linux: 4.15.0-40.43 -proposed tracker

Bug #1802554 reported by Kleber Sacilotto de Souza on 2018-11-09
12
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Kernel SRU Workflow
Medium
Unassigned
Automated-testing
Medium
Canonical Kernel Team
Certification-testing
Medium
Canonical Hardware Certification
Prepare-package
Medium
Thadeu Lima de Souza Cascardo
Prepare-package-meta
Medium
Thadeu Lima de Souza Cascardo
Prepare-package-signed
Medium
Thadeu Lima de Souza Cascardo
Promote-to-proposed
Medium
Steve Langasek
Promote-to-security
Medium
Ubuntu Stable Release Updates Team
Promote-to-updates
Medium
Ubuntu Stable Release Updates Team
Regression-testing
Medium
Canonical Kernel Team
Security-signoff
Medium
Canonical Security Team
Snap-release-to-beta
Medium
Canonical Kernel Team
Snap-release-to-candidate
Medium
Canonical Kernel Team
Snap-release-to-edge
Medium
Canonical Kernel Team
Snap-release-to-stable
Medium
Canonical Kernel Team
Upload-to-ppa-dnu
Medium
Unassigned
Verification-testing
Medium
Canonical Kernel Team
linux (Ubuntu)
Undecided
Unassigned
Bionic
Medium
Unassigned

Bug Description

This bug is for tracking the <version to be filled> upload package. This bug will contain status and testing results related to that upload.

For an explanation of the tasks and the associated workflow see: https://wiki.ubuntu.com/Kernel/kernel-sru-workflow

backports: bug 1802564 (linux-azure), bug 1802565 (linux-azure), bug 1802567 (linux-azure-edge), bug 1802568 (linux-gcp), bug 1802571 (linux-hwe), bug 1802572 (linux-hwe-edge)
derivatives: bug 1802555 (linux-raspi2), bug 1802556 (linux-oem), bug 1802558 (linux-aws), bug 1802559 (linux-azure), bug 1802560 (linux-gcp), bug 1802561 (linux-kvm)
-- swm properties --
boot-testing-requested: true
bugs-spammed: true
phase: Promoted to proposed
proposed-announcement-sent: true
proposed-testing-requested: true
reason:
  automated-testing: Testing FAILED
  certification-testing: Testing in progress
  regression-testing: Testing in progress
  security-signoff: Waiting for signoff
  snap-release-to-beta: Snap not in 18/beta channel
  snap-release-to-edge: Snap not in 18/edge channel
  verification-testing: Testing in progress

CVE References

tags: added: kernel-release-tracking-bug
tags: added: kernel-release-tracking-bug-live
tags: added: bionic
Changed in linux (Ubuntu Bionic):
status: New → Confirmed
Changed in linux (Ubuntu):
status: New → Invalid
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
Changed in kernel-sru-workflow:
status: New → In Progress
importance: Undecided → Medium
tags: added: kernel-sru-cycle-2018.11.12-1
tags: added: kernel-sru-master-kernel
description: updated
summary: - linux: <version to be filled> -proposed tracker
+ linux: 4.15.0-40.43 -proposed tracker
Brad Figg (brad-figg) on 2018-11-09
description: updated
Brad Figg (brad-figg) on 2018-11-12
description: updated
description: updated
Brad Figg (brad-figg) on 2018-11-12
description: updated
Brad Figg (brad-figg) on 2018-11-12
description: updated
Brad Figg (brad-figg) on 2018-11-14
description: updated
Brad Figg (brad-figg) on 2018-11-14
tags: added: block-proposed-bionic
tags: added: block-proposed
description: updated
Brad Figg (brad-figg) on 2018-11-14
description: updated
Brad Figg (brad-figg) on 2018-11-14
description: updated
Brad Figg (brad-figg) on 2018-11-15
description: updated
description: updated
Brad Figg (brad-figg) on 2018-11-15
description: updated
Launchpad Janitor (janitor) wrote :
Download full text (3.1 KiB)

This bug was fixed in the package linux - 4.15.0-42.45

---------------
linux (4.15.0-42.45) bionic; urgency=medium

  * linux: 4.15.0-42.45 -proposed tracker (LP: #1803592)

  * [FEAT] Guest-dedicated Crypto Adapters (LP: #1787405)
    - KVM: s390: reset crypto attributes for all vcpus
    - KVM: s390: vsie: simulate VCPU SIE entry/exit
    - KVM: s390: introduce and use KVM_REQ_VSIE_RESTART
    - KVM: s390: refactor crypto initialization
    - s390: vfio-ap: base implementation of VFIO AP device driver
    - s390: vfio-ap: register matrix device with VFIO mdev framework
    - s390: vfio-ap: sysfs interfaces to configure adapters
    - s390: vfio-ap: sysfs interfaces to configure domains
    - s390: vfio-ap: sysfs interfaces to configure control domains
    - s390: vfio-ap: sysfs interface to view matrix mdev matrix
    - KVM: s390: interface to clear CRYCB masks
    - s390: vfio-ap: implement mediated device open callback
    - s390: vfio-ap: implement VFIO_DEVICE_GET_INFO ioctl
    - s390: vfio-ap: zeroize the AP queues
    - s390: vfio-ap: implement VFIO_DEVICE_RESET ioctl
    - KVM: s390: Clear Crypto Control Block when using vSIE
    - KVM: s390: vsie: Do the CRYCB validation first
    - KVM: s390: vsie: Make use of CRYCB FORMAT2 clear
    - KVM: s390: vsie: Allow CRYCB FORMAT-2
    - KVM: s390: vsie: allow CRYCB FORMAT-1
    - KVM: s390: vsie: allow CRYCB FORMAT-0
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-1
    - KVM: s390: vsie: allow guest FORMAT-1 CRYCB on host FORMAT-2
    - KVM: s390: vsie: allow guest FORMAT-0 CRYCB on host FORMAT-2
    - KVM: s390: device attrs to enable/disable AP interpretation
    - KVM: s390: CPU model support for AP virtualization
    - s390: doc: detailed specifications for AP virtualization
    - KVM: s390: fix locking for crypto setting error path
    - KVM: s390: Tracing APCB changes
    - s390: vfio-ap: setup APCB mask using KVM dedicated function
    - s390/zcrypt: Add ZAPQ inline function.
    - s390/zcrypt: Review inline assembler constraints.
    - s390/zcrypt: Integrate ap_asm.h into include/asm/ap.h.
    - s390/zcrypt: fix ap_instructions_available() returncodes
    - s390/zcrypt: remove VLA usage from the AP bus
    - s390/zcrypt: Remove deprecated ioctls.
    - s390/zcrypt: Remove deprecated zcrypt proc interface.
    - s390/zcrypt: Support up to 256 crypto adapters.
    - [Config:] Enable CONFIG_S390_AP_IOMMU and set CONFIG_VFIO_AP to module.

  * Bypass of mount visibility through userns + mount propagation (LP: #1789161)
    - mount: Retest MNT_LOCKED in do_umount
    - mount: Don't allow copying MNT_UNBINDABLE|MNT_LOCKED mounts

  * CVE-2018-18955: nested user namespaces with more than five extents
    incorrectly grant privileges over inode (LP: #1801924) // CVE-2018-18955
    - userns: also map extents in the reverse map to kernel IDs

  * kdump fail due to an IRQ storm (LP: #1797990)
    - SAUCE: x86/PCI: Export find_cap() to be used in early PCI code
    - SAUCE: x86/quirks: Add parameter to clear MSIs early on boot
    - SAUCE: x86/quirks: Scan all busses for early PCI quirks

 -- Thadeu Lima de Souza Cascardo <email address hidden> Thu, 15 Nov 2018 17:01:46 ...

Read more...

Changed in linux (Ubuntu Bionic):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers