Update to upstream's implementation of Spectre v1 mitigation
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Invalid
|
Undecided
|
Juerg Haefliger | ||
Precise |
Fix Released
|
Undecided
|
Juerg Haefliger | ||
Trusty |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Xenial/
== SRU Justification ==
Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable.
== Fix ==
Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro.
== Regression Potential ==
Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream.
== Test Case ==
TBD.
CVE References
- 2016-10208
- 2017-11472
- 2017-11473
- 2017-14991
- 2017-15649
- 2017-16526
- 2017-16527
- 2017-16529
- 2017-16531
- 2017-16532
- 2017-16533
- 2017-16535
- 2017-16536
- 2017-16537
- 2017-16538
- 2017-16643
- 2017-16644
- 2017-16645
- 2017-16650
- 2017-16911
- 2017-16912
- 2017-16913
- 2017-16914
- 2017-17558
- 2017-18255
- 2017-18270
- 2017-2583
- 2017-2584
- 2017-2671
- 2017-5549
- 2017-5715
- 2017-5897
- 2017-6345
- 2017-6348
- 2017-7518
- 2017-7645
- 2017-8831
- 2017-9984
- 2018-1000204
- 2018-10021
- 2018-10087
- 2018-10124
- 2018-10323
- 2018-10675
- 2018-10877
- 2018-10881
- 2018-1092
- 2018-1093
- 2018-10940
- 2018-12233
- 2018-13094
- 2018-13405
- 2018-13406
- 2018-3639
- 2018-3665
- 2018-7755
Changed in linux (Ubuntu): | |
assignee: | nobody → Juerg Haefliger (juergh) |
summary: |
- Add array_index_nospec + Update to upstream's implementation of Spectre v1 mitigation |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
Changed in linux (Ubuntu Xenial): | |
status: | New → Fix Committed |
tags: |
added: verification-done-xenial removed: verification-needed-xenial |
Changed in linux (Ubuntu Trusty): | |
status: | New → Fix Committed |
tags: |
added: verification-done-trusty removed: verification-needed-trusty |
Changed in linux (Ubuntu Precise): | |
status: | New → In Progress |
assignee: | nobody → Juerg Haefliger (juergh) |
Changed in linux (Ubuntu Precise): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Precise): | |
status: | Fix Committed → Fix Released |
Changed in linux (Ubuntu): | |
status: | Incomplete → Invalid |
tags: | added: cscc |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1774181
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.