off-by-one bug in L1TF mitigation

Bug #1789834 reported by Markus Schade
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
linux (Ubuntu)
Triaged
Medium
Unassigned
Trusty
Triaged
Medium
Unassigned
Xenial
Triaged
Medium
Unassigned
Bionic
Triaged
Medium
Unassigned

Bug Description

due to an off-by-one bug in the L1TF patch, the "rare" case of systems still vulnerable
is more frequent.

This typically happens on Nehalem+ destop/entry-level server systems with 32G memory installed.

Originally this was reported in OpenSUSE, but I can confirm this is also happens with the latest trusty kernel (3.13.0-157-generic)

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=b0a182f875689647b014bc01d36b340217792852

The following patch increases the memory limit for the mitigation on these systems in general:

https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?h=x86/urgent&id=cc51e5428ea54f575d49cfcede1d4cb3a72b4ec4

description: updated
Changed in linux (Ubuntu):
status: New → Confirmed
Changed in linux (Ubuntu):
importance: Undecided → Medium
Changed in linux (Ubuntu Trusty):
status: New → Incomplete
Changed in linux (Ubuntu):
status: Confirmed → Incomplete
Changed in linux (Ubuntu Trusty):
importance: Undecided → Medium
status: Incomplete → Triaged
Changed in linux (Ubuntu):
status: Incomplete → Triaged
tags: added: kernel-da-key trusty
Revision history for this message
Markus Schade (lp-markusschade) wrote :

This happens pretty much on all Ubuntu kernels with the initial L1TF implementation, so xenial, bionic and cosmic are also affected.

https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.154
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.18.6

Changed in linux (Ubuntu Xenial):
status: New → Triaged
Changed in linux (Ubuntu Bionic):
status: New → Triaged
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
Changed in linux (Ubuntu Bionic):
importance: Undecided → Medium
Brad Figg (brad-figg)
tags: added: cscc
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.