[Bug 1755817] Re: Segmentation fault in ldt_gdt_64
** Tags added: cscc -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755817 Title: Segmentation fault in ldt_gdt_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1755817] Re: Segmentation fault in ldt_gdt_64
** Changed in: linux (Ubuntu) Status: Incomplete => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755817 Title: Segmentation fault in ldt_gdt_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1755817] Re: Segmentation fault in ldt_gdt_64
This bug was fixed in the package linux - 3.13.0-145.194 --- linux (3.13.0-145.194) trusty; urgency=medium * linux: 3.13.0-145.194 -proposed tracker (LP: #1761430) * intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux- image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel) - Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot ptrace current thread" - x86/speculation: Use Indirect Branch Prediction Barrier in context switch * DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876) - [Packaging] include the retpoline extractor in the headers * retpoline hints: primary infrastructure and initial hints (LP: #1758856) - [Packaging] retpoline-extract: flag *0xNNN(%reg) branches - x86/speculation, objtool: Annotate indirect calls/jumps for objtool - x86/speculation, objtool: Annotate indirect calls/jumps for objtool on 32bit - x86/paravirt, objtool: Annotate indirect calls - x86/asm: Stop depending on ptrace.h in alternative.h - [Packaging] retpoline -- add safe usage hint support - [Packaging] retpoline-check -- only report additions - [Packaging] retpoline -- widen indirect call/jmp detection - [Packaging] retpoline -- elide %rip relative indirections - [Packaging] retpoline -- clear hint information from packages - SAUCE: modpost: add discard to non-allocatable whitelist - KVM: x86: Make indirect calls in emulator speculation safe - KVM: VMX: Make indirect call speculation safe - x86/boot, objtool: Annotate indirect jump in secondary_startup_64() - SAUCE: early/late -- annotate indirect calls in early/late initialisation code - SAUCE: vga_set_mode -- avoid jump tables - [Config] retpoline -- switch to new format - [Packaging] retpoline hints -- handle missing files when RETPOLINE not enabled - [Packaging] final-checks -- remove check for empty retpoline files * retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655) - [Packaging] retpoline -- elide %cs:0x constants on i386 * Boot crash with Trusty 3.13 (LP: #1757193) - Revert "UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection" - x86/mm: Expand the exception table logic to allow new handling options * Segmentation fault in ldt_gdt_64 (LP: #1755817) // CVE-2017-5754 - x86/kvm: Rename VMX's segment access rights defines - x86/signal/64: Fix SS if needed when delivering a 64-bit signal -- Kleber Sacilotto de Souza Thu, 05 Apr 2018 16:26:39 +0200 ** Changed in: linux (Ubuntu Trusty) Status: Fix Committed => Fix Released ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755817 Title: Segmentation fault in ldt_gdt_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1755817] Re: Segmentation fault in ldt_gdt_64
Verified the issue to be fixed with Trusty kernel 3.13.0-145.194. ** Tags removed: verification-needed-trusty ** Tags added: verification-done-trusty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755817 Title: Segmentation fault in ldt_gdt_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1755817] Re: Segmentation fault in ldt_gdt_64
Note: the issue is only reproducible on a system with more than 1 CPU. It fails on the "Cross-CPU LDT invalidation" testcase. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755817 Title: Segmentation fault in ldt_gdt_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1755817] Re: Segmentation fault in ldt_gdt_64
This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- trusty' to 'verification-done-trusty'. If the problem still exists, change the tag 'verification-needed-trusty' to 'verification-failed- trusty'. If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-trusty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755817 Title: Segmentation fault in ldt_gdt_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1755817] Re: Segmentation fault in ldt_gdt_64
** Changed in: linux (Ubuntu Trusty) Status: New => Fix Committed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755817 Title: Segmentation fault in ldt_gdt_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1755817] Re: Segmentation fault in ldt_gdt_64
** Description changed: + == SRU Justification == + The ldt_gdt_64 x86 selftest segfaults with the currently released Trusty 3.13 kernel. The commit that introduced the segfault is aeb315d60afe ("x86/ldt: Make modify_ldt synchronous"). + + == Fix == + Upstream commit 8ff5bd2e1e27 ("x86/signal/64: Fix SS if needed when delivering a 64-bit signal"). This commit was found by doing a reverse git bisect of the upstream kernel (i.e., when did the test stop segfaulting). + + == Regression Potential == + Low. The commit is very small and isolated and the code path is only executed in special circumstances (and for x86 only). I built a test kernel and ran the whole set of x86 selftests and perf NMI test for several hours to verify stability. + + == Test Case == + Run the ldt_gdt_64 x86 selftets from a current upstream kernel source. The test segfaults consistently. + + + Original bug description: + Trusty 3.13 segfaults when running ldt_gdt_64 from the kernel's x86 selftests. git bisect revealed that the following commit introduced the issue: commit aeb315d60afee129d32558f4a4b356eec2e7da7b