+linux (4.13.0-37.42) artful; urgency=medium
+
+ * linux: 4.13.0-37.42 -proposed tracker (LP: #1751798)
+
+ * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754
+ - arm64: Add ASM_BUG()
+ - arm64: consistently use bl for C exception entry
+ - arm64: move non-entry code out of .entry.text
+ - arm64: unwind: avoid percpu indirection for irq stack
+ - arm64: unwind: disregard frame.sp when validating frame pointer
+ - arm64: mm: Fix set_memory_valid() declaration
+ - arm64: Convert __inval_cache_range() to area-based
+ - arm64: Expose DC CVAP to userspace
+ - arm64: Handle trapped DC CVAP
+ - arm64: Implement pmem API support
+ - arm64: uaccess: Implement *_flushcache variants
+ - arm64/vdso: Support mremap() for vDSO
+ - arm64: unwind: reference pt_regs via embedded stack frame
+ - arm64: unwind: remove sp from struct stackframe
+ - arm64: uaccess: Add the uaccess_flushcache.c file
+ - arm64: fix pmem interface definition
+ - arm64: compat: Remove leftover variable declaration
+ - fork: allow arch-override of VMAP stack alignment
+ - arm64: kernel: remove {THREAD,IRQ_STACK}_START_SP
+ - arm64: factor out PAGE_* and CONT_* definitions
+ - arm64: clean up THREAD_* definitions
+ - arm64: clean up irq stack definitions
+ - arm64: move SEGMENT_ALIGN to <asm/memory.h>
+ - efi/arm64: add EFI_KIMG_ALIGN
+ - arm64: factor out entry stack manipulation
+ - arm64: assembler: allow adr_this_cpu to use the stack pointer
+ - arm64: use an irq stack pointer
+ - arm64: add basic VMAP_STACK support
+ - arm64: add on_accessible_stack()
+ - arm64: add VMAP_STACK overflow detection
+ - arm64: Convert pte handling from inline asm to using (cmp)xchg
+ - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg()
+ - arm64: Move PTE_RDONLY bit handling out of set_pte_at()
+ - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect()
+ - arm64: Remove the !CONFIG_ARM64_HW_AFDBM alternative code paths
+ - arm64: introduce separated bits for mm_context_t flags
+ - arm64: cleanup {COMPAT_,}SET_PERSONALITY() macro
+ - KVM: arm/arm64: Fix guest external abort matching
+ - KVM: arm/arm64: vgic: constify seq_operations and file_operations
+ - KVM: arm/arm64: vITS: Drop its_ite->lpi field
+ - KVM: arm/arm64: Extract GICv3 max APRn index calculation
+ - KVM: arm/arm64: Support uaccess of GICC_APRn
+ - arm64: Use larger stacks when KASAN is selected
+ - arm64: Define cputype macros for Falkor CPU
+ - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
+ - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
+ - x86/syscalls: Check address limit on user-mode return
+ - arm/syscalls: Check address limit on user-mode return
+ - arm64/syscalls: Check address limit on user-mode return
+ - Revert "arm/syscalls: Check address limit on user-mode return"
+ - syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check
+ - arm/syscalls: Optimize address limit check
+ - arm64/syscalls: Move address limit check in loop
+ - futex: Remove duplicated code and fix undefined behaviour
+ - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
+ - arm64: syscallno is secretly an int, make it official
+ - arm64: move TASK_* definitions to <asm/processor.h>
+ - arm64: mm: Use non-global mappings for kernel space
+ - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
+ - arm64: mm: Move ASID from TTBR0 to TTBR1
+ - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
+ - arm64: mm: Rename post_ttbr0_update_workaround
+ - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
+ - arm64: mm: Allocate ASIDs in pairs
+ - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
+ - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
+ - arm64: entry: Add exception trampoline page for exceptions from EL0
+ - arm64: mm: Map entry trampoline into trampoline and kernel page tables
+ - arm64: entry: Explicitly pass exception level to kernel_ventry macro
+ - arm64: entry: Hook up entry trampoline to exception vectors
+ - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
+ - arm64: cpu_errata: Add Kryo to Falkor 1003 errata
+ - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
+ - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
+ - arm64: kaslr: Put kernel vectors address in separate data page
+ - arm64: use RET instruction for exiting the trampoline
+ - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
+ - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
+ - arm64: Take into account ID_AA64PFR0_EL1.CSV3
+ - arm64: capabilities: Handle duplicate entries for a capability
+ - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
+ - arm64: kpti: Fix the interaction between ASID switching and software PAN
+ - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
+ - arm64: Turn on KPTI only on CPUs that need it
+ - arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
+ - arm64: mm: Permit transitioning from Global to Non-Global without BBM
+ - arm64: kpti: Add ->enable callback to remap swapper using nG mappings
+ - arm64: Force KPTI to be disabled on Cavium ThunderX
+ - arm64: entry: Reword comment about post_ttbr_update_workaround
+ - arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
+ - arm64: barrier: Add CSDB macros to control data-value prediction
+ - arm64: Implement array_index_mask_nospec()
+ - arm64: Make USER_DS an inclusive limit
+ - arm64: Use pointer masking to limit uaccess speculation
+ - arm64: entry: Ensure branch through syscall table is bounded under
+ speculation
+ - arm64: uaccess: Prevent speculative use of the current addr_limit
+ - arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
+ - arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
+ - arm64: futex: Mask __user pointers prior to dereference
+ - arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
+ - arm64: Run enable method for errata work arounds on late CPUs
+ - arm64: cpufeature: Pass capability structure to ->enable callback
+ - drivers/firmware: Expose psci_get_version through psci_ops structure
+ - arm64: Move post_ttbr_update_workaround to C code
+ - arm64: Add skeleton to harden the branch predictor against aliasing attacks
+ - arm64: Move BP hardening to check_and_switch_context
+ - arm64: KVM: Use per-CPU vector when BP hardening is enabled
+ - arm64: entry: Apply BP hardening for high-priority synchronous exceptions
+ - arm64: entry: Apply BP hardening for suspicious interrupts from EL0
+ - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
+ - arm64: Implement branch predictor hardening for affected Cortex-A CPUs
+ - arm64: Implement branch predictor hardening for Falkor
+ - arm64: Branch predictor hardening for Cavium ThunderX2
+ - arm64: KVM: Increment PC after handling an SMC trap
+ - arm/arm64: KVM: Consolidate the PSCI include files
+ - arm/arm64: KVM: Add PSCI_VERSION helper
