subject:"\[Kernel\-packages\] \[Bug 1822870\] Re\: Backport support for software count cache flush Spectre v2 mitigation. \(CVE\) \(required for POWER9 DD2.3\)"

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-10-04 Thread Andrew Cloke

** Changed in: ubuntu-power-systems
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released
Status in linux source package in Disco:
  Fix Released

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-10-04 Thread Launchpad Bug Tracker

This bug was fixed in the package linux - 5.0.0-31.33

---
linux (5.0.0-31.33) disco; urgency=medium

  * disco/linux: 5.0.0-31.33 -proposed tracker (LP: #1846026)

  * Packaging resync (LP: #1786013)
- [Packaging] update helper scripts

  * /proc/self/maps paths missing on live session (was vlc won't start; eoan
19.10 & bionic 18.04 ubuntu/lubuntu/kubuntu/xubuntu/ubuntu-mate dailies)
(LP: #1842382)
- SAUCE: Revert "UBUNTU: SAUCE: shiftfs: enable overlayfs on shiftfs"

linux (5.0.0-30.32) disco; urgency=medium

  * disco/linux: 5.0.0-30.32 -proposed tracker (LP: #1844362)

  * Disco update: upstream stable patchset 2019-08-20 (LP: #1840846)
- Revert "e1000e: fix cyclic resets at link up with active tx"
- e1000e: start network tx queue only when link is up
- Input: synaptics - enable SMBUS on T480 thinkpad trackpad
- nilfs2: do not use unexported cpu_to_le32()/le32_to_cpu() in uapi header
- drivers: base: cacheinfo: Ensure cpu hotplug work is done before Intel RDT
- firmware: improve LSM/IMA security behaviour
- irqchip/gic-v3-its: Fix command queue pointer comparison bug
- clk: ti: clkctrl: Fix returning uninitialized data
- efi/bgrt: Drop BGRT status field reserved bits check
- perf/core: Fix perf_sample_regs_user() mm check
- ARM: dts: gemini Fix up DNS-313 compatible string
- ARM: omap2: remove incorrect __init annotation
- afs: Fix uninitialised spinlock afs_volume::cb_break_lock
- x86/apic: Fix integer overflow on 10 bit left shift of cpu_khz
- be2net: fix link failure after ethtool offline test
- ppp: mppe: Add softdep to arc4
- sis900: fix TX completion
- ARM: dts: imx6ul: fix PWM[1-4] interrupts
- pinctrl: mcp23s08: Fix add_data and irqchip_add_nested call order
- dm table: don't copy from a NULL pointer in realloc_argv()
- dm verity: use message limit for data block corruption message
- x86/boot/64: Fix crash if kernel image crosses page table boundary
- x86/boot/64: Add missing fixup_pointer() for next_early_pgt access
- HID: chicony: add another quirk for PixArt mouse
- pinctrl: mediatek: Ignore interrupts that are wake only during resume
- cpu/hotplug: Fix out-of-bounds read when setting fail state
- pinctrl: mediatek: Update cur_mask in mask/mask ops
- linux/kernel.h: fix overflow for DIV_ROUND_UP_ULL
- genirq: Delay deactivation in free_irq()
- genirq: Fix misleading synchronize_irq() documentation
- genirq: Add optional hardware synchronization for shutdown
- x86/ioapic: Implement irq_get_irqchip_state() callback
- x86/irq: Handle spurious interrupt after shutdown gracefully
- x86/irq: Seperate unused system vectors from spurious entry again
- ARC: hide unused function unw_hdr_alloc
- s390: fix stfle zero padding
- s390/qdio: (re-)initialize tiqdio list entries
- s390/qdio: don't touch the dsci in tiqdio_add_input_queues()
- crypto: talitos - move struct talitos_edesc into talitos.h
- crypto: talitos - fix hash on SEC1.
- crypto/NX: Set receive window credits to max number of CRBs in RxFIFO
- drm/udl: introduce a macro to convert dev to udl.
- drm/udl: move to embedding drm device inside udl device.
- x86/entry/32: Fix ENDPROC of common_spurious
- irqchip/irq-csky-mpintc: Support auto irq deliver to all cpus
- arm64: dts: ls1028a: Fix CPU idle fail.
- selftests/powerpc: Add test of fork with mapping above 512TB
- x86/efi: fix a -Wtype-limits compilation warning
- pinctrl: ocelot: fix gpio direction for pins after 31
- pinctrl: ocelot: fix pinmuxing for pins after 31
- mm/oom_kill.c: fix uninitialized oc->constraint
- fork,memcg: alloc_thread_stack_node needs to set tsk->stack
- MIPS: ath79: fix ar933x uart parity mode
- MIPS: fix build on non-linux hosts
- arm64/efi: Mark __efistub_stext_offset as an absolute symbol explicitly
- scsi: iscsi: set auth_protocol back to NULL if CHAP_A value is not 
supported
- dmaengine: imx-sdma: fix use-after-free on probe error path
- wil6210: fix potential out-of-bounds read
- ath10k: Do not send probe response template for mesh
- ath9k: Check for errors when reading SREV register
- ath6kl: add some bounds checking
- ath10k: add peer id check in ath10k_peer_find_by_id
- wil6210: fix spurious interrupts in 3-msi
- ath: DFS JP domain W56 fixed pulse type 3 RADAR detection
- regmap: debugfs: Fix memory leak in regmap_debugfs_init
- batman-adv: fix for leaked TVLV handler.
- media: dvb: usb: fix use after free in dvb_usb_device_exit
- media: spi: IR LED: add missing of table registration
- crypto: talitos - fix skcipher failure due to wrong output IV
- media: ov7740: avoid invalid framesize setting
- media: marvell-ccic: fix DMA s/g desc number calculation
- media: vpss: fix a potential NULL pointer dereference
- media: media_device_enum_links32:

