[CVE] Spectre: System Z {kernel} UBUNTU18.04

Bug #1754580 reported by bugproxy on 2018-03-09
24
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Critical
Canonical Kernel Team
linux (Ubuntu)
Critical
Seth Forshee
Bionic
Critical
Seth Forshee

Bug Description

Comment will follow

CVE References

Default Comment by Bridge

tags: added: architecture-s39064 bugnameltc-165423 severity-critical targetmilestone-inin---

Default Comment by Bridge

Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
information type: Public → Private

------- Comment From <email address hidden> 2018-03-09 03:21 EDT-------
With Ubuntu bionic, kernel 4.15.0-11-generic #12-Ubuntu SMP Fri Feb 23 18:38:46 UTC 2018 s390x, I did not see any effect when switching kernel parameter between nobp=1 (secure) and nobp=0 (faster, but insecure). In the kenel config I could not find any option mentioning nobp either.
Attaching kernel config.

The default should be nobp=1 with bionic

git commits required for kernel patches
# 7041d28115e91f2144f811ffe8a195c696b1e1d0
# e2dd833389cc4069a96b57bdd24227b5f52288f5
# cf1489984641369611556bf00c48f945c77bcf02
# d768bd892fc8f066cd3aa000eb1867bcf32db0ee
# 6b73044b2b0081ee3dd1cd6eaab7dee552601efb
# f19fbd5ed642dc31c809596412dab1ed56f2f156
# 2cb370d615e9fbed9e95ed222c2c8f337181aa90
# d5feec04fe578c8dbd9e2e1439afc2f0af761ed4
# d3f468963cd6fd6d2aa5e26aed8b24232096d0e1

Ubuntu 18.04 kernel patches

Changed in ubuntu-z-systems:
status: New → Triaged
importance: Undecided → Critical
assignee: nobody → Canonical Kernel Team (canonical-kernel-team)
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in linux (Ubuntu):
status: New → Confirmed
tags: added: kernel-da-key
tags: added: bionic
Changed in linux (Ubuntu Bionic):
status: Confirmed → Triaged
importance: Undecided → Critical
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-03-09 05:59 EDT-------
*** Bug 165546 has been marked as a duplicate of this bug. ***

bugproxy (bugproxy) on 2018-03-14
tags: added: targetmilestone-inin1804
removed: targetmilestone-inin---
Seth Forshee (sforshee) wrote :

Can we make this bug public? Or is there a public bug for this issue that can be referenced in our git commit messages?

Changed in linux (Ubuntu Bionic):
assignee: Skipper Bug Screeners (skipper-screen-team) → Seth Forshee (sforshee)
status: Triaged → In Progress
Changed in ubuntu-z-systems:
status: Triaged → In Progress
information type: Private → Public
Seth Forshee (sforshee) wrote :

The attached config does not seem to contain the new options. These are the values I've selected, please let me know if they should be changed.

CONFIG_EXPOLINE=y
CONFIG_EXPOLINE_FULL=y
# CONFIG_EXPOLINE_MEDIUM is not set
# CONFIG_EXPOLINE_OFF is not set
CONFIG_KERNEL_NOBP=y

Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-03-19 03:04 EDT-------
> The attached config does not seem to contain the new options.
> These are the values I've selected, please let me know if they
> should be changed.
>
> CONFIG_EXPOLINE=y
> CONFIG_EXPOLINE_FULL=y
> # CONFIG_EXPOLINE_MEDIUM is not set
> # CONFIG_EXPOLINE_OFF is not set
> CONFIG_KERNEL_NOBP=y

With the current code these are the correct values. With a future
patch that will use a machine indication if the expolines are still
needed we might want to change to CONFIG_EXPOLINE_MEDIUM
(and rename it to CONFIG_EXPOLINE_AUTO).

Launchpad Janitor (janitor) wrote :
Download full text (32.6 KiB)

This bug was fixed in the package linux - 4.15.0-13.14

---------------
linux (4.15.0-13.14) bionic; urgency=medium

  * linux: 4.15.0-13.14 -proposed tracker (LP: #1756408)

  * devpts: handle bind-mounts (LP: #1755857)
    - SAUCE: devpts: hoist out check for DEVPTS_SUPER_MAGIC
    - SAUCE: devpts: resolve devpts bind-mounts
    - SAUCE: devpts: comment devpts_mntget()
    - SAUCE: selftests: add devpts selftests

  * [bionic][arm64] d-i: add hisi_sas_v3_hw to scsi-modules (LP: #1756103)
    - d-i: add hisi_sas_v3_hw to scsi-modules

  * [Bionic][ARM64] enable ROCE and HNS3 driver support for hip08 SoC
    (LP: #1756097)
    - RDMA/hns: Refactor eq code for hip06
    - RDMA/hns: Add eq support of hip08
    - RDMA/hns: Add detailed comments for mb() call
    - RDMA/hns: Add rq inline data support for hip08 RoCE
    - RDMA/hns: Update the usage of sr_max and rr_max field
    - RDMA/hns: Set access flags of hip08 RoCE
    - RDMA/hns: Filter for zero length of sge in hip08 kernel mode
    - RDMA/hns: Fix QP state judgement before sending work requests
    - RDMA/hns: Assign dest_qp when deregistering mr
    - RDMA/hns: Fix endian problems around imm_data and rkey
    - RDMA/hns: Assign the correct value for tx_cqn
    - RDMA/hns: Create gsi qp in hip08
    - RDMA/hns: Add gsi qp support for modifying qp in hip08
    - RDMA/hns: Fill sq wqe context of ud type in hip08
    - RDMA/hns: Assign zero for pkey_index of wc in hip08
    - RDMA/hns: Update the verbs of polling for completion
    - RDMA/hns: Set the guid for hip08 RoCE device
    - net: hns3: Refactor of the reset interrupt handling logic
    - net: hns3: Add reset service task for handling reset requests
    - net: hns3: Refactors the requested reset & pending reset handling code
    - net: hns3: Add HNS3 VF IMP(Integrated Management Proc) cmd interface
    - net: hns3: Add mailbox support to VF driver
    - net: hns3: Add HNS3 VF HCL(Hardware Compatibility Layer) Support
    - net: hns3: Add HNS3 VF driver to kernel build framework
    - net: hns3: Unified HNS3 {VF|PF} Ethernet Driver for hip08 SoC
    - net: hns3: Add mailbox support to PF driver
    - net: hns3: Change PF to add ring-vect binding & resetQ to mailbox
    - net: hns3: Add mailbox interrupt handling to PF driver
    - net: hns3: add support to query tqps number
    - net: hns3: add support to modify tqps number
    - net: hns3: change the returned tqp number by ethtool -x
    - net: hns3: free the ring_data structrue when change tqps
    - net: hns3: get rss_size_max from configuration but not hardcode
    - net: hns3: add a mask initialization for mac_vlan table
    - net: hns3: add vlan offload config command
    - net: hns3: add ethtool related offload command
    - net: hns3: add handling vlan tag offload in bd
    - net: hns3: cleanup mac auto-negotiation state query
    - net: hns3: fix for getting auto-negotiation state in hclge_get_autoneg
    - net: hns3: add support for set_pauseparam
    - net: hns3: add support to update flow control settings after autoneg
    - net: hns3: add Asym Pause support to phy default features
    - net: hns3: add support for querying advertised pause frame by ethtool ethx
    - net:...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2018-05-22 04:01 EDT-------
IBM Bugzilla status closed; Further updates will be provide via kernel-stable releases

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers