[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Changed in: linux (Ubuntu Precise)
Status: In Progress => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Precise:
Fix Committed
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Changed in: linux (Ubuntu Precise)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Precise:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Tags removed: verification-needed-trusty
** Tags added: verification-done-trusty
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Precise:
New
Status in linux source package in Trusty:
Fix Committed
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
This bug was fixed in the package linux - 3.13.0-157.207
---
linux (3.13.0-157.207) trusty; urgency=medium
* linux: 3.13.0-157.207 -proposed tracker (LP: #1787982)
* CVE-2017-5715 (Spectre v2 retpoline)
- SAUCE: Fix "x86/retpoline/entry: Convert entry assembler indirect jumps"
* CVE-2017-2583
- KVM: x86: fix emulation of "MOV SS, null selector"
* CVE-2017-7518
- KVM: x86: fix singlestepping over syscall
* CVE-2017-18270
- KEYS: prevent creating a different user's keyrings
* Update to upstream's implementation of Spectre v1 mitigation (LP: #1774181)
- Documentation: Document array_index_nospec
- array_index_nospec: Sanitize speculative array de-references
- x86: Implement array_index_mask_nospec
- x86: Introduce barrier_nospec
- x86/get_user: Use pointer masking to limit speculation
- x86/syscall: Sanitize syscall table de-references under speculation
- vfs, fdtable: Prevent bounds-check bypass via speculative execution
- nl80211: Sanitize array index in parse_txq_params
- x86/spectre: Report get_user mitigation for spectre_v1
- x86/kvm: Update spectre-v1 mitigation
- nospec: Allow index argument to have const-qualified type
- nospec: Move array_index_nospec() parameter checking into separate macro
- nospec: Kill array_index_nospec_mask_check()
- SAUCE: Replace osb() calls with array_index_nospec()
- SAUCE: Rename osb() to barrier_nospec()
- SAUCE: x86: Use barrier_nospec in arch/x86/um/asm/barrier.h
* Prevent speculation on user controlled pointer (LP: #1775137)
- x86: reorganize SMAP handling in user space accesses
- x86: fix SMAP in 32-bit environments
- x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
- x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
- x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
* CVE-2016-10208
- ext4: validate s_first_meta_bg at mount time
- ext4: fix fencepost in s_first_meta_bg validation
* CVE-2018-10323
- xfs: set format back to extents if xfs_bmap_extents_to_btree
* CVE-2017-16911
- usbip: prevent vhci_hcd driver from leaking a socket pointer address
* CVE-2018-13406
- video: uvesafb: Fix integer overflow in allocation
* CVE-2018-10877
- ext4: verify the depth of extent tree in ext4_find_extent()
* CVE-2018-10881
- ext4: clear i_data in ext4_inode_info when removing inline data
* CVE-2018-1092
- ext4: fail ext4_iget for root directory if unallocated
* CVE-2018-1093
- ext4: fix block bitmap validation when bigalloc, ^flex_bg
- ext4: add validity checks for bitmap block numbers
* CVE-2018-12233
- jfs: Fix inconsistency between memory allocation and ea_buf->max_size
* CVE-2017-16912
- usbip: fix stub_rx: get_pipe() to validate endpoint number
* CVE-2018-10675
- mm/mempolicy: fix use after free when calling get_mempolicy
* CVE-2017-8831
- saa7164: fix sparse warnings
- saa7164: fix double fetch PCIe access condition
* CVE-2017-16533
- HID: usbhid: fix out-of-bounds bug
* CVE-2017-16538
- media: dvb-usb-v2: lmedm04: move ts2020 attach to dm04_lme2510_tuner
- media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
* CVE-2017-16644
- hdpvr: Remove deprecated create_singlethread_workqueue
- media: hdpvr: Fix an error handling path in hdpvr_probe()
* CVE-2017-16645
- Input: ims-psu - check if CDC union descriptor is sane
* CVE-2017-5549
- USB: serial: kl5kusb105: fix line-state error handling
* CVE-2017-16532
- usb: usbtest: fix NULL pointer dereference
* CVE-2017-16537
- media: imon: Fix null-ptr-deref in imon_probe
* CVE-2017-11472
- ACPICA: Add additional debug info/statements
- ACPICA: Namespace: fix operand cache leak
* CVE-2017-16643
- Input: gtco - fix potential out-of-bound access
* CVE-2017-16531
- USB: fix out-of-bounds in usb_set_configuration
* CVE-2018-10124
- kernel/signal.c: avoid undefined behaviour in kill_something_info
* CVE-2017-6348
- irda: Fix lockdep annotations in hashbin_delete().
* CVE-2017-17558
- USB: core: prevent malicious bNumInterfaces overflow
* CVE-2017-5897
- ip6_gre: fix ip6gre_err() invalid reads
* CVE-2017-6345
- SAUCE: import sock_efree()
- net/llc: avoid BUG_ON() in skb_orphan()
* CVE-2017-7645
- nfsd: check for oversized NFSv2/v3 arguments
* CVE-2017-9984
- ALSA: msnd: Optimize / harden DSP and MIDI loops
* CVE-2018-1000204
- scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
* CVE-2018-10021
- scsi: libsas: defer ata device eh commands to libata
* CVE-2017-16914
- usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
* CVE-2017-16913
- usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
* CVE-2017-16535
- USB: core: fix out-of-bounds access bug in
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Changed in: linux (Ubuntu Precise)
Status: New => In Progress
** Changed in: linux (Ubuntu Precise)
Assignee: (unassigned) => Juerg Haefliger (juergh)
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Precise:
In Progress
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Tags removed: verification-needed-xenial
** Tags added: verification-done-xenial
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Precise:
New
Status in linux source package in Trusty:
New
Status in linux source package in Xenial:
Fix Committed
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
This bug was fixed in the package linux - 4.4.0-130.156 --- linux (4.4.0-130.156) xenial; urgency=medium * linux: 4.4.0-130.156 -proposed tracker (LP: #1776822) * CVE-2018-3665 (x86) - x86/fpu: Fix early FPU command-line parsing - x86/fpu: Fix 'no387' regression - x86/fpu: Disable MPX when eagerfpu is off - x86/fpu: Default eagerfpu=on on all CPUs - x86/fpu: Fix FNSAVE usage in eagerfpu mode - x86/fpu: Fix math emulation in eager fpu mode - x86/fpu: Fix eager-FPU handling on legacy FPU machines linux (4.4.0-129.155) xenial; urgency=medium * linux: 4.4.0-129.155 -proposed tracker (LP: #1776352) * Xenial update to 4.4.134 stable release (LP: #1775771) - MIPS: ptrace: Expose FIR register through FP regset - MIPS: Fix ptrace(2) PTRACE_PEEKUSR and PTRACE_POKEUSR accesses to o32 FGRs - KVM: Fix spelling mistake: "cop_unsuable" -> "cop_unusable" - affs_lookup(): close a race with affs_remove_link() - aio: fix io_destroy(2) vs. lookup_ioctx() race - ALSA: timer: Fix pause event notification - mmc: sdhci-iproc: fix 32bit writes for TRANSFER_MODE register - libata: Blacklist some Sandisk SSDs for NCQ - libata: blacklist Micron 500IT SSD with MU01 firmware - xen-swiotlb: fix the check condition for xen_swiotlb_free_coherent - Revert "ipc/shm: Fix shmat mmap nil-page protection" - ipc/shm: fix shmat() nil address after round-down when remapping - kasan: fix memory hotplug during boot - kernel/sys.c: fix potential Spectre v1 issue - kernel/signal.c: avoid undefined behaviour in kill_something_info - xfs: remove racy hasattr check from attr ops - do d_instantiate/unlock_new_inode combinations safely - firewire-ohci: work around oversized DMA reads on JMicron controllers - NFSv4: always set NFS_LOCK_LOST when a lock is lost. - ALSA: hda - Use IS_REACHABLE() for dependency on input - ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() - kvm: x86: fix KVM_XEN_HVM_CONFIG ioctl - tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account - PCI: Add function 1 DMA alias quirk for Marvell 9128 - tools lib traceevent: Simplify pointer print logic and fix %pF - perf callchain: Fix attr.sample_max_stack setting - tools lib traceevent: Fix get_field_str() for dynamic strings - dm thin: fix documentation relative to low water mark threshold - nfs: Do not convert nfs_idmap_cache_timeout to jiffies - watchdog: sp5100_tco: Fix watchdog disable bit - kconfig: Don't leak main menus during parsing - kconfig: Fix automatic menu creation mem leak - kconfig: Fix expr_free() E_NOT leak - ipmi/powernv: Fix error return code in ipmi_powernv_probe() - Btrfs: set plug for fsync - btrfs: Fix out of bounds access in btrfs_search_slot - Btrfs: fix scrub to repair raid6 corruption - scsi: fas216: fix sense buffer initialization - HID: roccat: prevent an out of bounds read in kovaplus_profile_activated() - jffs2: Fix use-after-free bug in jffs2_iget()'s error handling path - powerpc/numa: Use ibm,max-associativity-domains to discover possible nodes - powerpc/numa: Ensure nodes initialized for hotplug - RDMA/mlx5: Avoid memory leak in case of XRCD dealloc failure - ntb_transport: Fix bug with max_mw_size parameter - ocfs2: return -EROFS to mount.ocfs2 if inode block is invalid - ocfs2/acl: use 'ip_xattr_sem' to protect getting extended attribute - ocfs2: return error when we attempt to access a dirty bh in jbd2 - mm/mempolicy: fix the check of nodemask from user - mm/mempolicy: add nodes_empty check in SYSC_migrate_pages - asm-generic: provide generic_pmdp_establish() - mm: pin address_space before dereferencing it while isolating an LRU page - IB/ipoib: Fix for potential no-carrier state - x86/power: Fix swsusp_arch_resume prototype - firmware: dmi_scan: Fix handling of empty DMI strings - ACPI: processor_perflib: Do not send _PPC change notification if not ready - MIPS: TXx9: use IS_BUILTIN() for CONFIG_LEDS_CLASS - xen-netfront: Fix race between device setup and open - xen/grant-table: Use put_page instead of free_page - RDS: IB: Fix null pointer issue - arm64: spinlock: Fix theoretical trylock() A-B-A with LSE atomics - proc: fix /proc/*/map_files lookup - cifs: silence compiler warnings showing up with gcc-8.0.0 - bcache: properly set task state in bch_writeback_thread() - bcache: fix for allocator and register thread race - bcache: fix for data collapse after re-attaching an attached device - bcache: return attach error when no cache set exist - tools/libbpf: handle issues with bpf ELF objects containing .eh_frames - locking/qspinlock: Ensure node->count is updated before initialising node - irqchip/gic-v3: Change pr_debug message to pr_devel - scsi: ufs: Enable quirk to ignore sending
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Description changed:
- Upstream's Spectre v1 mitigation prevents speculation on a user
- controlled pointer. This part of the Spectre v1 patchset was never
- backported to 4.4 (for unknown reasons) so Xenial is lacking it as well.
- All the other stable upstream kernels include it, so add it to Xenial.
- Specifically, the following patches are needed:
+ == SRU Justification ==
+ Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
- c7f631cb07e7 x86/get_user: Use pointer masking to limit speculation
- 304ec1b05031 x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
- b5c4ae4f3532 x86/usercopy: Replace open coded stac/clac with
__uaccess_{begin, end}
- b3bbfb3fb5d2 x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+ == Fix ==
+ Backport the following patches:
+ x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
+ x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
+ x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
+
+ == Regression Potential ==
+ Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
+
+ == Test Case ==
+ TBD.
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Also affects: linux (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Xenial:
New
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Also affects: linux (Ubuntu Precise)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Trusty)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Precise:
New
Status in linux source package in Trusty:
New
Status in linux source package in Xenial:
New
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Changed in: linux (Ubuntu Xenial)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Precise:
New
Status in linux source package in Trusty:
New
Status in linux source package in Xenial:
Fix Committed
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
xenial' to 'verification-done-xenial'. If the problem still exists,
change the tag 'verification-needed-xenial' to 'verification-failed-
xenial'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-xenial
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Precise:
New
Status in linux source package in Trusty:
New
Status in linux source package in Xenial:
Fix Committed
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Changed in: linux (Ubuntu)
Status: Incomplete => Invalid
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Precise:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Changed in: linux (Ubuntu Trusty)
Status: New => Fix Committed
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Precise:
New
Status in linux source package in Trusty:
Fix Committed
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
trusty' to 'verification-done-trusty'. If the problem still exists,
change the tag 'verification-needed-trusty' to 'verification-failed-
trusty'.
If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.
See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!
** Tags added: verification-needed-trusty
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Precise:
New
Status in linux source package in Trusty:
Fix Committed
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1775137] Re: Prevent speculation on user controlled pointer
** Tags added: cscc
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1775137
Title:
Prevent speculation on user controlled pointer
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Precise:
Fix Released
Status in linux source package in Trusty:
Fix Released
Status in linux source package in Xenial:
Fix Released
Bug description:
== SRU Justification ==
Upstream's Spectre v1 mitigation prevents speculation on a user controlled
pointer. This part of the Spectre v1 patchset was never backported to 4.4 (for
unknown reasons) so Xenial/Trusty/Precise are lacking it as well. All the other
stable upstream kernels include it, so add it to our older kernels.
== Fix ==
Backport the following patches:
x86/uaccess: Use __uaccess_begin_nospec() and uaccess_try_nospec
x86/usercopy: Replace open coded stac/clac with __uaccess_{begin, end}
x86: Introduce __uaccess_begin_nospec() and uaccess_try_nospec
== Regression Potential ==
Low. Patches have been in upstream (and other distro kernels) for quite a
while now and the changes only introduce a barrier on copy_from_user operations.
== Test Case ==
TBD.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1775137/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
