This bug was fixed in the package linux-kvm - 4.15.0-1010.10
---------------
linux-kvm (4.15.0-1010.10) bionic; urgency=medium
[ Ubuntu: 4.15.0-22.24 ]
* CVE-2018-3639 (powerpc)
- powerpc/64s: Add support for a store forwarding barrier at kernel
entry/exit
- stf-barrier: set eieio instruction bit 6 for future optimisations
* CVE-2018-3639 (x86)
- x86/nospec: Simplify alternative_msr_write()
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
* LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values
linux-kvm (4.15.0-1009.9) bionic; urgency=medium
* linux-kvm: 4.15.0-1009.9 -proposed tracker (LP: #1767409)
* linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools
* Unable to start docker application with B-KVM kernel (LP: #1763630)
- kvm: [config] enable NF_NAT, NF_CONNTRACK
- kvm: [config] enable IP_NF_TABLES
* test_078_SLAB_freelist_randomization failed on 4.15 KVM kernel
(LP: #1764975)
- kvm: [config] enable CONFIG_SLAB_FREELIST_{HARDENED,RANDOM}
* linux-kvm 4.15 needs CONFIG_VMAP_STACK set (LP: #1764985)
- kvm: [config] enable CONFIG_VMAP_STACK
* test_140_kernel_modules_not_tainted in kernel security test failed with 4.15
kvm kernel (LP: #1766832)
- kvm: [config] enable CONFIG_MODULE_UNLOAD
[ Ubuntu: 4.15.0-21.22 ]
* linux: 4.15.0-21.22 -proposed tracker (LP: #1767397)
* initramfs-tools exception during pm.DoInstall with do-release-upgrade from
16.04 to 18.04 (LP: #1766727)
- Add linux-image-* Breaks on s390-tools (<< 2.3.0-0ubuntu3)
* linux-image-4.15.0-20-generic install after upgrade from xenial breaks
(LP: #1767133)
- Packaging: Depends on linux-base that provides the necessary tools
* linux-image packages need to Breaks flash-kernel << 3.90ubuntu2
(LP: #1766629)
- linux-image-* breaks on flash-kernel (<< 3.90ubuntu2)
-- Stefan Bader <[email protected]> Thu, 17 May 2018 10:30:53
+0200
** Changed in: linux-kvm (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux-kvm in Ubuntu.
https://bugs.launchpad.net/bugs/1764985
Title:
linux-kvm 4.15 needs CONFIG_VMAP_STACK set
Status in QA Regression Testing:
Fix Released
Status in linux package in Ubuntu:
Invalid
Status in linux-kvm package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Invalid
Status in linux-kvm source package in Bionic:
Fix Released
Bug description:
test_181_config_vmap_stack in ubuntu_qrt_kernel_security_test has
failed with 4.15.0-1004-kvm
FAIL: test_181_config_vmap_stack (__main__.KernelSecurityTest)
Ensure kernel stack isolation is set
----------------------------------------------------------------------
Traceback (most recent call last):
File "./test-kernel-security.py", line 2149, in test_181_config_vmap_stack
self.assertEqual(self._get_config('VMAP_STACK'), expected)
AssertionError: None != 'y'
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-1004-kvm 4.15.0-1004.4
ProcVersionSignature: User Name 4.15.0-1004.4-kvm 4.15.15
Uname: Linux 4.15.0-1004-kvm x86_64
ApportVersion: 2.20.9-0ubuntu5
Architecture: amd64
Date: Wed Apr 18 09:29:03 2018
ProcEnviron:
TERM=xterm-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=C.UTF-8
SHELL=/bin/bash
SourcePackage: linux-kvm
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/qa-regression-testing/+bug/1764985/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