+ - arm/arm64: KVM: Add smccc accessors to PSCI code
+ - arm/arm64: KVM: Implement PSCI 1.0 support
+ - arm/arm64: KVM: Advertise SMCCC v1.1
+ - arm64: KVM: Make PSCI_VERSION a fast path
+ - arm/arm64: KVM: Turn kvm_psci_version into a static inline
+ - arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
+ - arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
+ - firmware/psci: Expose PSCI conduit
+ - firmware/psci: Expose SMCCC version through psci_ops
+ - arm/arm64: smccc: Make function identifiers an unsigned quantity
+ - arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
+ - arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
+ - arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
+ - [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y
+ - SAUCE: arm64: __idmap_cpu_set_reserved_ttbr1: fix !ARM64_PA_BITS_52 logic
+ - arm64: Add missing Falkor part number for branch predictor hardening
+ - arm64: mm: fix thinko in non-global page table attribute check
+
+ * linux-image-4.13.0-26-generic / linux-image-extra-4.13.0-26-generic fail to
+ boot (LP: #1742721)
+ - staging: sm750fb: Fix parameter mistake in poke32
+
+ -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Wed, 07 Mar 2018 12:20:00 +0100
+
+linux (4.13.0-36.40) artful; urgency=medium
+
+ * linux: 4.13.0-36.40 -proposed tracker (LP: #1750010)
+
+ * Rebuild without "CVE-2017-5754 ARM64 KPTI fixes" patch set
+
+ -- Khalid Elmously <khalid.elmously@canonical.com> Fri, 16 Feb 2018 12:49:24 -0500
+
+linux (4.13.0-35.39) artful; urgency=medium
+
+ * linux: 4.13.0-35.39 -proposed tracker (LP: #1748743)
+
+ * CVE-2017-5715 (Spectre v2 Intel)
+ - Revert "UBUNTU: SAUCE: turn off IBPB when full retpoline is present"
+ - SAUCE: turn off IBRS when full retpoline is present
+ - [Packaging] retpoline files must be sorted
+ - [Packaging] pull in retpoline files
+
+ -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Mon, 12 Feb 2018 11:28:27 +0100
+
+linux (4.13.0-34.37) artful; urgency=medium
+
+ * linux: 4.13.0-34.37 -proposed tracker (LP: #1748475)
+
+ * libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (LP: #1743053)
+ - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices
+
+ * KVM patches for s390x to provide facility bits 81 (ppa15) and 82 (bpb)
+ (LP: #1747090)
+ - KVM: s390: wire up bpb feature
+
+ * artful 4.13 i386 kernels crash after memory hotplug remove (LP: #1747069)
+ - Revert "mm, memory_hotplug: do not associate hotadded memory to zones until
+ online"
+
+ * CVE-2017-5715 (Spectre v2 Intel)
+ - x86/feature: Enable the x86 feature to control Speculation
+ - x86/feature: Report presence of IBPB and IBRS control
+ - x86/enter: MACROS to set/clear IBRS and set IBPB
+ - x86/enter: Use IBRS on syscall and interrupts
+ - x86/idle: Disable IBRS entering idle and enable it on wakeup
+ - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
+ - x86/mm: Set IBPB upon context switch
+ - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
+ - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
+ - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
+ - x86/kvm: Set IBPB when switching VM
+ - x86/kvm: Toggle IBRS on VM entry and exit
+ - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
+ - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
+ - x86/cpu/AMD: Add speculative control support for AMD
+ - x86/microcode: Extend post microcode reload to support IBPB feature
+ - KVM: SVM: Do not intercept new speculative control MSRs
+ - x86/svm: Set IBRS value on VM entry and exit
+ - x86/svm: Set IBPB when running a different VCPU
+ - KVM: x86: Add speculative control CPUID support for guests
+ - SAUCE: turn off IBPB when full retpoline is present
+
+ * Artful 4.13 fixes for tun (LP: #1748846)
+ - tun: call dev_get_valid_name() before register_netdevice()
+ - tun: allow positive return values on dev_get_valid_name() call
+ - tun/tap: sanitize TUNSETSNDBUF input
+
+ * boot failure on AMD Raven + WestonXT (LP: #1742759)
+ - SAUCE: drm/amdgpu: add atpx quirk handling (v2)
+
+ -- Khalid Elmously <khalid.elmously@canonical.com> Fri, 09 Feb 2018 14:42:56 -0500
+
+linux (4.13.0-33.36) artful; urgency=low
+
+ * linux: 4.13.0-33.36 -proposed tracker (LP: #1746903)
+
+ [ Stefan Bader ]
+ * starting VMs causing retpoline4 to reboot (LP: #1747507) // CVE-2017-5715
+ (Spectre v2 retpoline)
+ - x86/retpoline: Fill RSB on context switch for affected CPUs
+ - x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros
+ - x86/retpoline: Optimize inline assembler for vmexit_fill_RSB
+ - x86/retpoline: Remove the esp/rsp thunk
+ - x86/retpoline: Simplify vmexit_fill_RSB()
+
+ * Missing install-time driver for QLogic QED 25/40/100Gb Ethernet NIC
+ (LP: #1743638)
+ - [d-i] Add qede to nic-modules udeb
+
+ * hisi_sas: driver robustness fixes (LP: #1739807)
+ - scsi: hisi_sas: fix reset and port ID refresh issues
+ - scsi: hisi_sas: avoid potential v2 hw interrupt issue
+ - scsi: hisi_sas: fix v2 hw underflow residual value
+ - scsi: hisi_sas: add v2 hw DFX feature
+ - scsi: hisi_sas: add irq and tasklet cleanup in v2 hw
+ - scsi: hisi_sas: service interrupt ITCT_CLR interrupt in v2 hw
+ - scsi: hisi_sas: fix internal abort slot timeout bug
+ - scsi: hisi_sas: us start_phy in PHY_FUNC_LINK_RESET
+ - scsi: hisi_sas: fix NULL check in SMP abort task path
+ - scsi: hisi_sas: fix the risk of freeing slot twice
+ - scsi: hisi_sas: kill tasklet when destroying irq in v3 hw
+ - scsi: hisi_sas: complete all tasklets prior to host reset
+
+ * [Artful/Zesty] ACPI APEI error handling bug fixes (LP: #1732990)
+ - ACPI: APEI: fix the wrong iteration of generic error status block
+ - ACPI / APEI: clear error status before acknowledging the error
+
+ * [Zesty/Artful] On ARM64 PCIE physical function passthrough guest fails to
+ boot (LP: #1732804)
+ - vfio/pci: Virtualize Maximum Payload Size
+ - vfio/pci: Virtualize Maximum Read Request Size
+
+ * hisi_sas: Add ATA command support for SMR disks (LP: #1739891)
+ - scsi: hisi_sas: support zone management commands
+
+ * thunderx2: i2c driver PEC and ACPI clock fixes (LP: #1738073)
+ - ACPI / APD: Add clock frequency for ThunderX2 I2C controller
+ - i2c: xlp9xx: Get clock frequency with clk API
+ - i2c: xlp9xx: Handle I2C_M_RECV_LEN in msg->flags
+
+ * Falkor erratum 1041 needs workaround (LP: #1738497)
+ - [Config] CONFIG_QCOM_FALKOR_ERRATUM_E1041=y
+ - arm64: Add software workaround for Falkor erratum 1041
+
+ * ThunderX: TX failure unless checksum offload disabled (LP: #1736593)
+ - net: thunderx: Fix TCP/UDP checksum offload for IPv6 pkts
+ - net: thunderx: Fix TCP/UDP checksum offload for IPv4 pkts
+
+ * arm64/thunderx: Unhandled context faults in ACPI mode (LP: #1736774)
+ - PCI: Set Cavium ACS capability quirk flags to assert RR/CR/SV/UF
+ - PCI: Apply Cavium ThunderX ACS quirk to more Root Ports
+
+ * arm64: Unfair rwlock can stall the system (LP: #1732238)
+ - locking/qrwlock: Use 'struct qrwlock' instead of 'struct __qrwlock'
+ - locking/atomic: Add atomic_cond_read_acquire()
+ - locking/qrwlock: Use atomic_cond_read_acquire() when spinning in qrwlock
+ - locking/qrwlock, arm64: Move rwlock implementation over to qrwlocks
+ - locking/qrwlock: Prevent slowpath writers getting held up by fastpath
+
+ * Shutdown hang on 16.04 with iscsi targets (LP: #1569925)
+ - scsi: libiscsi: Allow sd_shutdown on bad transport
+
+ * bt_iter() crash due to NULL pointer (LP: #1744300)
+ - blk-mq-tag: check for NULL rq when iterating tags
+
+ * hisilicon hibmc regression due to ea642c3216cb ("drm/ttm: add io_mem_pfn
+ callback") (LP: #1738334)
+ - SAUCE: drm: hibmc: Initialize the hibmc_bo_driver.io_mem_pfn
+
+ * CVE-2017-5754 ARM64 KPTI fixes
+ - arm64: Add ASM_BUG()
+ - arm64: consistently use bl for C exception entry
+ - arm64: syscallno is secretly an int, make it official
+ - arm64: Abstract syscallno manipulation
+ - arm64: move non-entry code out of .entry.text
+ - arm64: unwind: avoid percpu indirection for irq stack
+ - arm64: unwind: disregard frame.sp when validating frame pointer
+ - arm64: mm: Fix set_memory_valid() declaration
+ - arm64: Convert __inval_cache_range() to area-based
+ - arm64: Expose DC CVAP to userspace
+ - arm64: Handle trapped DC CVAP
+ - arm64: Implement pmem API support
+ - arm64: uaccess: Implement *_flushcache variants
+ - arm64/vdso: Support mremap() for vDSO
+ - arm64: unwind: reference pt_regs via embedded stack frame
+ - arm64: unwind: remove sp from struct stackframe
+ - arm64: uaccess: Add the uaccess_flushcache.c file
+ - arm64: fix pmem interface definition
+ - arm64: compat: Remove leftover variable declaration
+ - fork: allow arch-override of VMAP stack alignment
+ - arm64: kernel: remove {THREAD,IRQ_STACK}_START_SP
+ - arm64: factor out PAGE_* and CONT_* definitions
+ - arm64: clean up THREAD_* definitions
+ - arm64: clean up irq stack definitions
+ - arm64: move SEGMENT_ALIGN to <asm/memory.h>
+ - efi/arm64: add EFI_KIMG_ALIGN
+ - arm64: factor out entry stack manipulation
+ - arm64: assembler: allow adr_this_cpu to use the stack pointer
+ - arm64: use an irq stack pointer
+ - arm64: add basic VMAP_STACK support
+ - arm64: add on_accessible_stack()
+ - arm64: add VMAP_STACK overflow detection
+ - arm64: Convert pte handling from inline asm to using (cmp)xchg
+ - kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg()
+ - arm64: Move PTE_RDONLY bit handling out of set_pte_at()
+ - arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect()
+ - arm64: Remove the !CONFIG_ARM64_HW_AFDBM alternative code paths
+ - arm64: introduce separated bits for mm_context_t flags
+ - arm64: cleanup {COMPAT_,}SET_PERSONALITY() macro
+ - KVM: arm/arm64: Fix guest external abort matching
+ - KVM: arm/arm64: vgic: constify seq_operations and file_operations
+ - KVM: arm/arm64: vITS: Drop its_ite->lpi field
+ - KVM: arm/arm64: Extract GICv3 max APRn index calculation
+ - KVM: arm/arm64: Support uaccess of GICC_APRn
+ - arm64: move TASK_* definitions to <asm/processor.h>
+ - arm64: Use larger stacks when KASAN is selected
+ - arm64: sysreg: Move SPE registers and PSB into common header files
+ - arm64: head: Init PMSCR_EL2.{PA,PCT} when entered at EL2 without VHE
+ - arm64: Update fault_info table with new exception types
+ - arm64: Use existing defines for mdscr
+ - arm64: Fix single stepping in kernel traps
+ - arm64: asm-bug: Renumber macro local labels to avoid clashes
+ - arm64: Implement arch-specific pte_access_permitted()
+ - arm64: explicitly mask all exceptions
+ - arm64: introduce an order for exceptions
+ - arm64: Move the async/fiq helpers to explicitly set process context flags
+ - arm64: Mask all exceptions during kernel_exit
+ - arm64: entry.S: Remove disable_dbg
+ - arm64: entry.S: convert el1_sync
+ - arm64: entry.S convert el0_sync
+ - arm64: entry.S: convert elX_irq
+ - arm64: entry.S: move SError handling into a C function for future expansion
+ - arm64: pgd: Mark pgd_cache as __ro_after_init
+ - arm64: cpu_ops: Add missing 'const' qualifiers
+ - arm64: context: Fix comments and remove pointless smp_wmb()
+ - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
+ - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
+ - arm64: Expose support for optional ARMv8-A features
+ - arm64: KVM: Hide unsupported AArch64 CPU features from guests
+ - arm64: mm: Use non-global mappings for kernel space
+ - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
+ - arm64: mm: Move ASID from TTBR0 to TTBR1
+ - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
+ - arm64: mm: Rename post_ttbr0_update_workaround
+ - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
+ - arm64: mm: Allocate ASIDs in pairs
+ - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
+ - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
+ - arm64: entry: Add exception trampoline page for exceptions from EL0
+ - arm64: mm: Map entry trampoline into trampoline and kernel page tables
+ - arm64: entry: Explicitly pass exception level to kernel_ventry macro
+ - arm64: entry: Hook up entry trampoline to exception vectors
+ - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
+ - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
+ - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
+ - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
+ - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
+ - arm64: kaslr: Put kernel vectors address in separate data page
+ - arm64: use RET instruction for exiting the trampoline
+ - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
+ - arm64: Fix the feature type for ID register fields
+ - arm64: Take into account ID_AA64PFR0_EL1.CSV3
+ - arm64: cpufeature: Pass capability structure to ->enable callback
+ - drivers/firmware: Expose psci_get_version through psci_ops structure
+ - arm64: Move post_ttbr_update_workaround to C code
+ - arm64: Add skeleton to harden the branch predictor against aliasing attacks
+ - arm64: KVM: Use per-CPU vector when BP hardening is enabled
+ - arm64: KVM: Make PSCI_VERSION a fast path
+ - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
+ - arm64: Implement branch predictor hardening for affected Cortex-A CPUs
+ - arm64: Define cputype macros for Falkor CPU
+ - arm64: Implement branch predictor hardening for Falkor
+ - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
+ - bpf: inline map in map lookup functions for array and htab
+ - bpf: perf event change needed for subsequent bpf helpers
+ - bpf: do not test for PCPU_MIN_UNIT_SIZE before percpu allocations
+ - arm64: Branch predictor hardening for Cavium ThunderX2
+ - arm64: capabilities: Handle duplicate entries for a capability