Author: Andy Lutomirski Date: Thu Jul 30 14:31:32 2015 -0700 - x86/ldt: Make modify_ldt synchronous - - CVE-2017-5754 - - commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream. - - modify_ldt() has questionable locking and does not synchronize - threads. Improve it: redesign the locking and synchronize all - threads' LDTs using an IPI on all modifications. - - This will dramatically slow down modify_ldt in multithreaded - programs, but there shouldn't be any multithreaded programs that - care about modify_ldt's performance in the first place. - - This fixes some fallout from the CVE-2015-5157 fixes. - - Signed-off-by: Andy Lutomirski - Reviewed-by: Borislav Petkov - Cc: Andrew Cooper - Cc: Andy Lutomirski - Cc: Boris Ostrovsky - Cc: Borislav Petkov - Cc: Brian Gerst - Cc: Denys Vlasenko - Cc: H. Peter Anvin - Cc: Jan Beulich - Cc: Konrad Rzeszutek Wilk - Cc: Linus Torvalds - Cc: Peter Zijlstra - Cc: Sasha Levin - Cc: Steven Rostedt - Cc: Thomas Gleixner - Link: http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org - Signed-off-by: Ingo Molnar - Signed-off-by: Jiri Slaby - (cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c) - Signed-off-by: Juerg Haefliger - Signed-off-by: Stefan Bader + x86/ldt: Make modify_ldt synchronous + + CVE-2017-5754 + + commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream. + + modify_ldt() has questionable locking and does not synchronize + threads. Improve it: redesign the locking and synchronize all + threads' LDTs using an IPI on all modifications. + + This will dramatically slow down modify_ldt in multithreaded + programs, but there shouldn't be any multithreaded programs that + care about modify_ldt's performance in the first place. + + This fixes some fallout from the CVE-2015-5157 fixes. + + Signed-off-by: Andy Lutomirski + Reviewed-by: Borislav Petkov + Cc: Andrew Cooper + Cc: Andy Lutomirski + Cc: Boris Ostrovsky + Cc: Borislav Petkov + Cc: Brian Gerst + Cc: Denys Vlasenko + Cc: H. Peter Anvin + Cc: Jan Beulich + Cc: Konrad Rzeszutek Wilk + Cc: Linus Torvalds + Cc: Peter Zijlstra + Cc: Sasha Levin + Cc: Steven Rostedt + Cc: Thomas Gleixner + Link: http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org + Signed-off-by: Ingo Molnar + Signed-off-by: Jiri Slaby + (cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c) + Signed-off-by: Juerg Haefliger + Signed-off-by: Stefan Bader ** Description changed: == SRU Justification == The ldt_gdt_64 x86 selftest segfaults with the currently released Trusty 3.13 kernel. The commit that introduced the segfault is aeb315d60afe ("x86/ldt: Make modify_ldt synchronous"). == Fix == Upstream commit 8ff5bd2e1e27 ("x86/signal/64: Fix SS if needed when delivering a 64-bit signal"). This commit was found by doing a reverse git bisect of the upstream kernel (i.e., when did the test stop segfaulting). == Regression Potential == Low. The commit is very small and isolated and the code path is only executed in special circumstances (and for x86 only). I built a test kernel and ran the whole set of x86 selftests and perf NMI test for several hours to verify stability. == Test Case == Run the ldt_gdt_64 x86 selftets from a current upstream kernel source. The test segfaults consistently. - Original bug description: Trusty 3.13 segfaults when running ldt_gdt_64 from the kernel's x86 selftests. git bisect revealed that the following commit
[Bug 1755817] Re: Segmentation fault in ldt_gdt_64
** Changed in: linux (Ubuntu Trusty) Assignee: (unassigned) => Juerg Haefliger (juergh) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755817 Title: Segmentation fault in ldt_gdt_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1755817] Re: Segmentation fault in ldt_gdt_64
** Also affects: linux (Ubuntu Trusty) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755817 Title: Segmentation fault in ldt_gdt_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1755817] Re: Segmentation fault in ldt_gdt_64
** Description changed: Trusty 3.13 segfaults when running ldt_gdt_64 from the kernel's x86 selftests. git bisect revealed that the following commit introduced the issue: - 706276543b69 ("x86, extable: Switch to relative exception table entries") + + commit aeb315d60afee129d32558f4a4b356eec2e7da7b + Author: Andy Lutomirski + Date: Thu Jul 30 14:31:32 2015 -0700 + + x86/ldt: Make modify_ldt synchronous + + CVE-2017-5754 + + commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream. + + modify_ldt() has questionable locking and does not synchronize + threads. Improve it: redesign the locking and synchronize all + threads' LDTs using an IPI on all modifications. + + This will dramatically slow down modify_ldt in multithreaded + programs, but there shouldn't be any multithreaded programs that + care about modify_ldt's performance in the first place. + + This fixes some fallout from the CVE-2015-5157 fixes. + + Signed-off-by: Andy Lutomirski + Reviewed-by: Borislav Petkov + Cc: Andrew Cooper + Cc: Andy Lutomirski + Cc: Boris Ostrovsky + Cc: Borislav Petkov + Cc: Brian Gerst + Cc: Denys Vlasenko + Cc: H. Peter Anvin + Cc: Jan Beulich + Cc: Konrad Rzeszutek Wilk + Cc: Linus Torvalds + Cc: Peter Zijlstra + Cc: Sasha Levin + Cc: Steven Rostedt + Cc: Thomas Gleixner + Link: http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org + Signed-off-by: Ingo Molnar + Signed-off-by: Jiri Slaby + (cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c) + Signed-off-by: Juerg Haefliger + Signed-off-by: Stefan Bader -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1755817 Title: Segmentation fault in ldt_gdt_64 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs