This bug was fixed in the package linux - 4.15.0-39.42
---------------
linux (4.15.0-39.42) bionic; urgency=medium
* linux: 4.15.0-39.42 -proposed tracker (LP: #1799411)
* Linux: insufficient shootdown for paging-structure caches (LP: #1798897)
- mm: move tlb_table_flush to tlb_flush_mmu_free
- mm/tlb: Remove tlb_remove_table() non-concurrent condition
- mm/tlb, x86/mm: Support invalidating TLB caches for RCU_TABLE_FREE
- [Config] CONFIG_HAVE_RCU_TABLE_INVALIDATE=y
* Ubuntu18.04: GPU total memory is reduced (LP: #1792102)
- Revert "powerpc/powernv: Increase memory block size to 1GB on radix"
* arm64: snapdragon: reduce boot noise (LP: #1797154)
- [Config] arm64: snapdragon: DRM_MSM=m
- [Config] arm64: snapdragon: SND*=m
- [Config] arm64: snapdragon: disable ARM_SDE_INTERFACE
- [Config] arm64: snapdragon: disable DRM_I2C_ADV7511_CEC
- [Config] arm64: snapdragon: disable VIDEO_ADV7511, VIDEO_COBALT
* [Bionic] CPPC bug fixes (LP: #1796949)
- ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id
- cpufreq: CPPC: Don't set transition_latency
- ACPI / CPPC: Fix invalid PCC channel status errors
* regression in 'ip --family bridge neigh' since linux v4.12 (LP: #1796748)
- rtnetlink: fix rtnl_fdb_dump() for ndmsg header
* screen displays abnormally on the lenovo M715 with the AMD GPU (Radeon Vega
8 Mobile, rev ca, 1002:15dd) (LP: #1796786)
- drm/amd/display: Fix takover from VGA mode
- drm/amd/display: early return if not in vga mode in disable_vga
- drm/amd/display: Refine disable VGA
* arm64: snapdragon: WARNING: CPU: 0 PID: 1 arch/arm64/kernel/setup.c:271
reserve_memblock_reserved_regions (LP: #1797139)
- SAUCE: arm64: Fix /proc/iomem for reserved but not memory regions
* The front MIC can't work on the Lenovo M715 (LP: #1797292)
- ALSA: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
* Keyboard backlight sysfs sometimes is missing on Dell laptops (LP: #1797304)
- platform/x86: dell-smbios: Correct some style warnings
- platform/x86: dell-smbios: Rename dell-smbios source to dell-smbios-base
- platform/x86: dell-smbios: Link all dell-smbios-* modules together
- [Config] CONFIG_DELL_SMBIOS_SMM=y, CONFIG_DELL_SMBIOS_WMI=y
* rpi3b+: ethernet not working (LP: #1797406)
- lan78xx: Don't reset the interface on open
* 87cdf3148b11 was never backported to 4.15 (LP: #1795653)
- xfrm: Verify MAC header exists before overwriting eth_hdr(skb)->h_proto
* [Ubuntu18.04][Power9][DD2.2]package installation segfaults inside debian
chroot env in P9 KVM guest with HTM enabled (kvm) (LP: #1792501)
- KVM: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds
* Provide mode where all vCPUs on a core must be the same VM (LP: #1792957)
- KVM: PPC: Book3S HV: Provide mode where all vCPUs on a core must be the
same
VM
* fscache: bad refcounting in fscache_op_complete leads to OOPS (LP: #1797314)
- SAUCE: fscache: Fix race in decrementing refcount of op->npages
* CVE-2018-9363
- Bluetooth: hidp: buffer overflow in hidp_process_report
* CVE-2017-13168
- scsi: sg: mitigate read/write abuse
* [Bionic] ACPI / PPTT: use ACPI ID whenever ACPI_PPTT_ACPI_PROCESSOR_ID_VALID
is set (LP: #1797200)
- ACPI / PPTT: use ACPI ID whenever ACPI_PPTT_ACPI_PROCESSOR_ID_VALID is set
* [Bionic] arm64: topology: Avoid checking numa mask for scheduler MC
selection (LP: #1797202)
- arm64: topology: Avoid checking numa mask for scheduler MC selection
* crypto/vmx - Backport of Fix sleep-in-atomic bugs patch for 18.04
(LP: #1790832)
- crypto: vmx - Fix sleep-in-atomic bugs
* hns3: autoneg settings get lost on down/up (LP: #1797654)
- net: hns3: Fix for information of phydev lost problem when down/up
* not able to unwind the stack from within __kernel_clock_gettime in the Linux
vDSO (LP: #1797963)
- powerpc/vdso: Correct call frame information
* Signal 7 error when running GPFS tracing in cluster (LP: #1792195)
- powerpc/mm/books3s: Add new pte bit to mark pte temporarily invalid.
- powerpc/mm/radix: Only need the Nest MMU workaround for R -> RW transition
* Support Edge Gateway's WIFI LED (LP: #1798330)
- SAUCE: mwifiex: Switch WiFi LED state according to the device status
* Support Edge Gateway's Bluetooth LED (LP: #1798332)
- SAUCE: Bluetooth: Support for LED on Edge Gateways
* USB cardreader (0bda:0328) make the system can't enter s3 or hang
(LP: #1798328)
- usb: Don't disable Latency tolerance Messaging (LTM) before port reset
* CVE-2018-15471
- xen-netback: fix input validation in xenvif_set_hash_mapping()
* CVE-2018-16658
- cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
* [Bionic] Update ThunderX2 implementation defined pmu core events
(LP: #1796904)
- perf vendor events arm64: Update ThunderX2 implementation defined pmu core
events
* the machine of lenovo M715 with the AMD GPU (Radeon Vega 8 Mobile, rev ca,
1002:15dd) often hangs randomly (LP: #1796789)
- drm/amd: Add missing fields in atom_integrated_system_info_v1_11
* [18.04] GLK hang after a while (LP: #1760545)
- drm/i915/glk: Add MODULE_FIRMWARE for Geminilake
* Fix usbcore.quirks when used at boot (LP: #1795784)
- usb: core: safely deal with the dynamic quirk lists
-- Kleber Sacilotto de Souza <[email protected]> Tue, 23 Oct
2018 14:44:55 +0000
** Changed in: linux (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-13168
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15471
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-16658
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-9363
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1792957
Title:
Provide mode where all vCPUs on a core must be the same VM
Status in The Ubuntu-power-systems project:
In Progress
Status in linux package in Ubuntu:
In Progress
Status in linux source package in Bionic:
Fix Released
Status in linux source package in Cosmic:
Fix Committed
Bug description:
== SRU Justification ==
This patch has been requested by IBM. It provides a mode where all vCPUs
on a core must be the same VM. This is intended for use in
security-conscious settings where users are concerned about possible
side-channel attacks between threads which could perhaps enable one VM
to attack another VM on the same core, or the host.
== Fix ==
linux-next commit:
aa2278644ae5 ("KVM: PPC: Book3S HV: Provide mode where all vCPUs on a core
must be the same VM")
== Regression Potential ==
Low. Changes limited to powerpc.
== Test Case ==
A test kernel was built with this patch and tested by the original bug
reporter.
The bug reporter states the test kernel resolved the bug.
== Comment: #0 - Leonardo Augusto Guimaraes Garcia <[email protected]> -
2018-09-13 07:12:48 ==
+++ This bug was initially created as a clone of Bug #171443 +++
Please, add the following patch:
http://patchwork.ozlabs.org/patch/968786/
which adds a mode where all vCPUs on a core must be the same VM on
POWER8 and POWER9.
This is intended for use in security-conscious settings where users
are concerned about possible side-channel attacks between threads
which could perhaps enable one VM to attack another VM on the same
core, or the host.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1792957/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