+ - arm64: kpti: Fix the interaction between ASID switching and software PAN
+ - SAUCE: arm: Add BTB invalidation on switch_mm for Cortex-A9, A12 and A17
+ - SAUCE: arm: Invalidate BTB on prefetch abort outside of user mapping on
+ Cortex A8, A9, A12 and A17
+ - SAUCE: arm: KVM: Invalidate BTB on guest exit
+ - SAUCE: arm: Add icache invalidation on switch_mm for Cortex-A15
+ - SAUCE: arm: Invalidate icache on prefetch abort outside of user mapping on
+ Cortex-A15
+ - SAUCE: arm: KVM: Invalidate icache on guest exit for Cortex-A15
+ - SAUCE: asm-generic/barrier: add generic nospec helpers
+ - SAUCE: Documentation: document nospec helpers
+ - SAUCE: arm64: implement nospec_{load,ptr}()
+ - SAUCE: arm: implement nospec_ptr()
+ - SAUCE: bpf: inhibit speculated out-of-bounds pointers
+ - SAUCE: arm64: Implement branch predictor hardening for Falkor
+ - SAUCE: arm64: Branch predictor hardening for Cavium ThunderX2
+ - [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y
+
+ * [artful] panic in update_stack_state when reading /proc/<pid>/stack on i386
+ (LP: #1747263)
+ - x86/unwind: Fix dereference of untrusted pointer
+
+ * CVE-2017-5753 (Spectre v1 Intel)
+ - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
+ - SAUCE: reinstate MFENCE_RDTSC feature definition
+ - locking/barriers: introduce new observable speculation barrier
+ - bpf: prevent speculative execution in eBPF interpreter
+ - x86, bpf, jit: prevent speculative execution when JIT is enabled
+ - SAUCE: FIX: x86, bpf, jit: prevent speculative execution when JIT is enabled
+ - uvcvideo: prevent speculative execution
+ - carl9170: prevent speculative execution
+ - p54: prevent speculative execution
+ - qla2xxx: prevent speculative execution
+ - cw1200: prevent speculative execution
+ - Thermal/int340x: prevent speculative execution
+ - ipv4: prevent speculative execution
+ - ipv6: prevent speculative execution
+ - fs: prevent speculative execution
+ - net: mpls: prevent speculative execution
+ - udf: prevent speculative execution
+ - userns: prevent speculative execution
+ - SAUCE: powerpc: add osb barrier
+ - SAUCE: s390/spinlock: add osb memory barrier
+ - SAUCE: claim mitigation via observable speculation barrier
+
+ * CVE-2017-5715 (Spectre v2 retpoline)
+ - x86/asm: Fix inline asm call constraints for Clang
+ - kvm: vmx: Scrub hardware GPRs at VM-exit
+ - sysfs/cpu: Add vulnerability folder
+ - x86/cpu: Implement CPU vulnerabilites sysfs functions
+ - x86/tboot: Unbreak tboot with PTI enabled
+ - objtool: Detect jumps to retpoline thunks
+ - objtool: Allow alternatives to be ignored
+ - x86/retpoline: Add initial retpoline support
+ - x86/spectre: Add boot time option to select Spectre v2 mitigation
+ - x86/retpoline/crypto: Convert crypto assembler indirect jumps
+ - x86/retpoline/entry: Convert entry assembler indirect jumps
+ - x86/retpoline/ftrace: Convert ftrace assembler indirect jumps
+ - x86/retpoline/hyperv: Convert assembler indirect jumps
+ - x86/retpoline/xen: Convert Xen hypercall indirect jumps
+ - x86/retpoline/checksum32: Convert assembler indirect jumps
+ - x86/retpoline/irq32: Convert assembler indirect jumps
+ - x86/retpoline: Fill return stack buffer on vmexit
+ - selftests/x86: Add test_vsyscall
+ - x86/pti: Fix !PCID and sanitize defines
+ - security/Kconfig: Correct the Documentation reference for PTI
+ - x86,perf: Disable intel_bts when PTI
+ - x86/retpoline: Remove compile time warning
+ - [Config] enable CONFIG_GENERIC_CPU_VULNERABILITIES
+ - [Config] enable CONFIG_RETPOLINE
+ - [Packaging] retpoline -- add call site validation
+ - [Config] disable retpoline checks for first upload
+
+ * CVE-2017-5715 (revert embargoed) // CVE-2017-5753 (revert embargoed)
+ - Revert "UBUNTU: SAUCE: x86/entry: Fix up retpoline assembler labels"
+ - Revert "kvm: vmx: Scrub hardware GPRs at VM-exit"
+ - Revert "Revert "x86/svm: Add code to clear registers on VM exit""
+ - Revert "UBUNTU: SAUCE: x86/microcode: Extend post microcode reload to
+ support IBPB feature -- repair missmerge"
+ - Revert "UBUNTU: SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit"
+ - Revert "s390/spinlock: add gmb memory barrier"
+ - Revert "powerpc: add gmb barrier"
+ - Revert "x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature"
+ - Revert "x86/svm: Add code to clear registers on VM exit"
+ - Revert "x86/svm: Add code to clobber the RSB on VM exit"
+ - Revert "KVM: x86: Add speculative control CPUID support for guests"
+ - Revert "x86/svm: Set IBPB when running a different VCPU"
+ - Revert "x86/svm: Set IBRS value on VM entry and exit"
+ - Revert "KVM: SVM: Do not intercept new speculative control MSRs"
+ - Revert "x86/microcode: Extend post microcode reload to support IBPB feature"
+ - Revert "x86/cpu/AMD: Add speculative control support for AMD"
+ - Revert "x86/entry: Use retpoline for syscall's indirect calls"
+ - Revert "x86/syscall: Clear unused extra registers on 32-bit compatible
+ syscall entrance"
+ - Revert "x86/syscall: Clear unused extra registers on syscall entrance"
+ - Revert "x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
+ control"
+ - Revert "x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature"
+ - Revert "x86/kvm: Pad RSB on VM transition"
+ - Revert "x86/kvm: Toggle IBRS on VM entry and exit"
+ - Revert "x86/kvm: Set IBPB when switching VM"
+ - Revert "x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm"
+ - Revert "x86/entry: Stuff RSB for entry to kernel for non-SMEP platform"
+ - Revert "x86/mm: Only set IBPB when the new thread cannot ptrace current
+ thread"
+ - Revert "x86/mm: Set IBPB upon context switch"
+ - Revert "x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup"
+ - Revert "x86/idle: Disable IBRS entering idle and enable it on wakeup"
+ - Revert "x86/enter: Use IBRS on syscall and interrupts"
+ - Revert "x86/enter: MACROS to set/clear IBRS and set IBPB"
+ - Revert "x86/feature: Report presence of IBPB and IBRS control"
+ - Revert "x86/feature: Enable the x86 feature to control Speculation"
+ - Revert "udf: prevent speculative execution"
+ - Revert "net: mpls: prevent speculative execution"
+ - Revert "fs: prevent speculative execution"
+ - Revert "ipv6: prevent speculative execution"
+ - Revert "userns: prevent speculative execution"
+ - Revert "Thermal/int340x: prevent speculative execution"
+ - Revert "cw1200: prevent speculative execution"
+ - Revert "qla2xxx: prevent speculative execution"
+ - Revert "p54: prevent speculative execution"
+ - Revert "carl9170: prevent speculative execution"
+ - Revert "uvcvideo: prevent speculative execution"
+ - Revert "x86, bpf, jit: prevent speculative execution when JIT is enabled"
+ - Revert "bpf: prevent speculative execution in eBPF interpreter"
+ - Revert "locking/barriers: introduce new memory barrier gmb()"
+
+ * Unable to boot with i386 4.13.0-25 / 4.13.0-26 / 4.13.0-31 kernel on Xenial
+ / Artful (LP: #1745118)
+ - x86/mm: Fix overlap of i386 CPU_ENTRY_AREA with FIX_BTMAP
+
+ * 4.13: unable to increase MTU configuration for GRE devices (LP: #1743746)
+ - ip_gre: remove the incorrect mtu limit for ipgre tap
+
+ * CVE-2017-17712
+ - net: ipv4: fix for a race condition in raw_sendmsg
+
+ * upload urgency should be medium by default (LP: #1745338)
+ - [Packaging] update urgency to medium by default
+
+ * CVE-2017-15115
+ - sctp: do not peel off an assoc from one netns to another one
+
+ * CVE-2017-8824
+ - dccp: CVE-2017-8824: use-after-free in DCCP code
+
+ -- Khalid Elmously <khalid.elmously@canonical.com> Tue, 06 Feb 2018 13:19:16 -0500
+
+linux (4.13.0-32.35) artful; urgency=low
+
+ * CVE-2017-5715 // CVE-2017-5753
+ - SAUCE: x86/entry: Fix up retpoline assembler labels
+
+ -- Stefan Bader <stefan.bader@canonical.com> Tue, 23 Jan 2018 09:13:39 +0100
+
+linux (4.13.0-31.34) artful; urgency=low
+
+ * linux: 4.13.0-31.34 -proposed tracker (LP: #1744294)
+
+ [ Stefan Bader ]
+ * CVE-2017-5715 // CVE-2017-5753
+ - SAUCE: s390: improve cpu alternative handling for gmb and nobp
+ - SAUCE: s390: print messages for gmb and nobp
+ - [Config] KERNEL_NOBP=y
+
+ -- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Fri, 19 Jan 2018 09:56:09 -0200
+
+linux (4.13.0-30.33) artful; urgency=low
+
+ * linux: 4.13.0-30.33 -proposed tracker (LP: #1743412)
+
+ * Do not duplicate changelog entries assigned to more than one bug or CVE
+ (LP: #1743383)
+ - [Packaging] git-ubuntu-log -- handle multiple bugs/cves better
+
+ * Unable to handle kernel NULL pointer dereference at isci_task_abort_task
+ (LP: #1726519)
+ - Revert "scsi: libsas: allow async aborts"
+
+ * CVE-2017-5715 // CVE-2017-5753
+ - SAUCE: x86/microcode: Extend post microcode reload to support IBPB feature
+ -- repair missmerge
+ - Revert "x86/svm: Add code to clear registers on VM exit"
+ - kvm: vmx: Scrub hardware GPRs at VM-exit
+
+ -- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Mon, 15 Jan 2018 16:46:07 -0200
+
+linux (4.13.0-29.32) artful; urgency=low
+
+ * linux: 4.13.0-29.32 -proposed tracker (LP: #1742722)
+
+ * CVE-2017-5754
+ - Revert "x86/cpu: Implement CPU vulnerabilites sysfs functions"
+ - Revert "sysfs/cpu: Fix typos in vulnerability documentation"
+ - Revert "sysfs/cpu: Add vulnerability folder"
+ - Revert "UBUNTU: [Config] updateconfigs to enable
+ GENERIC_CPU_VULNERABILITIES"
+
+ -- Kleber Sacilotto de Souza <kleber.souza@canonical.com> Fri, 12 Jan 2018 12:10:51 +0100
+
+linux (4.13.0-28.31) artful; urgency=low
+
+ * CVE-2017-5753
+ - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
+
+ * CVE-2017-5715
+ - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
+
+ -- Seth Forshee <seth.forshee@canonical.com> Thu, 11 Jan 2018 17:52:21 -0600
+
+linux (4.13.0-27.30) artful; urgency=low
+
+ [ Andy Whitcroft ]
+ * CVE-2017-5753
+ - locking/barriers: introduce new memory barrier gmb()
+ - bpf: prevent speculative execution in eBPF interpreter
+ - x86, bpf, jit: prevent speculative execution when JIT is enabled
+ - uvcvideo: prevent speculative execution
+ - carl9170: prevent speculative execution
+ - p54: prevent speculative execution
+ - qla2xxx: prevent speculative execution
+ - cw1200: prevent speculative execution
+ - Thermal/int340x: prevent speculative execution
+ - userns: prevent speculative execution
+ - ipv6: prevent speculative execution
+ - fs: prevent speculative execution
+ - net: mpls: prevent speculative execution
+ - udf: prevent speculative execution
+ - x86/feature: Enable the x86 feature to control Speculation
+ - x86/feature: Report presence of IBPB and IBRS control
+ - x86/enter: MACROS to set/clear IBRS and set IBPB
+ - x86/enter: Use IBRS on syscall and interrupts
+ - x86/idle: Disable IBRS entering idle and enable it on wakeup
+ - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
+ - x86/mm: Set IBPB upon context switch
+ - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
+ - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
+ - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
+ - x86/kvm: Set IBPB when switching VM
+ - x86/kvm: Toggle IBRS on VM entry and exit
+ - x86/kvm: Pad RSB on VM transition
+ - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
+ - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
+ - x86/syscall: Clear unused extra registers on syscall entrance
+ - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
+ entrance
+ - x86/entry: Use retpoline for syscall's indirect calls
+ - x86/cpu/AMD: Add speculative control support for AMD
+ - x86/microcode: Extend post microcode reload to support IBPB feature
+ - KVM: SVM: Do not intercept new speculative control MSRs
+ - x86/svm: Set IBRS value on VM entry and exit
+ - x86/svm: Set IBPB when running a different VCPU
+ - KVM: x86: Add speculative control CPUID support for guests
+ - x86/svm: Add code to clobber the RSB on VM exit
+ - x86/svm: Add code to clear registers on VM exit
+ - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
+ - powerpc: add gmb barrier
+ - s390/spinlock: add gmb memory barrier
+ - x86/microcode/AMD: Add support for fam17h microcode loading
+
+ * CVE-2017-5715
+ - locking/barriers: introduce new memory barrier gmb()
+ - bpf: prevent speculative execution in eBPF interpreter
+ - x86, bpf, jit: prevent speculative execution when JIT is enabled
+ - uvcvideo: prevent speculative execution
+ - carl9170: prevent speculative execution
+ - p54: prevent speculative execution
+ - qla2xxx: prevent speculative execution
+ - cw1200: prevent speculative execution
+ - Thermal/int340x: prevent speculative execution
+ - userns: prevent speculative execution
+ - ipv6: prevent speculative execution
+ - fs: prevent speculative execution
+ - net: mpls: prevent speculative execution
+ - udf: prevent speculative execution
+ - x86/feature: Enable the x86 feature to control Speculation
+ - x86/feature: Report presence of IBPB and IBRS control
+ - x86/enter: MACROS to set/clear IBRS and set IBPB
+ - x86/enter: Use IBRS on syscall and interrupts
+ - x86/idle: Disable IBRS entering idle and enable it on wakeup
+ - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
+ - x86/mm: Set IBPB upon context switch
+ - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
+ - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
+ - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
+ - x86/kvm: Set IBPB when switching VM
+ - x86/kvm: Toggle IBRS on VM entry and exit
+ - x86/kvm: Pad RSB on VM transition
+ - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
+ - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
+ - x86/syscall: Clear unused extra registers on syscall entrance
+ - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
+ entrance
+ - x86/entry: Use retpoline for syscall's indirect calls
+ - x86/cpu/AMD: Add speculative control support for AMD
+ - x86/microcode: Extend post microcode reload to support IBPB feature
+ - KVM: SVM: Do not intercept new speculative control MSRs
+ - x86/svm: Set IBRS value on VM entry and exit
+ - x86/svm: Set IBPB when running a different VCPU
+ - KVM: x86: Add speculative control CPUID support for guests
+ - x86/svm: Add code to clobber the RSB on VM exit
+ - x86/svm: Add code to clear registers on VM exit
+ - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
+ - powerpc: add gmb barrier
+ - s390/spinlock: add gmb memory barrier
+ - x86/microcode/AMD: Add support for fam17h microcode loading
+
+ * CVE-2017-5754
+ - x86/pti: Enable PTI by default
+ - x86/pti: Make sure the user/kernel PTEs match
+ - x86/dumpstack: Fix partial register dumps
+ - x86/dumpstack: Print registers for first stack frame
+ - x86/process: Define cpu_tss_rw in same section as declaration
+ - x86/mm: Set MODULES_END to 0xffffffffff000000
+ - x86/mm: Map cpu_entry_area at the same place on 4/5 level
+ - x86/kaslr: Fix the vaddr_end mess
+ - x86/events/intel/ds: Use the proper cache flush method for mapping ds
+ buffers
+ - x86/tlb: Drop the _GPL from the cpu_tlbstate export
+ - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm
+ - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN
+ - x86/pti: Unbreak EFI old_memmap
+ - x86/Documentation: Add PTI description
+ - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
+ - sysfs/cpu: Add vulnerability folder
+ - x86/cpu: Implement CPU vulnerabilites sysfs functions
+ - x86/tboot: Unbreak tboot with PTI enabled
+ - x86/mm/pti: Remove dead logic in pti_user_pagetable_walk*()
+ - x86/cpu/AMD: Make LFENCE a serializing instruction
+ - x86/cpu/AMD: Use LFENCE_RDTSC in preference to MFENCE_RDTSC
+ - sysfs/cpu: Fix typos in vulnerability documentation
+ - x86/alternatives: Fix optimize_nops() checking
+ - x86/pti: Make unpoison of pgd for trusted boot work for real
+ - s390: introduce CPU alternatives
+ - s390: add ppa to kernel entry / exit
+ - SAUCE: powerpc: Secure memory rfi flush
+ - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
+ - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
+ - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host kernel
+ - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
+ - SAUCE: rfi-flush: Implement congruence-first fallback flush
+ - SAUCE: rfi-flush: Make l1d_flush_type bit flags
+ - SAUCE: rfi-flush: Push the instruction selection down to the patching
+ routine
+ - SAUCE: rfi-flush: Expand the RFI section to two nop slots
+ - SAUCE: rfi-flush: Support more than one flush type at once
+ - SAUCE: rfi-flush: Allow HV to advertise multiple flush types
+ - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
+ - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
+ - SAUCE: rfi-flush: Rework powernv logic to be more cautious
+ - SAUCE: rfi-flush: Rework pseries logic to be more cautious
+ - SAUCE: rfi-flush: Put the fallback flushes in the real trampoline section
+ - SAUCE: rfi-flush: Fix the fallback flush to actually activate
+ - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
+ - SAUCE: rfi-flush: Refactor the macros so the nops are defined once
+ - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
+ - SAUCE: rfi-flush: Use rfi-flush in printks
+ - SAUCE: rfi-flush: Fallback flush add load dependency
+ - SAUCE: rfi-flush: Fix the 32-bit KVM build
+ - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
+ - SAUCE: rfi-flush: Make the fallback robust against memory corruption
+ - [Config] Disable CONFIG_PPC_DEBUG_RFI
+ - [Config] updateconfigs to enable GENERIC_CPU_VULNERABILITIES
+
+ * powerpc: flush L1D on return to use (LP: #1742772)
+ - SAUCE: powerpc: Secure memory rfi flush
+ - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
+ - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
+ - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host kernel
+ - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
+ - SAUCE: rfi-flush: Implement congruence-first fallback flush
+ - SAUCE: rfi-flush: Make l1d_flush_type bit flags
+ - SAUCE: rfi-flush: Push the instruction selection down to the patching
+ routine
+ - SAUCE: rfi-flush: Expand the RFI section to two nop slots
+ - SAUCE: rfi-flush: Support more than one flush type at once
+ - SAUCE: rfi-flush: Allow HV to advertise multiple flush types
+ - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
+ - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
+ - SAUCE: rfi-flush: Rework powernv logic to be more cautious
+ - SAUCE: rfi-flush: Rework pseries logic to be more cautious
+ - SAUCE: rfi-flush: Put the fallback flushes in the real trampoline section
+ - SAUCE: rfi-flush: Fix the fallback flush to actually activate
+ - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
+ - SAUCE: rfi-flush: Refactor the macros so the nops are defined once
+ - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
+ - SAUCE: rfi-flush: Use rfi-flush in printks
+ - SAUCE: rfi-flush: Fallback flush add load dependency
+ - SAUCE: rfi-flush: Fix the 32-bit KVM build
+ - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
+ - SAUCE: rfi-flush: Make the fallback robust against memory corruption
+ - [Config] Disable CONFIG_PPC_DEBUG_RFI
+
+ * s390: add ppa to kernel entry/exit (LP: #1742771)
+ - s390: introduce CPU alternatives
+ - s390: add ppa to kernel entry / exit
+
+ -- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Thu, 11 Jan 2018 18:41:44 -0200
+
+linux (4.13.0-25.29) artful; urgency=low
+
+ * linux: 4.13.0-25.29 -proposed tracker (LP: #1741955)
+
+ * CVE-2017-5754
+ - Revert "UBUNTU: [Config] updateconfigs to enable PTI"
+ - [Config] Enable PTI with UNWINDER_FRAME_POINTER
+
+ -- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Mon, 08 Jan 2018 17:13:57 -0200
+
+linux (4.13.0-24.28) artful; urgency=low
+
+ * linux: 4.13.0-24.28 -proposed tracker (LP: #1741745)
+
+ * CVE-2017-5754
+ - x86/cpu, x86/pti: Do not enable PTI on AMD processors
+
+ -- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Sun, 07 Jan 2018 11:49:34 -0200
+
+linux (4.13.0-23.27) artful; urgency=low
+
+ * linux: 4.13.0-23.27 -proposed tracker (LP: #1741556)
+
+ [ Kleber Sacilotto de Souza ]
+ * CVE-2017-5754
+ - x86/mm: Add the 'nopcid' boot option to turn off PCID
+ - x86/mm: Enable CR4.PCIDE on supported systems
+ - x86/mm: Document how CR4.PCIDE restore works
+ - x86/entry/64: Refactor IRQ stacks and make them NMI-safe
+ - x86/entry/64: Initialize the top of the IRQ stack before switching stacks
+ - x86/entry/64: Add unwind hint annotations
+ - xen/x86: Remove SME feature in PV guests
