Bug #1767403 “linux-aws: 4.15.0-1008.8 -proposed tracker” : Series upload-to-ppa : Bugs : Kernel SRU Workflow

Stefan Bader (smb) on 2018-04-27

tags:	added: kernel-release-tracking-bug
tags:	added: kernel-release-tracking-bug-live
tags:	added: bionic
Changed in linux-aws (Ubuntu Bionic):
status:	New → Confirmed
Changed in linux-aws (Ubuntu):
status:	Confirmed → Invalid
Changed in kernel-sru-workflow:
status:	New → In Progress
importance:	Undecided → Medium
tags:	added: kernel-sru-cycle-2018.04.23-1
tags:	added: kernel-sru-derivative-of-1767397

Brad Figg (brad-figg) on 2018-05-01

description:	updated
description:	updated

Thadeu Lima de Souza Cascardo (cascardo) on 2018-05-08

summary:

- linux-aws: <version to be filled> -proposed tracker
+ linux-aws: 4.15.0-1008.8 -proposed tracker

Brad Figg (brad-figg) on 2018-05-08

description:	updated
description:	updated

Brad Figg (brad-figg) on 2018-05-08

tags:	added: block-proposed-bionic
tags:	added: block-proposed
description:	updated

Łukasz Zemczak (sil2100) on 2018-05-08

Changed in linux-aws (Ubuntu Bionic):
status:	Invalid → New

Brad Figg (brad-figg) on 2018-05-08

description:	updated
description:	updated

Andy Whitcroft (apw) on 2018-05-09

Changed in linux-aws (Ubuntu Bionic):
status:	New → Confirmed

Revision history for this message

Kleber Sacilotto de Souza (kleber-souza) wrote on 2018-05-17:

#1

Hardware Certification is not run for cloud kernels. Setting certification-testing to 'Invalid'.

Revision history for this message

Po-Hsu Lin (cypressyew) wrote on 2018-05-18:

#2

4.15.0-1008.8 - aws
Regression test CMPL.

Issue to note in x86_64 (aws):
  libhugetlbfs - failed to build on Bionic (bug 1707887)
  ubuntu_docker_smoke_test - test case issue
  ubuntu_kvm_unit_tests - test skipped due to no KVM support
  ubuntu_ltp - test disabled
  ubuntu_lxc - lxc-tests package not available (bug 1758255)
  ubuntu_unionmount_overlayfs_suite - File unexpectedly on union layer (bug 1751243)

Skipped / blacklisted:
* ubuntu_seccomp
* ubuntu_zram_smoke_test

tags:

added: regression-testing-passed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-05-21:

#3

Download full text (3.2 KiB)

This bug was fixed in the package linux-aws - 4.15.0-1009.9

---------------
linux-aws (4.15.0-1009.9) bionic; urgency=medium

[ Ubuntu: 4.15.0-22.24 ]

  * CVE-2018-3639 (powerpc)
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
    - stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
    - x86/nospec: Simplify alternative_msr_write()
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
    upstream prctls (LP: #1769263) // CVE-2018-3639
    - SAUCE: LSM stacking: adjust prctl values

linux-aws (4.15.0-1008.8) bionic; urgency=medium

* linux-aws: 4.15.0-1008.8 -proposed tracker (LP: #1767403)

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools

[ Ubuntu: 4.15.0-21.22 ]

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
  * initramfs-tools exception during pm.DoInstall with do-release-upgrade from
    16.04 to 18.04 (LP: #1766727)
    - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools
  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
    (LP: #1766629)
    - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

-- Stefan Bader <stefan.bader@canonical...

This bug was fixed in the package linux-aws - 4.15.0-1009.9

---------------
linux-aws (4.15.0-1009.9) bionic; urgency=medium

[ Ubuntu: 4.15.0-22.24 ]

* CVE-2018-3639 (powerpc)
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
    - stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
    - x86/nospec: Simplify alternative_msr_write()
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
    upstream prctls (LP: #1769263) // CVE-2018-3639
    - SAUCE: LSM stacking: adjust prctl values

linux-aws (4.15.0-1008.8) bionic; urgency=medium

* linux-aws: 4.15.0-1008.8 -proposed tracker (LP: #1767403)

* linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools

[ Ubuntu: 4.15.0-21.22 ]

* linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
    16.04 to 18.04  (LP: #1766727)
    - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools
  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
    (LP: #1766629)
    - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 16 May 2018 16:33:06 +0200

Changed in linux-aws (Ubuntu Bionic):
status:	Confirmed → Fix Released
status:	Confirmed → Fix Released

Revision history for this message

Brad Figg (brad-figg) wrote on 2018-05-22: Workflow done!

#5

All tasks have been completed and the bug is being set to Fix Released

Changed in kernel-sru-workflow:
status:	In Progress → Fix Released
tags:	removed: kernel-release-tracking-bug-live

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-05-24:

#6

Download full text (3.2 KiB)

This bug was fixed in the package linux-aws - 4.15.0-1009.9

---------------
linux-aws (4.15.0-1009.9) bionic; urgency=medium

[ Ubuntu: 4.15.0-22.24 ]

  * CVE-2018-3639 (powerpc)
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
    - stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
    - x86/nospec: Simplify alternative_msr_write()
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
    upstream prctls (LP: #1769263) // CVE-2018-3639
    - SAUCE: LSM stacking: adjust prctl values

linux-aws (4.15.0-1008.8) bionic; urgency=medium

* linux-aws: 4.15.0-1008.8 -proposed tracker (LP: #1767403)

  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools

[ Ubuntu: 4.15.0-21.22 ]

  * linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
  * initramfs-tools exception during pm.DoInstall with do-release-upgrade from
    16.04 to 18.04 (LP: #1766727)
    - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools
  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
    (LP: #1766629)
    - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

-- Stefan Bader <stefan.bader@canonical...

This bug was fixed in the package linux-aws - 4.15.0-1009.9

---------------
linux-aws (4.15.0-1009.9) bionic; urgency=medium

[ Ubuntu: 4.15.0-22.24 ]

* CVE-2018-3639 (powerpc)
    - powerpc/64s: Add support for a store forwarding barrier at kernel entry/exit
    - stf-barrier: set eieio instruction bit 6 for future optimisations
  * CVE-2018-3639 (x86)
    - x86/nospec: Simplify alternative_msr_write()
    - x86/bugs: Concentrate bug detection into a separate function
    - x86/bugs: Concentrate bug reporting into a separate function
    - x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
    - x86/bugs, KVM: Support the combination of guest and host IBRS
    - x86/bugs: Expose /sys/../spec_store_bypass
    - x86/cpufeatures: Add X86_FEATURE_RDS
    - x86/bugs: Provide boot parameters for the spec_store_bypass_disable
      mitigation
    - x86/bugs/intel: Set proper CPU features and setup RDS
    - x86/bugs: Whitelist allowed SPEC_CTRL MSR values
    - x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
    - x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
    - x86/speculation: Create spec-ctrl.h to avoid include hell
    - prctl: Add speculation control prctls
    - x86/process: Allow runtime control of Speculative Store Bypass
    - x86/speculation: Add prctl for Speculative Store Bypass mitigation
    - nospec: Allow getting/setting on non-current task
    - proc: Provide details on speculation flaw mitigations
    - seccomp: Enable speculation flaw mitigations
    - x86/bugs: Make boot modes __ro_after_init
    - prctl: Add force disable speculation
    - seccomp: Use PR_SPEC_FORCE_DISABLE
    - seccomp: Add filter flag to opt-out of SSB mitigation
    - seccomp: Move speculation migitation control to arch code
    - x86/speculation: Make "seccomp" the default mode for Speculative Store
      Bypass
    - x86/bugs: Rename _RDS to _SSBD
    - proc: Use underscores for SSBD in 'status'
    - Documentation/spec_ctrl: Do some minor cleanups
    - x86/bugs: Fix __ssb_select_mitigation() return type
    - x86/bugs: Make cpu_show_common() static
  * LSM Stacking prctl values should be redefined as to not collide with
    upstream prctls (LP: #1769263) // CVE-2018-3639
    - SAUCE: LSM stacking: adjust prctl values

linux-aws (4.15.0-1008.8) bionic; urgency=medium

* linux-aws: 4.15.0-1008.8 -proposed tracker (LP: #1767403)

* linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools

[ Ubuntu: 4.15.0-21.22 ]

* linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
  * initramfs-tools exception during pm.DoInstall with  do-release-upgrade from
    16.04 to 18.04  (LP: #1766727)
    - Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
  * linux-image-4.15.0-20-generic install after upgrade from xenial breaks
    (LP: #1767133)
    - Packaging: Depends on linux-base that provides the necessary tools
  * linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
    (LP: #1766629)
    - linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)

-- Stefan Bader <stefan.bader@canonical.com>  Wed, 16 May 2018 16:33:06 +0200

Changed in linux-aws (Ubuntu):
status:	Invalid → Fix Released

Kernel SRU Workflow

linux-aws: 4.15.0-1008.8 -proposed tracker

Bug Description

CVE References

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to
Kernel SRU Workflow	Fix Released	Medium	Unassigned
Automated-testing	Fix Released	Medium	Canonical Kernel Team
Certification-testing	Invalid	Medium	Canonical Hardware Certification
Prepare-package	Fix Released	Medium	Thadeu Lima de Souza Cascardo
Prepare-package-meta	Fix Released	Medium	Thadeu Lima de Souza Cascardo
Promote-to-proposed	Fix Released	Medium	Łukasz Zemczak
Promote-to-security	Invalid	Medium	Ubuntu Stable Release Updates Team
Promote-to-updates	Invalid	Medium	Ubuntu Stable Release Updates Team
Regression-testing	Fix Released	Medium	Po-Hsu Lin
Security-signoff	Invalid	Medium	Canonical Security Team
Upload-to-ppa	New	Medium	Canonical Kernel Team
Verification-testing	Fix Released	Medium	Canonical Kernel Team
linux-aws (Ubuntu)	Fix Released	Undecided	Unassigned
Bionic	Fix Released	Undecided	Unassigned