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-09-06 Thread Ubuntu Kernel Bot

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
disco' to 'verification-done-disco'. If the problem still exists, change
the tag 'verification-needed-disco' to 'verification-failed-disco'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-disco

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Committed
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released
Status in linux source package in Disco:
  Fix Committed

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-09-04 Thread Andrew Cloke

** Changed in: ubuntu-power-systems
   Status: Fix Released => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Committed
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released
Status in linux source package in Disco:
  Fix Committed

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-09-03 Thread Khaled El Mously

** Changed in: linux (Ubuntu Disco)
   Status: New => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released
Status in linux source package in Disco:
  Fix Committed

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-09-02 Thread Juerg Haefliger

** Also affects: linux (Ubuntu Disco)
   Importance: Undecided
   Status: New

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released
Status in linux source package in Disco:
  New

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-09-02 Thread Juerg Haefliger

The Disco kernel is missing:
2b57ecd0208f ("KVM: PPC: Book3S: Add count cache flush parameters to 
kvmppc_get_cpu_char()")

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-07-24 Thread Brad Figg

** Tags added: cscc

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-06-04 Thread Kalpana S Shetty

Test Environment:
- Witherspoon DD2.3
- Ubu 18.04.2

Test Result:
Ubuntu 18.04.2 LTS ltc-wcwsp3 hvc0

ltc-wcwsp3 login: 
Ubuntu 18.04.2 LTS ltc-wcwsp3 hvc0

ltc-wcwsp3 login: root
Password: 
Welcome to Ubuntu 18.04.2 LTS (GNU/Linux 4.15.0-50-generic ppc64le)

 * Documentation:  https://help.ubuntu.com
 * Management: https://landscape.canonical.com
 * Support:https://ubuntu.com/advantage
root@ltc-wcwsp3:~# uname -a
Linux ltc-wcwsp3 4.15.0-50-generic #54-Ubuntu SMP Mon May 6 18:55:18 UTC 2019 
ppc64le ppc64le ppc64le GNU/Linux
root@ltc-wcwsp3:~# tail /proc/cpuinfo 
cpu : POWER9, altivec supported
clock   : 3800.00MHz
revision: 2.3 (pvr 004e 1203)

timebase: 51200
platform: PowerNV
model   : 8335-GTW
machine : PowerNV 8335-GTW
firmware: OPAL
MMU : Radix

root@ltc-wcwsp3:~# grep -H . /sys/devices/system/cpu/vulnerabilities/spectre_v2
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation: Software count 
cache flush (hardware accelerated)

root@ltc-wcwsp3:~# dmesg | grep count-cache-flush
[0.00] count-cache-flush: hardware assisted flush sequence enabled

root@ltc-wcwsp3:~# echo x > /proc/sysrq-trigger
[  337.227090] sysrq: SysRq : Entering xmon
cpu 0x50: Vector: 0  at [c000201bebeefae0]
pc: c00e59f8: sysrq_handle_xmon+0xc8/0xd0
lr: c00e59f8: sysrq_handle_xmon+0xc8/0xd0
sp: c000201bebeefc40
   msr: 90009033
  current = 0xc000201bebe67600
  paca= 0xcfab7000   softe: 0irq_happened: 0x01
pid   = 5129, comm = bash
Linux version 4.15.0-50-generic (buildd@bos02-ppc64el-006) (gcc version 7.3.0 
(Ubuntu 7.3.0-16ubuntu3)) #54-Ubuntu SMP Mon May 6 18:55:18 UTC 2019 (Ubuntu 
4.15.0-50.54-generic 4.15.18)
enter ? for help
[c000201bebeefc70] c07fbe28 __handle_sysrq+0xf8/0x2c0
[c000201bebeefd10] c07fc638 write_sysrq_trigger+0x68/0x90
[c000201bebeefd40] c0487bc8 proc_reg_write+0x88/0xd0
[c000201bebeefd70] c03da9fc __vfs_write+0x3c/0x70
[c000201bebeefd90] c03dac58 vfs_write+0xd8/0x220
[c000201bebeefde0] c03daf78 SyS_write+0x68/0x110
[c000201bebeefe30] c000b288 system_call+0x5c/0x70
--- Exception: c01 (System Call) at 70566a24e420
SP (76712c70) is in userspace
50:mon> 
50:mon> di $_switch 20
c000db00  7c0802a6  mflrr0
c000db04  f8010010  std r0,16(r1)
c000db08  f821fe31  stdur1,-464(r1)
c000db0c  f9c100e0  std r14,224(r1)
c000db10  f9e100e8  std r15,232(r1)
c000db14  fa0100f0  std r16,240(r1)
c000db18  fa2100f8  std r17,248(r1)
c000db1c  fa410100  std r18,256(r1)
c000db20  fa610108  std r19,264(r1)
c000db24  fa810110  std r20,272(r1)
c000db28  faa10118  std r21,280(r1)
c000db2c  fac10120  std r22,288(r1)
c000db30  fae10128  std r23,296(r1)
c000db34  fb010130  std r24,304(r1)
c000db38  fb210138  std r25,312(r1)
c000db3c  fb410140  std r26,320(r1)
c000db40  fb610148  std r27,328(r1)
c000db44  fb810150  std r28,336(r1)
c000db48  fba10158  std r29,344(r1)
c000db4c  fbc10160  std r30,352(r1)
c000db50  fbe10168  std r31,360(r1)
c000db54  f8010170  std r0,368(r1)
c000db58  7ee00026  mfcrr23
c000db5c  fae101a0  std r23,416(r1)
c000db60  f823  std r1,0(r3)
c000db64  4bffdb1d  bl  c000b680# 
flush_count_cache+0x0/0x2480
c000db68  3cc06000  lis r6,24576
c000db6c  7d40322c  dcbt0,r6,10
c000db70  38c4f4d0  addir6,r4,-2864
c000db74  f8cd0260  std r6,608(r13)
c000db78  e904  ld  r8,0(r4)
c000db7c  4864  b   c000dbe0# 
_switch+0xe0/0x180
50:mon> di $flush_count_cache 4d
c000b680  7d2802a6  mflrr9
c000b684  4805  bl  c000b688# 
flush_count_cache+0x8/0x2480
 ...
c000b784  481c  b   c000b7a0# 
flush_count_cache+0x120/0x2480
c000b788  6000  nop
 ...
c000b7a0  7d2803a6  mtlrr9
c000b7a4  39207fff  li  r9,32767
c000b7a8  7d2903a6  mtctr   r9
c000b7ac  4c400420  bcctr-  2,lt
c000b7b0  4e800020  blr
50:mon> 

Summary:
Mitigation fix validation passed.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Released
Status in linux

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-05-15 Thread Frank Heimes

** Changed in: ubuntu-power-systems
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-05-14 Thread Launchpad Bug Tracker