+ - x86/xen/64: Rearrange the SYSCALL entries
+ - irq: Make the irqentry text section unconditional
+ - x86/xen/64: Fix the reported SS and CS in SYSCALL
+ - x86/paravirt/xen: Remove xen_patch()
+ - x86/traps: Simplify pagefault tracing logic
+ - x86/idt: Unify gate_struct handling for 32/64-bit kernels
+ - x86/asm: Replace access to desc_struct:a/b fields
+ - x86/xen: Get rid of paravirt op adjust_exception_frame
+ - x86/paravirt: Remove no longer used paravirt functions
+ - x86/entry: Fix idtentry unwind hint
+ - x86/mm/64: Initialize CR4.PCIDE early
+ - objtool: Add ORC unwind table generation
+ - objtool, x86: Add facility for asm code to provide unwind hints
+ - x86/unwind: Add the ORC unwinder
+ - x86/kconfig: Consolidate unwinders into multiple choice selection
+ - objtool: Upgrade libelf-devel warning to error for CONFIG_ORC_UNWINDER
+ - x86/ldt/64: Refresh DS and ES when modify_ldt changes an entry
+ - x86/mm: Give each mm TLB flush generation a unique ID
+ - x86/mm: Track the TLB's tlb_gen and update the flushing algorithm
+ - x86/mm: Rework lazy TLB mode and TLB freshness tracking
+ - x86/mm: Implement PCID based optimization: try to preserve old TLB entries
+ using PCID
+ - x86/mm: Factor out CR3-building code
+ - x86/mm/64: Stop using CR3.PCID == 0 in ASID-aware code
+ - x86/mm: Flush more aggressively in lazy TLB mode
+ - Revert "x86/mm: Stop calling leave_mm() in idle code"
+ - kprobes/x86: Set up frame pointer in kprobe trampoline
+ - x86/tracing: Introduce a static key for exception tracing
+ - x86/boot: Add early cmdline parsing for options with arguments
+ - mm, x86/mm: Fix performance regression in get_user_pages_fast()
+ - x86/asm: Remove unnecessary \n\t in front of CC_SET() from asm templates
+ - objtool: Don't report end of section error after an empty unwind hint
+ - x86/head: Remove confusing comment
+ - x86/head: Remove unused 'bad_address' code
+ - x86/head: Fix head ELF function annotations
+ - x86/boot: Annotate verify_cpu() as a callable function
+ - x86/xen: Fix xen head ELF annotations
+ - x86/xen: Add unwind hint annotations
+ - x86/head: Add unwind hint annotations
+ - ACPI / APEI: adjust a local variable type in ghes_ioremap_pfn_irq()
+ - x86/unwinder: Make CONFIG_UNWINDER_ORC=y the default in the 64-bit defconfig
+ - x86/fpu/debug: Remove unused 'x86_fpu_state' and 'x86_fpu_deactivate_state'
+ tracepoints
+ - x86/unwind: Rename unwinder config options to 'CONFIG_UNWINDER_*'
+ - x86/unwind: Make CONFIG_UNWINDER_ORC=y the default in kconfig for 64-bit
+ - bitops: Add clear/set_bit32() to linux/bitops.h
+ - x86/cpuid: Add generic table for CPUID dependencies
+ - x86/fpu: Parse clearcpuid= as early XSAVE argument
+ - x86/fpu: Make XSAVE check the base CPUID features before enabling
+ - x86/fpu: Remove the explicit clearing of XSAVE dependent features
+ - x86/platform/UV: Convert timers to use timer_setup()
+ - objtool: Print top level commands on incorrect usage
+ - x86/cpuid: Prevent out of bound access in do_clear_cpu_cap()
+ - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt()
+ - mm/sparsemem: Allocate mem_section at runtime for CONFIG_SPARSEMEM_EXTREME=y
+ - x86/kasan: Use the same shadow offset for 4- and 5-level paging
+ - x86/xen: Provide pre-built page tables only for CONFIG_XEN_PV=y and
+ CONFIG_XEN_PVH=y
+ - x86/xen: Drop 5-level paging support code from the XEN_PV code
+ - ACPI / APEI: remove the unused dead-code for SEA/NMI notification type
+ - x86/asm: Don't use the confusing '.ifeq' directive
+ - x86/build: Beautify build log of syscall headers
+ - x86/mm/64: Rename the register_page_bootmem_memmap() 'size' parameter to
+ 'nr_pages'
+ - x86/cpufeatures: Enable new SSE/AVX/AVX512 CPU features
+ - x86/mm: Relocate page fault error codes to traps.h
+ - x86/boot: Relocate definition of the initial state of CR0
+ - ptrace,x86: Make user_64bit_mode() available to 32-bit builds
+ - x86/entry/64: Remove the restore_c_regs_and_iret label
+ - x86/entry/64: Split the IRET-to-user and IRET-to-kernel paths
+ - x86/entry/64: Move SWAPGS into the common IRET-to-usermode path
+ - x86/entry/64: Simplify reg restore code in the standard IRET paths
+ - x86/entry/64: Shrink paranoid_exit_restore and make labels local
+ - x86/entry/64: Use pop instead of movq in syscall_return_via_sysret
+ - x86/entry/64: Merge the fast and slow SYSRET paths
+ - x86/entry/64: Use POP instead of MOV to restore regs on NMI return
+ - x86/entry/64: Remove the RESTORE_..._REGS infrastructure
+ - xen, x86/entry/64: Add xen NMI trap entry
+ - x86/entry/64: De-Xen-ify our NMI code
+ - x86/entry/32: Pull the MSR_IA32_SYSENTER_CS update code out of
+ native_load_sp0()
+ - x86/entry/64: Pass SP0 directly to load_sp0()
+ - x86/entry: Add task_top_of_stack() to find the top of a task's stack
+ - x86/xen/64, x86/entry/64: Clean up SP code in cpu_initialize_context()
+ - x86/entry/64: Stop initializing TSS.sp0 at boot
+ - x86/entry/64: Remove all remaining direct thread_struct::sp0 reads
+ - x86/entry/32: Fix cpu_current_top_of_stack initialization at boot
+ - x86/entry/64: Remove thread_struct::sp0
+ - x86/traps: Use a new on_thread_stack() helper to clean up an assertion
+ - x86/entry/64: Shorten TEST instructions
+ - x86/cpuid: Replace set/clear_bit32()
+ - bitops: Revert cbe96375025e ("bitops: Add clear/set_bit32() to
+ linux/bitops.h")
+ - x86/mm: Define _PAGE_TABLE using _KERNPG_TABLE
+ - x86/cpufeatures: Re-tabulate the X86_FEATURE definitions
+ - x86/cpufeatures: Fix various details in the feature definitions
+ - selftests/x86/protection_keys: Fix syscall NR redefinition warnings
+ - selftests/x86/ldt_gdt: Robustify against set_thread_area() and LAR oddities
+ - selftests/x86/ldt_gdt: Add infrastructure to test set_thread_area()
+ - selftests/x86/ldt_gdt: Run most existing LDT test cases against the GDT as
+ well
+ - selftests/x86/ldt_get: Add a few additional tests for limits
+ - ACPI / APEI: Replace ioremap_page_range() with fixmap
+ - x86/virt, x86/platform: Merge 'struct x86_hyper' into 'struct x86_platform'
+ and 'struct x86_init'
+ - x86/virt: Add enum for hypervisors to replace x86_hyper
+ - drivers/misc/intel/pti: Rename the header file to free up the namespace
+ - x86/cpufeature: Add User-Mode Instruction Prevention definitions
+ - x86: Make X86_BUG_FXSAVE_LEAK detectable in CPUID on AMD
+ - perf/x86: Enable free running PEBS for REGS_USER/INTR
+ - bpf: fix build issues on um due to mising bpf_perf_event.h
+ - locking/barriers: Add implicit smp_read_barrier_depends() to READ_ONCE()
+ - locking/barriers: Convert users of lockless_dereference() to READ_ONCE()
+ - x86/mm/kasan: Don't use vmemmap_populate() to initialize shadow
+ - mm/sparsemem: Fix ARM64 boot crash when CONFIG_SPARSEMEM_EXTREME=y
+ - objtool: Move synced files to their original relative locations
