2018-05-30 12:55:58 |
Juerg Haefliger |
bug |
|
|
added bug |
2018-05-30 12:56:06 |
Juerg Haefliger |
nominated for series |
|
Ubuntu Xenial |
|
2018-05-30 12:56:14 |
Juerg Haefliger |
linux (Ubuntu): assignee |
|
Juerg Haefliger (juergh) |
|
2018-05-30 13:00:16 |
Ubuntu Kernel Bot |
linux (Ubuntu): status |
New |
Incomplete |
|
2018-06-05 06:23:00 |
Juerg Haefliger |
summary |
Add array_index_nospec |
Update to upstream's implementation of Spectre v1 mitigation |
|
2018-06-05 08:01:38 |
Juerg Haefliger |
nominated for series |
|
Ubuntu Trusty |
|
2018-06-05 08:01:38 |
Juerg Haefliger |
nominated for series |
|
Ubuntu Precise |
|
2018-06-06 06:32:21 |
Juerg Haefliger |
description |
Xenial is currently lacking full support of upstream's Spectre v1 mitigation. As a first step to get there, add the array_index_nospec macro and all the (simple) patches that make use of it. |
Xenial is currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation of the v1 mitigation.
== SRU Justification ==
Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, we skipped all those patches. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable.
== Fix ==
Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Replace Ubuntu's additional barriers with the masking macro, where appropriate.
== Regression Potential ==
Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream.
== Test Case ==
TBD. |
|
2018-06-06 06:32:50 |
Juerg Haefliger |
description |
Xenial is currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation of the v1 mitigation.
== SRU Justification ==
Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, we skipped all those patches. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable.
== Fix ==
Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Replace Ubuntu's additional barriers with the masking macro, where appropriate.
== Regression Potential ==
Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream.
== Test Case ==
TBD. |
Xenial/Trusty/Prexise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation of the v1 mitigation.
== SRU Justification ==
Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, we skipped all those patches. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable.
== Fix ==
Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Replace Ubuntu's additional barriers with the masking macro, where appropriate.
== Regression Potential ==
Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream.
== Test Case ==
TBD. |
|
2018-06-06 06:32:58 |
Juerg Haefliger |
description |
Xenial/Trusty/Prexise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation of the v1 mitigation.
== SRU Justification ==
Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, we skipped all those patches. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable.
== Fix ==
Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Replace Ubuntu's additional barriers with the masking macro, where appropriate.
== Regression Potential ==
Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream.
== Test Case ==
TBD. |
Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation of the v1 mitigation.
== SRU Justification ==
Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, we skipped all those patches. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable.
== Fix ==
Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Replace Ubuntu's additional barriers with the masking macro, where appropriate.
== Regression Potential ==
Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream.
== Test Case ==
TBD. |
|
2018-06-06 06:34:50 |
Juerg Haefliger |
description |
Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation of the v1 mitigation.
== SRU Justification ==
Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, we skipped all those patches. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable.
== Fix ==
Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Replace Ubuntu's additional barriers with the masking macro, where appropriate.
== Regression Potential ==
Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream.
== Test Case ==
TBD. |
Xenial/Trusty/Precise are currently lacking full support of upstream's Spectre v1 mitigation. Add the missing patches and merge them with Ubuntu's current implementation.
== SRU Justification ==
Ubuntu's Spectre v1 mitigation is based on the original embargoed patchset which introduced a barrier macro to prevent speculation beyond array boundaries for user controlled indices. What eventually landed in upstream is slightly different and uses a barrier macro in combination with a masking solution (plus syscall table and user pointer sanitation). During the updates to newer stable upstream versions, all those patches were skipped. After reviewing them, we want to bring them back and merge them with the current implementation which brings us back in sync with upstream stable.
== Fix ==
Add all the missing Spectre v1 patches from upstream stable 4.4.118 to 4.4.131. Where appropriate, replace Ubuntu's additional barriers with the masking macro.
== Regression Potential ==
Low. The patches have been in upstream for quite a while now and we keep the speculation barriers that are currently in Ubuntu but not in upstream.
== Test Case ==
TBD. |
|
2018-06-07 16:46:02 |
Kleber Sacilotto de Souza |
bug task added |
|
linux (Ubuntu Precise) |
|
2018-06-07 16:46:13 |
Kleber Sacilotto de Souza |
bug task added |
|
linux (Ubuntu Trusty) |
|
2018-06-07 16:46:21 |
Kleber Sacilotto de Souza |
bug task added |
|
linux (Ubuntu Xenial) |
|
2018-06-07 17:40:31 |
Stefan Bader |
linux (Ubuntu Xenial): status |
New |
Fix Committed |
|
2018-06-13 11:03:59 |
Brad Figg |
tags |
|
verification-needed-xenial |
|
2018-06-21 15:21:12 |
Juerg Haefliger |
tags |
verification-needed-xenial |
verification-done-xenial |
|
2018-07-02 08:29:08 |
Launchpad Janitor |
linux (Ubuntu Xenial): status |
Fix Committed |
Fix Released |
|
2018-07-02 08:29:08 |
Launchpad Janitor |
cve linked |
|
2018-3639 |
|
2018-07-02 08:29:08 |
Launchpad Janitor |
cve linked |
|
2018-3665 |
|
2018-07-02 08:29:08 |
Launchpad Janitor |
cve linked |
|
2018-7755 |
|
2018-07-27 15:46:57 |
Kleber Sacilotto de Souza |
linux (Ubuntu Trusty): status |
New |
Fix Committed |
|
2018-08-02 16:03:03 |
Brad Figg |
tags |
verification-done-xenial |
verification-done-xenial verification-needed-trusty |
|
2018-08-22 14:10:58 |
Juerg Haefliger |
tags |
verification-done-xenial verification-needed-trusty |
verification-done-trusty verification-done-xenial |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
linux (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2016-10208 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-11472 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-11473 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-14991 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-15649 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16526 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16527 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16529 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16531 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16532 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16533 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16535 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16536 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16537 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16538 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16643 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16644 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16645 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16650 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16911 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16912 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16913 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-16914 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-17558 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-18255 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-18270 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-2583 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-2584 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-2671 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-5549 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-5715 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-5897 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-6345 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-6348 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-7518 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-7645 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-8831 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2017-9984 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-1000204 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-10021 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-10087 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-10124 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-10323 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-10675 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-10877 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-10881 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-1092 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-1093 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-10940 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-12233 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-13094 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-13405 |
|
2018-08-23 21:59:21 |
Launchpad Janitor |
cve linked |
|
2018-13406 |
|
2018-08-23 21:59:22 |
Launchpad Janitor |
linux (Ubuntu Trusty): status |
Fix Committed |
Fix Released |
|
2018-11-10 08:35:29 |
Juerg Haefliger |
linux (Ubuntu Precise): status |
New |
In Progress |
|
2018-11-10 08:35:33 |
Juerg Haefliger |
linux (Ubuntu Precise): assignee |
|
Juerg Haefliger (juergh) |
|
2018-12-04 11:29:59 |
Kleber Sacilotto de Souza |
linux (Ubuntu Precise): status |
In Progress |
Fix Committed |
|
2019-05-14 11:07:25 |
Juerg Haefliger |
linux (Ubuntu Precise): status |
Fix Committed |
Fix Released |
|
2019-06-13 07:39:08 |
Juerg Haefliger |
linux (Ubuntu): status |
Incomplete |
Invalid |
|
2019-07-24 21:24:42 |
Brad Figg |
tags |
verification-done-trusty verification-done-xenial |
cscc verification-done-trusty verification-done-xenial |
|