This bug was fixed in the package linux - 4.15.0-50.54

---
linux (4.15.0-50.54) bionic; urgency=medium

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- Documentation/l1tf: Fix small spelling typo
- x86/cpu: Sanitize FAM6_ATOM naming
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
- locking/atomics, asm-generic: Move some macros from  to a
  new  file
- tools include: Adopt linux/bits.h
- x86/msr-index: Cleanup bit defines
- x86/speculation: Consolidate CPU whitelists
- x86/speculation/mds: Add basic bug infrastructure for MDS
- x86/speculation/mds: Add BUG_MSBDS_ONLY
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
- x86/speculation/mds: Add mds_clear_cpu_buffers()
- x86/speculation/mds: Clear CPU buffers on exit to user
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry
- x86/speculation/mds: Add mitigation control for MDS
- x86/speculation/mds: Add sysfs reporting for MDS
- x86/speculation/mds: Add mitigation mode VMWERV
- Documentation: Move L1TF to separate directory
- Documentation: Add MDS vulnerability documentation
- x86/speculation/mds: Add mds=full,nosmt cmdline option
- x86/speculation: Move arch_smt_update() call to after mitigation decisions
- x86/speculation/mds: Add SMT warning message
- x86/speculation/mds: Fix comment
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
- x86/speculation/mds: Add 'mitigations=' support for MDS

  * CVE-2017-5715 // CVE-2017-5753
- s390/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
- powerpc/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
CVE-2018-3646
- cpu/speculation: Add 'mitigations=' cmdline option
- x86/speculation: Support 'mitigations=' cmdline option

  * Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log

linux (4.15.0-49.53) bionic; urgency=medium

  * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358)

  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
(required for POWER9 DD2.3) (LP: #1822870)
- powerpc/64s: Add support for ori barrier_nospec patching
- powerpc/64s: Patch barrier_nospec in modules
- powerpc/64s: Enable barrier_nospec based on firmware settings
- powerpc: Use barrier_nospec in copy_from_user()
- powerpc/64: Use barrier_nospec in syscall entry
- powerpc/64s: Enhance the information in cpu_show_spectre_v1()
- powerpc/64: Disable the speculation barrier from the command line
- powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
- powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
- powerpc/64: Call setup_barrier_nospec() from setup_arch()
- powerpc/64: Make meltdown reporting Book3S 64 specific
- powerpc/lib/code-patching: refactor patch_instruction()
- powerpc/lib/feature-fixups: use raw_patch_instruction()
- powerpc/asm: Add a patch_site macro & helpers for patching instructions
- powerpc/64s: Add new security feature flags for count cache flush
- powerpc/64s: Add support for software count cache flush
- powerpc/pseries: Query hypervisor for count cache flush settings
- powerpc/powernv: Query firmware for count cache flush settings
- powerpc/fsl: Add nospectre_v2 command line argument
- KVM: PPC: Book3S: Add count cache flush parameters to 
kvmppc_get_cpu_char()
- [Config] Add CONFIG_PPC_BARRIER_NOSPEC

  * Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log

  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
- [Debian] Set +x on rebuild testcase.
- [Debian] Skip rebuild test, for regression-suite deps.
- [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
- [Debian] make rebuild use skippable error codes when skipping.
- [Debian] Only run regression-suite, if requested to.

  * bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868)
- [Packaging] remove arm64 snapdragon from getabis
- [Config] config changes for snapdragon split
- packaging: arm64: disable building the snapdragon flavour
- [Packaging] arm64: Drop snapdragon from kernel-versions

  * CVE-2017-5753
- KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
- sysvipc/sem: mitigate semnum index against spectre v1
- libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
- s390/keyboard: sanitize array index in do_kdsk_ioctl
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
- KVM: arm/arm64: vgic: Fix possible spectre-v1 write in 
vgic_mmio_write_apr()
- pktcdvd: Fix possible Spectre-v1 for

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-29 Thread Frank Heimes

Adjusting tag according to IBM's test result in comment #19

** Tags removed: verification-needed-bionic
** Tags added: verification-done-bionic

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Committed
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-29 Thread Ubuntu Kernel Bot

This bug is awaiting verification that the kernel in -proposed solves
the problem. Please test the kernel and update this bug with the
results. If the problem is solved, change the tag 'verification-needed-
bionic' to 'verification-done-bionic'. If the problem still exists,
change the tag 'verification-needed-bionic' to 'verification-failed-
bionic'.

If verification is not done by 5 working days from today, this fix will
be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you!


** Tags added: verification-needed-bionic

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Committed
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-29 Thread Andrew Cloke

Next steps:
1) Kernel (security) team to add verification-bionic tags
2) IBM to verify bionic -proposed pocket, and update the bug tags

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Committed
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-29 Thread Andrew Cloke

Marking Cosmic series as "Fix Released" following the Description
comment:

"The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to
have all patches."

** Changed in: linux (Ubuntu Cosmic)
   Status: New => Fix Released

** Changed in: linux (Ubuntu)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Committed
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-29 Thread Manoj Iyer

** Changed in: linux (Ubuntu Bionic)
 Assignee: (unassigned) => Canonical Kernel Security Team 
(canonical-kernel-security-team)

** Changed in: linux (Ubuntu Bionic)
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Committed
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Cosmic:
  Fix Released

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-26 Thread Manoj Iyer

** Changed in: ubuntu-power-systems
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  Fix Committed
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Cosmic:
  New

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-23 Thread Kleber Sacilotto de Souza

** Changed in: linux (Ubuntu Bionic)
   Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  In Progress
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Cosmic:
  New

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-12 Thread Kleber Sacilotto de Souza

** Also affects: linux (Ubuntu Cosmic)
   Importance: Undecided
   Status: New

** Also affects: linux (Ubuntu Bionic)
   Importance: Undecided
   Status: New

** Changed in: linux (Ubuntu Bionic)
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  In Progress
Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Bionic:
  In Progress
Status in linux source package in Cosmic:
  New

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-12 Thread Manoj Iyer

SRU Submitted: https://lists.ubuntu.com/archives/kernel-
team/2019-April/100042.html

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  In Progress
Status in linux package in Ubuntu:
  In Progress

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.

  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.

  [OTHER INFO]
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-12 Thread Manoj Iyer

** Description changed:

  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.
  
  [Fix]
- List of upstream patches identified by IBM in comment #4, #5, and #8. 
+ List of upstream patches identified by IBM in comment #4, #5, and #8.
  
  [Test]
+ Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.
  
  [REGRESSION POTENTIAL]
- The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported. 
+ The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.
  For the different kernels:
  
  [OTHER INFO]
  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have 
all patches.
  
  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  
  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.
  
  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec
  
  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.
  
  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.
  
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.
  
  All other patches applied with, at most, some fuzz.
  
  Has had a little testing - boots, check debugfs, etc.

** Description changed:

  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.
  
  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8.
  
  [Test]
  Pre-req: requires Power9 DD2.3 hardware.
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.
  
  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported.
+ 
+ [OTHER INFO]
  For the different kernels:
  
- [OTHER INFO]
- The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have 
all patches.
+ The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to
+ have all patches.
  
  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  
  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-12 Thread Manoj Iyer

** Description changed:

+ [IMPACT]
+ Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.
+ 
+ [Fix]
+ List of upstream patches identified by IBM in comment #4, #5, and #8. 
+ 
+ [Test]
+ A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.
+ 
+ [REGRESSION POTENTIAL]
+ The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported. 
  For the different kernels:
  
- The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to
- have all patches.
+ [OTHER INFO]
+ The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have 
all patches.
  
  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  
  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.
  
  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec
  
  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.
  
  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.
  
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.
  
  All other patches applied with, at most, some fuzz.
  
  Has had a little testing - boots, check debugfs, etc.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  In Progress
Status in linux package in Ubuntu:
  In Progress

Bug description:
  [IMPACT]
  Need to further address the Spectre v2 and Meltdown vulnerability in Power 
with software count cache flush Spectre v2 mitigation support for Power9 DD2.3, 
and additional Spectre/Meltdown related patches for Power9.

  [Fix]
  List of upstream patches identified by IBM in comment #4, #5, and #8. 

  [Test]
  A test kernel is available in PPA ppa:ubuntu-power-triage/lp1822870 and the 
kernel was tested by IBM. Please see comment #11 and #14 for details.

