubuntu_stress_smoke_test - sysfs caused kernel oopsed on some instances (bug 1757057)
  ubuntu_unionmount_overlayfs_suite - Invalid cross-device link was not produced (bug 1727290)
  ubuntu_zram_smoke_test - zram module missing (bug 1762756)

Skipped / blacklisted:
  * ubuntu_ltp
  * ubuntu_seccomp
  * ubuntu_sysdig_smoke_test

tags:

added: regression-testing-passed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-05-22:

#4

Download full text (6.1 KiB)

This bug was fixed in the package linux-azure - 4.13.0-1018.21

---------------
linux-azure (4.13.0-1018.21) xenial; urgency=medium

[ Ubuntu: 4.13.0-43.48 ]

  * CVE-2018-3639 (powerpc)
    - SAUCE: rfi-flush: update H_CPU_* macro names to upstream
    - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
      upstream
    - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/64s: Allow control of RFI flush via debugfs
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
  * CVE-2018-3639 (x86)
    - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
    - SAUCE: x86: Add alternative_msr_write
    - x86/nospec: Simplify alternative_msr_write()
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/msr: Add definitions for new speculation control MSRs
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - SAUCE: x86/bugs: Honour SPEC_CTRL default
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch cod...

This bug was fixed in the package linux-azure - 4.13.0-1018.21

---------------
linux-azure (4.13.0-1018.21) xenial; urgency=medium

[ Ubuntu: 4.13.0-43.48 ]

* CVE-2018-3639 (powerpc)
    - SAUCE: rfi-flush: update H_CPU_* macro names to upstream
    - SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
      upstream
    - SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
    - powerpc/pseries: Support firmware disable of RFI flush
    - powerpc/powernv: Support firmware disable of RFI flush
    - powerpc/64s: Allow control of RFI flush via debugfs
    - powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
    - powerpc/rfi-flush: Always enable fallback flush on pseries
    - powerpc/rfi-flush: Differentiate enabled and patched flush types
    - powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
    - powerpc: Add security feature flags for Spectre/Meltdown
    - powerpc/powernv: Set or clear security feature flags
    - powerpc/pseries: Set or clear security feature flags
    - powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
    - powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
    - powerpc/pseries: Fix clearing of security feature flags
    - powerpc: Move default security feature flags
    - powerpc/pseries: Restore default security feature flags on setup
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
  * CVE-2018-3639 (x86)
    - SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
    - SAUCE: x86: Add alternative_msr_write
    - x86/nospec: Simplify alternative_msr_write()
    - x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/msr: Add definitions for new speculation control MSRs
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - SAUCE: x86/bugs: Honour SPEC_CTRL default
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
    upstream prctls (LP: #1769263) // CVE-2018-3639
    - SAUCE: LSM stacking: adjust prctl values

[ Ubuntu: 4.13.0-42.47 ]

* linux: 4.13.0-42.47 -proposed tracker (LP: #1769993)
  * arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850)
    - arm64: fix CONFIG_DEBUG_WX address reporting
  * HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
    - net: hns: Avoid action name truncation
  * CVE-2017-18208
    - mm/madvise.c: fix madvise() infinite loop under special circumstances
  * CVE-2018-8822
    - staging: ncpfs: memory corruption in ncp_read_kernel()
  * CVE-2017-18203
    - dm: fix race between dm_get_from_kobject() and __dm_destroy()
  * CVE-2017-17449
    - netlink: Add netns check on taps
  * CVE-2017-17975
    - media: usbtv: prevent double free in error case
  * [8086:3e92] display becomes blank after S3 (LP: #1763271)
    - drm/i915/edp: Allow alternate fixed mode for eDP if available.
    - drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp
    - drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp
    - drm/i915/edp: Do not do link training fallback or prune modes on EDP
  * sky2 gigabit ethernet driver sometimes stops working after lid-open resume
    from sleep (88E8055) (LP: #1758507)
    - sky2: Increase D3 delay to sky2 stops working after suspend
  * perf vendor events arm64: Enable JSON events for ThunderX2 B0 (LP: #1760712)
    - perf vendor events arm64: Enable JSON events for ThunderX2 B0
  * No network with e1000e driver on 4.13.0-38-generic (LP: #1762693)
    - e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
  * /dev/ipmi enumeration flaky on Cavium Sabre nodes (LP: #1762812)
    - i2c: xlp9xx: return ENXIO on slave address NACK
    - i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly
    - i2c: xlp9xx: Check for Bus state before every transfer
    - i2c: xlp9xx: Handle NACK on DATA properly
  * "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
    - virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
  * fix regression in mm/hotplug, allows NVIDIA driver to work (LP: #1761104)
    - SAUCE: Fix revert "mm, memory_hotplug: do not associate hotadded memory to
      zones until online"
  * ibrs/ibpb fixes result in excessive kernel logging  (LP: #1755627)
    - SAUCE: remove ibrs_dump sysctl interface

linux-azure (4.13.0-1017.20) xenial; urgency=medium

* linux-azure: 4.13.0-1017.20 -proposed tracker (LP: #1769997)

* fsnotify: Fix fsnotify_mark_connector race (LP: #1765564)
    - fsnotify: Fix fsnotify_mark_connector race

-- Stefan Bader <stefan.bader@canonical.com>  Thu, 17 May 2018 15:23:08 +0200

Changed in linux-azure (Ubuntu Xenial):
status:	Confirmed → Fix Released

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-05-22: Workflow done!

#5

All tasks have been completed and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status:	In Progress → Fix Released
tags:	removed: kernel-release-tracking-bug-live

Ubuntu
linux-azure package

linux-azure: 4.13.0-1017.20 -proposed tracker

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Kernel SRU Workflow	Fix Released	Medium	Unassigned
Automated-testing	Fix Released	Medium	Canonical Kernel Team
Certification-testing	Invalid	Medium	Canonical Hardware Certification
Prepare-package	Fix Released	Medium	Kamal Mostafa
Prepare-package-meta	Fix Released	Medium	Kamal Mostafa
Prepare-package-signed	Fix Released	Medium	Kamal Mostafa
Promote-to-proposed	Fix Released	Medium	Łukasz Zemczak
Promote-to-security	Invalid	Medium	Ubuntu Stable Release Updates Team
Promote-to-updates	Invalid	Medium	Ubuntu Stable Release Updates Team
Regression-testing	Fix Released	Medium	Po-Hsu Lin
Security-signoff	Invalid	Medium	Steve Beattie
Snap-release-to-beta	Fix Released	Medium	Canonical Kernel Team
Snap-release-to-candidate	Invalid	Medium	Canonical Kernel Team
Snap-release-to-edge	Fix Released	Medium	Canonical Kernel Team
Snap-release-to-stable	Invalid	Medium	Canonical Kernel Team
Stakeholder-signoff	Fix Released	Medium	Joshua R. Poulson
Upload-to-ppa	New	Medium	Canonical Kernel Team
Verification-testing	Fix Released	Medium	Canonical Kernel Team
linux-azure (Ubuntu)	Invalid	Undecided	Unassigned
Xenial	Fix Released	Medium	Unassigned

Ubuntulinux-azure package

linux-azure: 4.13.0-1017.20 -proposed tracker

Bug Description

CVE References

Duplicates of this bug

Other bug subscribers

Remote bug watches

Ubuntu
linux-azure package