+ - objtool: Move kernel headers/code sync check to a script
+ - objtool: Fix cross-build
+ - tools/headers: Sync objtool UAPI header
+ - objtool: Fix 64-bit build on 32-bit host
+ - x86/decoder: Fix and update the opcodes map
+ - x86/decoder: Add new TEST instruction pattern
+ - x86/insn-eval: Add utility functions to get segment selector
+ - x86/entry/64/paravirt: Use paravirt-safe macro to access eflags
+ - x86/unwinder/orc: Dont bail on stack overflow
+ - x86/unwinder: Handle stack overflows more gracefully
+ - x86/irq: Remove an old outdated comment about context tracking races
+ - x86/irq/64: Print the offending IP in the stack overflow warning
+ - x86/entry/64: Allocate and enable the SYSENTER stack
+ - x86/dumpstack: Add get_stack_info() support for the SYSENTER stack
+ - x86/entry/gdt: Put per-CPU GDT remaps in ascending order
+ - x86/mm/fixmap: Generalize the GDT fixmap mechanism, introduce struct
+ cpu_entry_area
+ - x86/kasan/64: Teach KASAN about the cpu_entry_area
+ - x86/entry: Fix assumptions that the HW TSS is at the beginning of cpu_tss
+ - x86/dumpstack: Handle stack overflow on all stacks
+ - x86/entry: Move SYSENTER_stack to the beginning of struct tss_struct
+ - x86/entry: Remap the TSS into the CPU entry area
+ - x86/entry/64: Separate cpu_current_top_of_stack from TSS.sp0
+ - x86/espfix/64: Stop assuming that pt_regs is on the entry stack
+ - x86/entry/64: Use a per-CPU trampoline stack for IDT entries
+ - x86/entry/64: Return to userspace from the trampoline stack
+ - x86/entry/64: Create a per-CPU SYSCALL entry trampoline
+ - x86/entry/64: Move the IST stacks into struct cpu_entry_area
+ - x86/entry/64: Remove the SYSENTER stack canary
+ - x86/entry: Clean up the SYSENTER_stack code
+ - x86/entry/64: Make cpu_entry_area.tss read-only
+ - x86/paravirt: Dont patch flush_tlb_single
+ - x86/paravirt: Provide a way to check for hypervisors
+ - x86/cpufeatures: Make CPU bugs sticky
+ - x86/Kconfig: Limit NR_CPUS on 32-bit to a sane amount
+ - x86/mm/dump_pagetables: Check PAGE_PRESENT for real
+ - x86/mm/dump_pagetables: Make the address hints correct and readable
+ - x86/vsyscall/64: Explicitly set _PAGE_USER in the pagetable hierarchy
+ - x86/vsyscall/64: Warn and fail vsyscall emulation in NATIVE mode
+ - arch, mm: Allow arch_dup_mmap() to fail
+ - x86/ldt: Rework locking
+ - x86/ldt: Prevent LDT inheritance on exec
+ - x86/mm/64: Improve the memory map documentation
+ - x86/doc: Remove obvious weirdnesses from the x86 MM layout documentation
+ - x86/entry: Rename SYSENTER_stack to CPU_ENTRY_AREA_entry_stack
+ - x86/uv: Use the right TLB-flush API
+ - x86/microcode: Dont abuse the TLB-flush interface
+ - x86/mm: Use __flush_tlb_one() for kernel memory
+ - x86/mm: Remove superfluous barriers
+ - x86/mm: Add comments to clarify which TLB-flush functions are supposed to
+ flush what
+ - x86/mm: Move the CR3 construction functions to tlbflush.h
+ - x86/mm: Remove hard-coded ASID limit checks
+ - x86/mm: Put MMU to hardware ASID translation in one place
+ - x86/mm: Create asm/invpcid.h
+ - x86/cpu_entry_area: Move it to a separate unit
+ - x86/cpu_entry_area: Move it out of the fixmap
+ - init: Invoke init_espfix_bsp() from mm_init()
+ - x86/cpu_entry_area: Prevent wraparound in setup_cpu_entry_area_ptes() on
+ 32bit
+ - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
+ - x86/mm/pti: Disable global pages if PAGE_TABLE_ISOLATION=y
+ - x86/mm/pti: Prepare the x86/entry assembly code for entry/exit CR3 switching
+ - x86/mm/pti: Add infrastructure for page table isolation
+ - x86/pti: Add the pti= cmdline option and documentation
+ - x86/mm/pti: Add mapping helper functions
+ - x86/mm/pti: Allow NX poison to be set in p4d/pgd
+ - x86/mm/pti: Allocate a separate user PGD
+ - x86/mm/pti: Populate user PGD
+ - x86/mm/pti: Add functions to clone kernel PMDs
+ - x86/mm/pti: Force entry through trampoline when PTI active
+ - x86/mm/pti: Share cpu_entry_area with user space page tables
+ - x86/entry: Align entry text section to PMD boundary
+ - x86/mm/pti: Share entry text PMD
+ - x86/mm/pti: Map ESPFIX into user space
+ - x86/cpu_entry_area: Add debugstore entries to cpu_entry_area
+ - x86/events/intel/ds: Map debug buffers in cpu_entry_area
+ - x86/mm/64: Make a full PGD-entry size hole in the memory map
+ - x86/pti: Put the LDT in its own PGD if PTI is on
+ - x86/pti: Map the vsyscall page if needed
+ - x86/mm: Allow flushing for future ASID switches
+ - x86/mm: Abstract switching CR3
+ - x86/mm: Use/Fix PCID to optimize user/kernel switches
+ - x86/mm: Optimize RESTORE_CR3
+ - x86/mm: Use INVPCID for __native_flush_tlb_single()
+ - x86/mm: Clarify the whole ASID/kernel PCID/user PCID naming
+ - x86/dumpstack: Indicate in Oops whether PTI is configured and enabled
+ - x86/mm/pti: Add Kconfig
+ - x86/mm/dump_pagetables: Add page table directory to the debugfs VFS
+ hierarchy
+ - x86/mm/dump_pagetables: Check user space page table for WX pages
+ - x86/mm/dump_pagetables: Allow dumping current pagetables
+ - x86/ldt: Make the LDT mapping RO
+ - x86/smpboot: Remove stale TLB flush invocations
+ - x86/mm: Remove preempt_disable/enable() from __native_flush_tlb()
+ - x86/ldt: Plug memory leak in error path
+ - x86/ldt: Make LDT pgtable free conditional
+ - [Config] updateconfigs to enable PTI
+ - kvm: x86: fix RSM when PCID is non-zero
+ - x86/pti: Switch to kernel CR3 at early in entry_SYSCALL_compat()
+ - SAUCE: only attempt to use PCID in 64 bit builds
+ - SAUCE: BODGE: temporarily disable some kprobe trace points which are
+ cratering
+ - s390/mm: use generic mm_hooks
+ - objtool: use sh to invoke sync-check.sh in the Makefile
+
+ * CVE-2017-17862
+ - bpf: fix branch pruning logic
+
+ * CVE-2017-17864
+ - SAUCE: bpf/verifier: Fix states_equal() comparison of pointer and UNKNOWN
+
+ * CVE-2017-16995
+ - bpf: fix incorrect sign extension in check_alu_op()
+
+ * CVE-2017-17863
+ - SAUCE: bpf: reject out-of-bounds stack pointer calculation
+
+ -- Marcelo Henrique Cerri <marcelo.cerri@canonical.com> Sat, 06 Jan 2018 20:01:35 +0000
+
+linux (4.13.0-21.24) artful; urgency=low
+
+ * linux: 4.13.0-21.24 -proposed tracker (LP: #1738823)
+
+ * Ubuntu 17.10 corrupting BIOS - many LENOVO laptops models (LP: #1734147)
+ - [Config] CONFIG_SPI_INTEL_SPI_PLATFORM=n
+
+ -- Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Mon, 18 Dec 2017 14:13:33 -0200
+
+linux (4.13.0-19.22) artful; urgency=low
+
+ * linux: 4.13.0-19.22 -proposed tracker (LP: #1736118)
+
+ * CVE-2017-1000405
+ - mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
+
+ -- Stefan Bader <stefan.bader@canonical.com> Mon, 04 Dec 2017 12:27:13 +0100
+
linux (4.13.0-18.21) artful; urgency=low
* linux: 4.13.0-18.21 -proposed tracker (LP: #1733530)
projects / mirror_ubuntu-artful-kernel.git / blobdiff