  [REGRESSION POTENTIAL]
  The patches are isolated to the ppc64el architecture and does not impact 
generic code. ppc64el test kernel was tested by IBM and no regressions were 
reported. 
  For the different kernels:

  [OTHER INFO]
  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears to have 
all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-11 Thread Manoj Iyer

Michael,

I backported that patch and built a new kernel for you to test in this
PPA:

https://launchpad.net/~ubuntu-power-triage/+archive/ubuntu/lp1822870

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  In Progress
Status in linux package in Ubuntu:
  In Progress

Bug description:
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-11 Thread Manoj Iyer

Michael,

I can patch that on top of the patches I already have and build a PPA
kernel out for you for testing.

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  In Progress
Status in linux package in Ubuntu:
  In Progress

Bug description:
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-08 Thread Manoj Iyer

** Changed in: linux (Ubuntu)
   Status: New => In Progress

** Changed in: ubuntu-power-systems
   Status: New => In Progress

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  In Progress
Status in linux package in Ubuntu:
  In Progress

Bug description:
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-08 Thread Daniel Axtens

Hi Michael R,

I tried to apply your patches to test them and support the effort to get
them included in the Bionic kernel, but I'm having some trouble applying
them:

ubuntu@dja-bionic:~/bionic$ git am 
../patches/01-powerpc-64s-add-support-for-ori-barrier_nospec.patch
Patch format detection failed.
ubuntu@dja-bionic:~/bionic$ git am 
../patches/01-powerpc-64s-add-support-for-ori-barrier_nospec.patch 
--patch-format mbox
Applying: commit 2eea7f067f495e33b8b116b35b5988ab2b8aec55
fatal: empty ident name (for <>) not allowed

How are you generating them? They don't look like they've been generated
with git format-patch...?

Regards,
Daniel

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  In Progress
Status in linux package in Ubuntu:
  In Progress

Bug description:
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-04 Thread Manoj Iyer

** Changed in: linux (Ubuntu)
 Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) => 
Canonical Kernel Security Team (canonical-kernel-security-team)

** Changed in: linux (Ubuntu)
   Importance: Undecided => Critical

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  New
Status in linux package in Ubuntu:
  New

Bug description:
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

2019-04-02 Thread Frank Heimes

** Also affects: ubuntu-power-systems
   Importance: Undecided
   Status: New

** Changed in: ubuntu-power-systems
   Importance: Undecided => Critical

** Information type changed from Public to Public Security

** Changed in: ubuntu-power-systems
 Assignee: (unassigned) => Canonical Kernel Security Team 
(canonical-kernel-security-team)

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870

Title:
  Backport support for software count cache flush Spectre v2 mitigation.
  (CVE) (required for POWER9 DD2.3)

Status in The Ubuntu-power-systems project:
  New
Status in linux package in Ubuntu:
  New

Bug description:
  For the different kernels:

  The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
  to have all patches.

  Disco appears to be missing only this patch:
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting

  Cosmic (which is supported until July) is missing a number of patches:
  cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation 
barrier from the command line
  6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier 
PPC_BOOK3S_64 specific.
  179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add 
CONFIG_PPC_BARRIER_NOSPEC
  af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call 
setup_barrier_nospec() from setup_arch()
  406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting 
Book3S 64 specific
  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security 
feature flags for count cache flush
  ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for 
software count cache flush
  ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor 
for count cache flush settings
  99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for 
count cache flush settings
  7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2 
mitigations reporting
  92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2 
reporting
  This appears to already be in -next.

  For the bionic 18.04.1 (4.15) kernel only this patch is already part of 
master-next:
  a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec

  The others are ported, there were only 3 that were not clean.  Those are:
  2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori 
barrier_nospec patching
  This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is 
missing, but it does not look like that is required here.

  cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec 
based on firmware settings
  This failed because debugfs was already included, I can see that previously 
added, I didn't see where it was previously removed.

  06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro 
& helpers for patching instructions
  This failed because 8183d99f4a22c is not included - but doesn't seem 
necessary.

  All other patches applied with, at most, some fuzz.

  Has had a little testing - boots, check debugfs, etc.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

[Kernel-packages] [Bug 1822870] Re: Backport support for software count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)

28 matches

Site Navigation

Mail list logo

Footer information