Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
L
linux
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Kirill Smelkov
linux
Commits
c9efb7b9
Commit
c9efb7b9
authored
Jan 12, 2018
by
Marcelo Henrique Cerri
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
UBUNTU: Ubuntu-4.4.0-110.133
Signed-off-by:
Marcelo Henrique Cerri
<
marcelo.cerri@canonical.com
>
parent
bf2fe22f
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
182 additions
and
6 deletions
+182
-6
debian.master/changelog
debian.master/changelog
+182
-6
No files found.
debian.master/changelog
View file @
c9efb7b9
linux
(
4.4.0
-
110.133
)
UNRELEASED
;
urgency
=
low
linux
(
4.4.0
-
110.133
)
xenial
;
urgency
=
low
*
linux
:
4.4.0
-
110.133
-
proposed
tracker
(
LP
:
#
1742995
)
*
CVE
-
2017
-
5753
-
x86
/
microcode
/
AMD
:
Add
support
for
fam17h
microcode
loading
-
bpf
:
add
bpf_patch_insn_single
helper
-
bpf
:
prepare
bpf_int_jit_compile
/
bpf_prog_select_runtime
apis
-
bpf
:
add
generic
constant
blinding
for
use
in
jits
-
locking
/
barriers
:
introduce
new
memory
barrier
gmb
()
-
bpf
:
prevent
speculative
execution
in
eBPF
interpreter
-
x86
,
bpf
,
jit
:
prevent
speculative
execution
when
JIT
is
enabled
-
uvcvideo
:
prevent
speculative
execution
-
carl9170
:
prevent
speculative
execution
-
qla2xxx
:
prevent
speculative
execution
-
Thermal
/
int340x
:
prevent
speculative
execution
-
userns
:
prevent
speculative
execution
-
ipv6
:
prevent
speculative
execution
-
fs
:
prevent
speculative
execution
-
net
:
mpls
:
prevent
speculative
execution
-
udf
:
prevent
speculative
execution
-
x86
/
feature
:
Enable
the
x86
feature
to
control
Speculation
-
x86
/
feature
:
Report
presence
of
IBPB
and
IBRS
control
-
x86
/
enter
:
MACROS
to
set
/
clear
IBRS
and
set
IBPB
-
x86
/
enter
:
Use
IBRS
on
syscall
and
interrupts
-
x86
/
idle
:
Disable
IBRS
entering
idle
and
enable
it
on
wakeup
-
x86
/
idle
:
Disable
IBRS
when
offlining
cpu
and
re
-
enable
on
wakeup
-
x86
/
mm
:
Set
IBPB
upon
context
switch
-
x86
/
mm
:
Only
set
IBPB
when
the
new
thread
cannot
ptrace
current
thread
-
x86
/
entry
:
Stuff
RSB
for
entry
to
kernel
for
non
-
SMEP
platform
-
x86
/
kvm
:
add
MSR_IA32_SPEC_CTRL
and
MSR_IA32_PRED_CMD
to
kvm
-
x86
/
kvm
:
Set
IBPB
when
switching
VM
-
x86
/
kvm
:
Toggle
IBRS
on
VM
entry
and
exit
-
x86
/
kvm
:
Pad
RSB
on
VM
transition
-
x86
/
spec_ctrl
:
Add
sysctl
knobs
to
enable
/
disable
SPEC_CTRL
feature
-
x86
/
spec_ctrl
:
Add
lock
to
serialize
changes
to
ibrs
and
ibpb
control
-
x86
/
syscall
:
Clear
unused
extra
registers
on
syscall
entrance
-
x86
/
syscall
:
Clear
unused
extra
registers
on
32
-
bit
compatible
syscall
entrance
-
x86
/
entry
:
Use
retpoline
for
syscall
's indirect calls
- x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
- x86/cpu/AMD: Add speculative control support for AMD
- x86/microcode: Extend post microcode reload to support IBPB feature
- KVM: SVM: Do not intercept new speculative control MSRs
- x86/svm: Set IBRS value on VM entry and exit
- x86/svm: Set IBPB when running a different VCPU
- KVM: x86: Add speculative control CPUID support for guests
- x86/svm: Add code to clobber the RSB on VM exit
- x86/svm: Add code to clear registers on VM exit
- x86/cpu/AMD: Make the LFENCE instruction serialized
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
- powerpc: add gmb barrier
- s390/spinlock: add gmb memory barrier
- SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
- arm64: no gmb() implementation yet
- arm: no gmb() implementation yet
* CVE-2017-5715
- x86/microcode/AMD: Add support for fam17h microcode loading
- bpf: add bpf_patch_insn_single helper
- bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
- bpf: add generic constant blinding for use in jits
- locking/barriers: introduce new memory barrier gmb()
- bpf: prevent speculative execution in eBPF interpreter
- x86, bpf, jit: prevent speculative execution when JIT is enabled
- uvcvideo: prevent speculative execution
- carl9170: prevent speculative execution
- qla2xxx: prevent speculative execution
- Thermal/int340x: prevent speculative execution
- userns: prevent speculative execution
- ipv6: prevent speculative execution
- fs: prevent speculative execution
- net: mpls: prevent speculative execution
- udf: prevent speculative execution
- x86/feature: Enable the x86 feature to control Speculation
- x86/feature: Report presence of IBPB and IBRS control
- x86/enter: MACROS to set/clear IBRS and set IBPB
- x86/enter: Use IBRS on syscall and interrupts
- x86/idle: Disable IBRS entering idle and enable it on wakeup
- x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
- x86/mm: Set IBPB upon context switch
- x86/mm: Only set IBPB when the new thread cannot ptrace current thread
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
- x86/kvm: Set IBPB when switching VM
- x86/kvm: Toggle IBRS on VM entry and exit
- x86/kvm: Pad RSB on VM transition
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
- x86/syscall: Clear unused extra registers on syscall entrance
- x86/syscall: Clear unused extra registers on 32-bit compatible syscall
entrance
- x86/entry: Use retpoline for syscall'
s
indirect
calls
-
x86
/
cpu
/
amd
,
kvm
:
Satisfy
guest
kernel
reads
of
IC_CFG
MSR
-
x86
/
cpu
/
AMD
:
Add
speculative
control
support
for
AMD
-
x86
/
microcode
:
Extend
post
microcode
reload
to
support
IBPB
feature
-
KVM
:
SVM
:
Do
not
intercept
new
speculative
control
MSRs
-
x86
/
svm
:
Set
IBRS
value
on
VM
entry
and
exit
-
x86
/
svm
:
Set
IBPB
when
running
a
different
VCPU
-
KVM
:
x86
:
Add
speculative
control
CPUID
support
for
guests
-
x86
/
svm
:
Add
code
to
clobber
the
RSB
on
VM
exit
-
x86
/
svm
:
Add
code
to
clear
registers
on
VM
exit
-
x86
/
cpu
/
AMD
:
Make
the
LFENCE
instruction
serialized
-
x86
/
cpu
/
AMD
:
Remove
now
unused
definition
of
MFENCE_RDTSC
feature
-
powerpc
:
add
gmb
barrier
-
s390
/
spinlock
:
add
gmb
memory
barrier
-
SAUCE
:
x86
/
kvm
:
Fix
stuff_RSB
()
for
32
-
bit
-
arm64
:
no
gmb
()
implementation
yet
-
arm
:
no
gmb
()
implementation
yet
*
powerpc
:
flush
L1D
on
return
to
use
(
LP
:
#
1742772
)
-
SAUCE
:
powerpc
:
Secure
memory
rfi
flush
-
SAUCE
:
rfi
-
flush
:
Make
DEBUG_RFI
a
CONFIG
option
-
SAUCE
:
rfi
-
flush
:
Add
HRFI_TO_UNKNOWN
and
use
it
in
denorm
-
SAUCE
:
Fixup
rfid
in
kvmppc_skip_Hinterrupt
should
be
hrfid
-
SAUCE
:
rfi
-
flush
:
kvmppc_skip_
(
H
)
interrupt
returns
to
host
-
SAUCE
:
KVM
:
Revert
the
implementation
of
H_GET_CPU_CHARACTERISTICS
-
SAUCE
:
rfi
-
flush
:
Implement
congruence
-
first
fallback
flush
-
SAUCE
:
rfi
-
flush
:
Make
l1d_flush_type
bit
flags
-
SAUCE
:
rfi
-
flush
:
Push
the
instruction
selection
down
to
the
patching
routine
-
SAUCE
:
rfi
-
flush
:
Expand
the
RFI
section
to
two
nop
slots
-
SAUCE
:
rfi
-
flush
:
Support
more
than
one
flush
type
at
once
-
SAUCE
:
rfi
-
flush
:
Allow
HV
to
advertise
multiple
flush
types
-
SAUCE
:
rfi
-
flush
:
Add
speculation
barrier
before
ori
30
,
30
,
0
flush
-
SAUCE
:
powerpc
/
asm
:
Allow
including
ppc_asm
.
h
in
asm
files
-
SAUCE
:
Remove
setup
.
h
include
file
otherwise
compilation
complains
about
missing
header
file
.
-
SAUCE
:
Fix
compilation
errors
for
arch
/
powerpc
/
lib
/
feature
-
fixups
.
c
-
SAUCE
:
rfi
-
flush
:
Add
barriers
to
the
fallback
L1D
flushing
-
SAUCE
:
rfi
-
flush
:
Rework
powernv
logic
to
be
more
cautious
-
SAUCE
:
rfi
-
flush
:
Rework
pseries
logic
to
be
more
cautious
-
SAUCE
:
rfi
-
flush
:
Fix
the
fallback
flush
to
actually
activate
-
SAUCE
:
rfi
-
flush
:
Fix
HRFI_TO_UNKNOWN
-
SAUCE
:
rfi
-
flush
:
Refactor
the
macros
so
the
nops
are
defined
once
-
SAUCE
:
rfi
-
flush
:
Add
no_rfi_flush
and
nopti
comandline
options
-
SAUCE
:
rfi
-
flush
:
Use
rfi
-
flush
in
printks
-
SAUCE
:
rfi
-
flush
:
Fallback
flush
add
load
dependency
-
SAUCE
:
rfi
-
flush
:
Fix
the
32
-
bit
KVM
build
-
SAUCE
:
rfi
-
flush
:
Fix
some
RFI
conversions
in
the
KVM
code
-
SAUCE
:
UBUNTU
:
[
Config
]
Disable
CONFIG_PPC_DEBUG_RFI
*
s390
:
add
ppa
to
kernel
entry
/
exit
(
LP
:
#
1742771
)
-
s390
:
introduce
CPU
alternatives
-
s390
:
add
ppa
to
kernel
entry
/
exit
CHANGELOG
:
Do
not
edit
directly
.
Autogenerated
at
release
.
*
CVE
-
2017
-
5754
CHANGELOG
:
Use
the
printchanges
target
to
see
the
curent
changes
.
-
x86
/
tlb
:
Drop
the
_GPL
from
the
cpu_tlbstate
export
CHANGELOG
:
Use
the
insertchanges
target
to
create
the
final
log
.
-
Map
the
vsyscall
page
with
_PAGE_USER
-
s390
:
introduce
CPU
alternatives
--
Marcelo
Henrique
Cerri
<
marcelo
.
cerri
@
canonical
.
com
>
Fri
,
12
Jan
2018
14
:
45
:
34
-
0200
-
s390
:
add
ppa
to
kernel
entry
/
exit
-
SAUCE
:
powerpc
:
Secure
memory
rfi
flush
-
SAUCE
:
rfi
-
flush
:
Make
DEBUG_RFI
a
CONFIG
option
-
SAUCE
:
rfi
-
flush
:
Add
HRFI_TO_UNKNOWN
and
use
it
in
denorm
-
SAUCE
:
Fixup
rfid
in
kvmppc_skip_Hinterrupt
should
be
hrfid
-
SAUCE
:
rfi
-
flush
:
kvmppc_skip_
(
H
)
interrupt
returns
to
host
-
SAUCE
:
KVM
:
Revert
the
implementation
of
H_GET_CPU_CHARACTERISTICS
-
SAUCE
:
rfi
-
flush
:
Implement
congruence
-
first
fallback
flush
-
SAUCE
:
rfi
-
flush
:
Make
l1d_flush_type
bit
flags
-
SAUCE
:
rfi
-
flush
:
Push
the
instruction
selection
down
to
the
patching
routine
-
SAUCE
:
rfi
-
flush
:
Expand
the
RFI
section
to
two
nop
slots
-
SAUCE
:
rfi
-
flush
:
Support
more
than
one
flush
type
at
once
-
SAUCE
:
rfi
-
flush
:
Allow
HV
to
advertise
multiple
flush
types
-
SAUCE
:
rfi
-
flush
:
Add
speculation
barrier
before
ori
30
,
30
,
0
flush
-
SAUCE
:
powerpc
/
asm
:
Allow
including
ppc_asm
.
h
in
asm
files
-
SAUCE
:
Remove
setup
.
h
include
file
otherwise
compilation
complains
about
missing
header
file
.
-
SAUCE
:
Fix
compilation
errors
for
arch
/
powerpc
/
lib
/
feature
-
fixups
.
c
-
SAUCE
:
rfi
-
flush
:
Add
barriers
to
the
fallback
L1D
flushing
-
SAUCE
:
rfi
-
flush
:
Rework
powernv
logic
to
be
more
cautious
-
SAUCE
:
rfi
-
flush
:
Rework
pseries
logic
to
be
more
cautious
-
SAUCE
:
rfi
-
flush
:
Fix
the
fallback
flush
to
actually
activate
-
SAUCE
:
rfi
-
flush
:
Fix
HRFI_TO_UNKNOWN
-
SAUCE
:
rfi
-
flush
:
Refactor
the
macros
so
the
nops
are
defined
once
-
SAUCE
:
rfi
-
flush
:
Add
no_rfi_flush
and
nopti
comandline
options
-
SAUCE
:
rfi
-
flush
:
Use
rfi
-
flush
in
printks
-
SAUCE
:
rfi
-
flush
:
Fallback
flush
add
load
dependency
-
SAUCE
:
rfi
-
flush
:
Fix
the
32
-
bit
KVM
build
-
SAUCE
:
rfi
-
flush
:
Fix
some
RFI
conversions
in
the
KVM
code
-
SAUCE
:
UBUNTU
:
[
Config
]
Disable
CONFIG_PPC_DEBUG_RFI
--
Marcelo
Henrique
Cerri
<
marcelo
.
cerri
@
canonical
.
com
>
Fri
,
12
Jan
2018
14
:
47
:
54
-
0200
linux
(
4.4.0
-
109.132
)
xenial
;
urgency
=
low
linux
(
4.4.0
-
109.132
)
xenial
;
urgency
=
low
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment