[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Changed in: ubuntu-power-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Released Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
This bug was fixed in the package linux - 5.0.0-31.33 --- linux (5.0.0-31.33) disco; urgency=medium * disco/linux: 5.0.0-31.33 -proposed tracker (LP: #1846026) * Packaging resync (LP: #1786013) - [Packaging] update helper scripts * /proc/self/maps paths missing on live session (was vlc won't start; eoan 19.10 & bionic 18.04 ubuntu/lubuntu/kubuntu/xubuntu/ubuntu-mate dailies) (LP: #1842382) - SAUCE: Revert "UBUNTU: SAUCE: shiftfs: enable overlayfs on shiftfs" linux (5.0.0-30.32) disco; urgency=medium * disco/linux: 5.0.0-30.32 -proposed tracker (LP: #1844362) * Disco update: upstream stable patchset 2019-08-20 (LP: #1840846) - Revert "e1000e: fix cyclic resets at link up with active tx" - e1000e: start network tx queue only when link is up - Input: synaptics - enable SMBUS on T480 thinkpad trackpad - nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header - drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT - firmware: improve LSM/IMA security behaviour - irqchip/gic-v3-its: Fix command queue pointer comparison bug - clk: ti: clkctrl: Fix returning uninitialized data - efi/bgrt: Drop BGRT status field reserved bits check - perf/core: Fix perf_sample_regs_user() mm check - ARM: dts: gemini Fix up DNS-313 compatible string - ARM: omap2: remove incorrect __init annotation - afs: Fix uninitialised spinlock afs_volume::cb_break_lock - x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz - be2net: fix link failure after ethtool offline test - ppp: mppe: Add softdep to arc4 - sis900: fix TX completion - ARM: dts: imx6ul: fix PWM[1-4] interrupts - pinctrl: mcp23s08: Fix add_data and irqchip_add_nested call order - dm table: don't copy from a NULL pointer in realloc_argv() - dm verity: use message limit for data block corruption message - x86/boot/64: Fix crash if kernel image crosses page table boundary - x86/boot/64: Add missing fixup_pointer() for next_early_pgt access - HID: chicony: add another quirk for PixArt mouse - pinctrl: mediatek: Ignore interrupts that are wake only during resume - cpu/hotplug: Fix out-of-bounds read when setting fail state - pinctrl: mediatek: Update cur_mask in mask/mask ops - linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL - genirq: Delay deactivation in free_irq() - genirq: Fix misleading synchronize_irq() documentation - genirq: Add optional hardware synchronization for shutdown - x86/ioapic: Implement irq_get_irqchip_state() callback - x86/irq: Handle spurious interrupt after shutdown gracefully - x86/irq: Seperate unused system vectors from spurious entry again - ARC: hide unused function unw_hdr_alloc - s390: fix stfle zero padding - s390/qdio: (re-)initialize tiqdio list entries - s390/qdio: don't touch the dsci in tiqdio_add_input_queues() - crypto: talitos - move struct talitos_edesc into talitos.h - crypto: talitos - fix hash on SEC1. - crypto/NX: Set receive window credits to max number of CRBs in RxFIFO - drm/udl: introduce a macro to convert dev to udl. - drm/udl: move to embedding drm device inside udl device. - x86/entry/32: Fix ENDPROC of common_spurious - irqchip/irq-csky-mpintc: Support auto irq deliver to all cpus - arm64: dts: ls1028a: Fix CPU idle fail. - selftests/powerpc: Add test of fork with mapping above 512TB - x86/efi: fix a -Wtype-limits compilation warning - pinctrl: ocelot: fix gpio direction for pins after 31 - pinctrl: ocelot: fix pinmuxing for pins after 31 - mm/oom_kill.c: fix uninitialized oc->constraint - fork,memcg: alloc_thread_stack_node needs to set tsk->stack - MIPS: ath79: fix ar933x uart parity mode - MIPS: fix build on non-linux hosts - arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly - scsi: iscsi: set auth_protocol back to NULL if CHAP_A value is not supported - dmaengine: imx-sdma: fix use-after-free on probe error path - wil6210: fix potential out-of-bounds read - ath10k: Do not send probe response template for mesh - ath9k: Check for errors when reading SREV register - ath6kl: add some bounds checking - ath10k: add peer id check in ath10k_peer_find_by_id - wil6210: fix spurious interrupts in 3-msi - ath: DFS JP domain W56 fixed pulse type 3 RADAR detection - regmap: debugfs: Fix memory leak in regmap_debugfs_init - batman-adv: fix for leaked TVLV handler. - media: dvb: usb: fix use after free in dvb_usb_device_exit - media: spi: IR LED: add missing of table registration - crypto: talitos - fix skcipher failure due to wrong output IV - media: ov7740: avoid invalid framesize setting - media: marvell-ccic: fix DMA s/g desc number calculation - media: vpss: fix a potential NULL pointer dereference - media: media_device_enum_links32:
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- disco' to 'verification-done-disco'. If the problem still exists, change the tag 'verification-needed-disco' to 'verification-failed-disco'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-disco -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Committed Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Changed in: ubuntu-power-systems Status: Fix Released => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Committed Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Changed in: linux (Ubuntu Disco) Status: New => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: Fix Committed Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Also affects: linux (Ubuntu Disco) Importance: Undecided Status: New -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Status in linux source package in Disco: New Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
The Disco kernel is missing: 2b57ecd0208f ("KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char()") -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Tags added: cscc -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
Test Environment: - Witherspoon DD2.3 - Ubu 18.04.2 Test Result: Ubuntu 18.04.2 LTS ltc-wcwsp3 hvc0 ltc-wcwsp3 login: Ubuntu 18.04.2 LTS ltc-wcwsp3 hvc0 ltc-wcwsp3 login: root Password: Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-50-generic ppc64le) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support:https://ubuntu.com/advantage root@ltc-wcwsp3:~# uname -a Linux ltc-wcwsp3 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:55:18 UTC 2019 ppc64le ppc64le ppc64le GNU/Linux root@ltc-wcwsp3:~# tail /proc/cpuinfo cpu : POWER9, altivec supported clock : 3800.00MHz revision: 2.3 (pvr 004e 1203) timebase: 51200 platform: PowerNV model : 8335-GTW machine : PowerNV 8335-GTW firmware: OPAL MMU : Radix root@ltc-wcwsp3:~# grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2 /sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count cache flush (hardware accelerated) root@ltc-wcwsp3:~# dmesg | grep count-cache-flush [0.00] count-cache-flush: hardware assisted flush sequence enabled root@ltc-wcwsp3:~# echo x > /proc/sysrq-trigger [ 337.227090] sysrq: SysRq : Entering xmon cpu 0x50: Vector: 0 at [c000201bebeefae0] pc: c00e59f8: sysrq_handle_xmon+0xc8/0xd0 lr: c00e59f8: sysrq_handle_xmon+0xc8/0xd0 sp: c000201bebeefc40 msr: 90009033 current = 0xc000201bebe67600 paca= 0xcfab7000 softe: 0irq_happened: 0x01 pid = 5129, comm = bash Linux version 4.15.0-50-generic (buildd@bos02-ppc64el-006) (gcc version 7.3.0 (Ubuntu 7.3.0-16ubuntu3)) #54-Ubuntu SMP Mon May 6 18:55:18 UTC 2019 (Ubuntu 4.15.0-50.54-generic 4.15.18) enter ? for help [c000201bebeefc70] c07fbe28 __handle_sysrq+0xf8/0x2c0 [c000201bebeefd10] c07fc638 write_sysrq_trigger+0x68/0x90 [c000201bebeefd40] c0487bc8 proc_reg_write+0x88/0xd0 [c000201bebeefd70] c03da9fc __vfs_write+0x3c/0x70 [c000201bebeefd90] c03dac58 vfs_write+0xd8/0x220 [c000201bebeefde0] c03daf78 SyS_write+0x68/0x110 [c000201bebeefe30] c000b288 system_call+0x5c/0x70 --- Exception: c01 (System Call) at 70566a24e420 SP (76712c70) is in userspace 50:mon> 50:mon> di $_switch 20 c000db00 7c0802a6 mflrr0 c000db04 f8010010 std r0,16(r1) c000db08 f821fe31 stdur1,-464(r1) c000db0c f9c100e0 std r14,224(r1) c000db10 f9e100e8 std r15,232(r1) c000db14 fa0100f0 std r16,240(r1) c000db18 fa2100f8 std r17,248(r1) c000db1c fa410100 std r18,256(r1) c000db20 fa610108 std r19,264(r1) c000db24 fa810110 std r20,272(r1) c000db28 faa10118 std r21,280(r1) c000db2c fac10120 std r22,288(r1) c000db30 fae10128 std r23,296(r1) c000db34 fb010130 std r24,304(r1) c000db38 fb210138 std r25,312(r1) c000db3c fb410140 std r26,320(r1) c000db40 fb610148 std r27,328(r1) c000db44 fb810150 std r28,336(r1) c000db48 fba10158 std r29,344(r1) c000db4c fbc10160 std r30,352(r1) c000db50 fbe10168 std r31,360(r1) c000db54 f8010170 std r0,368(r1) c000db58 7ee00026 mfcrr23 c000db5c fae101a0 std r23,416(r1) c000db60 f823 std r1,0(r3) c000db64 4bffdb1d bl c000b680# flush_count_cache+0x0/0x2480 c000db68 3cc06000 lis r6,24576 c000db6c 7d40322c dcbt0,r6,10 c000db70 38c4f4d0 addir6,r4,-2864 c000db74 f8cd0260 std r6,608(r13) c000db78 e904 ld r8,0(r4) c000db7c 4864 b c000dbe0# _switch+0xe0/0x180 50:mon> di $flush_count_cache 4d c000b680 7d2802a6 mflrr9 c000b684 4805 bl c000b688# flush_count_cache+0x8/0x2480 ... c000b784 481c b c000b7a0# flush_count_cache+0x120/0x2480 c000b788 6000 nop ... c000b7a0 7d2803a6 mtlrr9 c000b7a4 39207fff li r9,32767 c000b7a8 7d2903a6 mtctr r9 c000b7ac 4c400420 bcctr- 2,lt c000b7b0 4e800020 blr 50:mon> Summary: Mitigation fix validation passed. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Released Status in linux
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Changed in: ubuntu-power-systems Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Fix Released Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
This bug was fixed in the package linux - 4.15.0-50.54 --- linux (4.15.0-50.54) bionic; urgency=medium * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130 - Documentation/l1tf: Fix small spelling typo - x86/cpu: Sanitize FAM6_ATOM naming - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID - locking/atomics, asm-generic: Move some macros from to a new file - tools include: Adopt linux/bits.h - x86/msr-index: Cleanup bit defines - x86/speculation: Consolidate CPU whitelists - x86/speculation/mds: Add basic bug infrastructure for MDS - x86/speculation/mds: Add BUG_MSBDS_ONLY - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests - x86/speculation/mds: Add mds_clear_cpu_buffers() - x86/speculation/mds: Clear CPU buffers on exit to user - x86/kvm/vmx: Add MDS protection when L1D Flush is not active - x86/speculation/mds: Conditionally clear CPU buffers on idle entry - x86/speculation/mds: Add mitigation control for MDS - x86/speculation/mds: Add sysfs reporting for MDS - x86/speculation/mds: Add mitigation mode VMWERV - Documentation: Move L1TF to separate directory - Documentation: Add MDS vulnerability documentation - x86/speculation/mds: Add mds=full,nosmt cmdline option - x86/speculation: Move arch_smt_update() call to after mitigation decisions - x86/speculation/mds: Add SMT warning message - x86/speculation/mds: Fix comment - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off - x86/speculation/mds: Add 'mitigations=' support for MDS * CVE-2017-5715 // CVE-2017-5753 - s390/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639 - powerpc/speculation: Support 'mitigations=' cmdline option * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 // CVE-2018-3646 - cpu/speculation: Add 'mitigations=' cmdline option - x86/speculation: Support 'mitigations=' cmdline option * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log linux (4.15.0-49.53) bionic; urgency=medium * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358) * Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870) - powerpc/64s: Add support for ori barrier_nospec patching - powerpc/64s: Patch barrier_nospec in modules - powerpc/64s: Enable barrier_nospec based on firmware settings - powerpc: Use barrier_nospec in copy_from_user() - powerpc/64: Use barrier_nospec in syscall entry - powerpc/64s: Enhance the information in cpu_show_spectre_v1() - powerpc/64: Disable the speculation barrier from the command line - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC - powerpc/64: Call setup_barrier_nospec() from setup_arch() - powerpc/64: Make meltdown reporting Book3S 64 specific - powerpc/lib/code-patching: refactor patch_instruction() - powerpc/lib/feature-fixups: use raw_patch_instruction() - powerpc/asm: Add a patch_site macro & helpers for patching instructions - powerpc/64s: Add new security feature flags for count cache flush - powerpc/64s: Add support for software count cache flush - powerpc/pseries: Query hypervisor for count cache flush settings - powerpc/powernv: Query firmware for count cache flush settings - powerpc/fsl: Add nospectre_v2 command line argument - KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char() - [Config] Add CONFIG_PPC_BARRIER_NOSPEC * Packaging resync (LP: #1786013) - [Packaging] resync git-ubuntu-log * autopkgtests run too often, too much and don't skip enough (LP: #1823056) - [Debian] Set +x on rebuild testcase. - [Debian] Skip rebuild test, for regression-suite deps. - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels. - [Debian] make rebuild use skippable error codes when skipping. - [Debian] Only run regression-suite, if requested to. * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868) - [Packaging] remove arm64 snapdragon from getabis - [Config] config changes for snapdragon split - packaging: arm64: disable building the snapdragon flavour - [Packaging] arm64: Drop snapdragon from kernel-versions * CVE-2017-5753 - KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq() - media: dvb_ca_en50221: prevent using slot_info for Spectre attacs - sysvipc/sem: mitigate semnum index against spectre v1 - libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store() - s390/keyboard: sanitize array index in do_kdsk_ioctl - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() - KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr() - pktcdvd: Fix possible Spectre-v1 for
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
Adjusting tag according to IBM's test result in comment #19 ** Tags removed: verification-needed-bionic ** Tags added: verification-done-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Released Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed- bionic'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-bionic -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Released Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
Next steps: 1) Kernel (security) team to add verification-bionic tags 2) IBM to verify bionic -proposed pocket, and update the bug tags -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Released Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
Marking Cosmic series as "Fix Released" following the Description comment: "The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches." ** Changed in: linux (Ubuntu Cosmic) Status: New => Fix Released ** Changed in: linux (Ubuntu) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Released Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Changed in: linux (Ubuntu Bionic) Assignee: (unassigned) => Canonical Kernel Security Team (canonical-kernel-security-team) ** Changed in: linux (Ubuntu Bionic) Importance: Undecided => Critical -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: Fix Released Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Changed in: ubuntu-power-systems Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: Fix Committed Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: New Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Changed in: linux (Ubuntu Bionic) Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: In Progress Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: Fix Committed Status in linux source package in Cosmic: New Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Also affects: linux (Ubuntu Cosmic) Importance: Undecided Status: New ** Also affects: linux (Ubuntu Bionic) Importance: Undecided Status: New ** Changed in: linux (Ubuntu Bionic) Status: New => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: In Progress Status in linux package in Ubuntu: In Progress Status in linux source package in Bionic: In Progress Status in linux source package in Cosmic: New Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
SRU Submitted: https://lists.ubuntu.com/archives/kernel- team/2019-April/100042.html -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: In Progress Status in linux package in Ubuntu: In Progress Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. [OTHER INFO] For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Description changed: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] - List of upstream patches identified by IBM in comment #4, #5, and #8. + List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] + Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] - The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. + The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. For the different kernels: [OTHER INFO] The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. ** Description changed: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] Pre-req: requires Power9 DD2.3 hardware. A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. + + [OTHER INFO] For the different kernels: - [OTHER INFO] - The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. + The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to + have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Description changed: + [IMPACT] + Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. + + [Fix] + List of upstream patches identified by IBM in comment #4, #5, and #8. + + [Test] + A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. + + [REGRESSION POTENTIAL] + The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. For the different kernels: - The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to - have all patches. + [OTHER INFO] + The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: In Progress Status in linux package in Ubuntu: In Progress Bug description: [IMPACT] Need to further address the Spectre v2 and Meltdown vulnerability in Power with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, and additional Spectre/Meltdown related patches for Power9. [Fix] List of upstream patches identified by IBM in comment #4, #5, and #8. [Test] A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the kernel was tested by IBM. Please see comment #11 and #14 for details. [REGRESSION POTENTIAL] The patches are isolated to the ppc64el architecture and does not impact generic code. ppc64el test kernel was tested by IBM and no regressions were reported. For the different kernels: [OTHER INFO] The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
Michael, I backported that patch and built a new kernel for you to test in this PPA: https://launchpad.net/~ubuntu-power-triage/+archive/ubuntu/lp1822870 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: In Progress Status in linux package in Ubuntu: In Progress Bug description: For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
Michael, I can patch that on top of the patches I already have and build a PPA kernel out for you for testing. -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: In Progress Status in linux package in Ubuntu: In Progress Bug description: For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Changed in: linux (Ubuntu) Status: New => In Progress ** Changed in: ubuntu-power-systems Status: New => In Progress -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: In Progress Status in linux package in Ubuntu: In Progress Bug description: For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
Hi Michael R, I tried to apply your patches to test them and support the effort to get them included in the Bionic kernel, but I'm having some trouble applying them: ubuntu@dja-bionic:~/bionic$ git am ../patches/01-powerpc-64s-add-support-for-ori-barrier_nospec.patch Patch format detection failed. ubuntu@dja-bionic:~/bionic$ git am ../patches/01-powerpc-64s-add-support-for-ori-barrier_nospec.patch --patch-format mbox Applying: commit 2eea7f067f495e33b8b116b35b5988ab2b8aec55 fatal: empty ident name (for <>) not allowed How are you generating them? They don't look like they've been generated with git format-patch...? Regards, Daniel -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: In Progress Status in linux package in Ubuntu: In Progress Bug description: For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Changed in: linux (Ubuntu) Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) => Canonical Kernel Security Team (canonical-kernel-security-team) ** Changed in: linux (Ubuntu) Importance: Undecided => Critical -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: New Status in linux package in Ubuntu: New Bug description: For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
** Also affects: ubuntu-power-systems Importance: Undecided Status: New ** Changed in: ubuntu-power-systems Importance: Undecided => Critical ** Information type changed from Public to Public Security ** Changed in: ubuntu-power-systems Assignee: (unassigned) => Canonical Kernel Security Team (canonical-kernel-security-team) -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1822870 Title: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3) Status in The Ubuntu-power-systems project: New Status in linux package in Ubuntu: New Bug description: For the different kernels: The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have all patches. Disco appears to be missing only this patch: 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting Cosmic (which is supported until July) is missing a number of patches: cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation barrier from the command line 6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier PPC_BOOK3S_64 specific. 179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call setup_barrier_nospec() from setup_arch() 406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting Book3S 64 specific 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security feature flags for count cache flush ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for software count cache flush ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor for count cache flush settings 99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for count cache flush settings 7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 mitigations reporting 92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 reporting This appears to already be in -next. For the bionic 18.04.1 (4.15) kernel only this patch is already part of master-next: a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec The others are ported, there were only 3 that were not clean. Those are: 2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori barrier_nospec patching This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is missing, but it does not look like that is required here. cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec based on firmware settings This failed because debugfs was already included, I can see that previously added, I didn't see where it was previously removed. 06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro & helpers for patching instructions This failed because 8183d99f4a22c is not included - but doesn't seem necessary. All other patches applied with, at most, some fuzz. Has had a little testing - boots, check debugfs, etc. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp