[ubuntu/bionic-security] linux-kvm 4.15.0-1034.34 (Accepted)
Andy Whitcroft
apw at canonical.com
Wed May 15 11:41:34 UTC 2019
linux-kvm (4.15.0-1034.34) bionic; urgency=medium
[ Ubuntu: 4.15.0-50.54 ]
* CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
- Documentation/l1tf: Fix small spelling typo
- x86/cpu: Sanitize FAM6_ATOM naming
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
- locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
new <linux/bits.h> file
- tools include: Adopt linux/bits.h
- x86/msr-index: Cleanup bit defines
- x86/speculation: Consolidate CPU whitelists
- x86/speculation/mds: Add basic bug infrastructure for MDS
- x86/speculation/mds: Add BUG_MSBDS_ONLY
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
- x86/speculation/mds: Add mds_clear_cpu_buffers()
- x86/speculation/mds: Clear CPU buffers on exit to user
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry
- x86/speculation/mds: Add mitigation control for MDS
- x86/speculation/mds: Add sysfs reporting for MDS
- x86/speculation/mds: Add mitigation mode VMWERV
- Documentation: Move L1TF to separate directory
- Documentation: Add MDS vulnerability documentation
- x86/speculation/mds: Add mds=full,nosmt cmdline option
- x86/speculation: Move arch_smt_update() call to after mitigation decisions
- x86/speculation/mds: Add SMT warning message
- x86/speculation/mds: Fix comment
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
- x86/speculation/mds: Add 'mitigations=' support for MDS
* CVE-2017-5715 // CVE-2017-5753
- s390/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
- powerpc/speculation: Support 'mitigations=' cmdline option
* CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
CVE-2018-3646
- cpu/speculation: Add 'mitigations=' cmdline option
- x86/speculation: Support 'mitigations=' cmdline option
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
[ Ubuntu: 4.15.0-49.53 ]
* linux: 4.15.0-49.53 -proposed tracker (LP: #1826358)
* bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868)
- [Packaging] arm64: Drop snapdragon from kernel-versions
linux-kvm (4.15.0-1033.33) bionic; urgency=medium
* linux-kvm: 4.15.0-1033.33 -proposed tracker (LP: #1826343)
[ Ubuntu: 4.15.0-49.52 ]
* linux: 4.15.0-49.52 -proposed tracker (LP: #1826358)
* Backport support for software count cache flush Spectre v2 mitigation. (CVE)
(required for POWER9 DD2.3) (LP: #1822870)
- powerpc/64s: Add support for ori barrier_nospec patching
- powerpc/64s: Patch barrier_nospec in modules
- powerpc/64s: Enable barrier_nospec based on firmware settings
- powerpc: Use barrier_nospec in copy_from_user()
- powerpc/64: Use barrier_nospec in syscall entry
- powerpc/64s: Enhance the information in cpu_show_spectre_v1()
- powerpc/64: Disable the speculation barrier from the command line
- powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
- powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
- powerpc/64: Call setup_barrier_nospec() from setup_arch()
- powerpc/64: Make meltdown reporting Book3S 64 specific
- powerpc/lib/code-patching: refactor patch_instruction()
- powerpc/lib/feature-fixups: use raw_patch_instruction()
- powerpc/asm: Add a patch_site macro & helpers for patching instructions
- powerpc/64s: Add new security feature flags for count cache flush
- powerpc/64s: Add support for software count cache flush
- powerpc/pseries: Query hypervisor for count cache flush settings
- powerpc/powernv: Query firmware for count cache flush settings
- powerpc/fsl: Add nospectre_v2 command line argument
- KVM: PPC: Book3S: Add count cache flush parameters to kvmppc_get_cpu_char()
- [Config] Add CONFIG_PPC_BARRIER_NOSPEC
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
* autopkgtests run too often, too much and don't skip enough (LP: #1823056)
- [Debian] Set +x on rebuild testcase.
- [Debian] Skip rebuild test, for regression-suite deps.
- [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
- [Debian] make rebuild use skippable error codes when skipping.
- [Debian] Only run regression-suite, if requested to.
* bionic: fork out linux-snapdragon into its own topic kernel (LP: #1820868)
- [Packaging] remove arm64 snapdragon from getabis
- [Config] config changes for snapdragon split
- packaging: arm64: disable building the snapdragon flavour
* CVE-2017-5753
- KVM: arm/arm64: vgic: fix possible spectre-v1 in vgic_get_irq()
- media: dvb_ca_en50221: prevent using slot_info for Spectre attacs
- sysvipc/sem: mitigate semnum index against spectre v1
- libahci: Fix possible Spectre-v1 pmp indexing in ahci_led_store()
- s390/keyboard: sanitize array index in do_kdsk_ioctl
- arm64: fix possible spectre-v1 write in ptrace_hbp_set_event()
- KVM: arm/arm64: vgic: Fix possible spectre-v1 write in vgic_mmio_write_apr()
- pktcdvd: Fix possible Spectre-v1 for pkt_devs
- net: socket: fix potential spectre v1 gadget in socketcall
- net: socket: Fix potential spectre v1 gadget in sock_is_registered
- drm/amdgpu/pm: Fix potential Spectre v1
- netlink: Fix spectre v1 gadget in netlink_create()
- ext4: fix spectre gadget in ext4_mb_regular_allocator()
- drm/i915/kvmgt: Fix potential Spectre v1
- net: sock_diag: Fix spectre v1 gadget in __sock_diag_cmd()
- fs/quota: Fix spectre gadget in do_quotactl
- hwmon: (nct6775) Fix potential Spectre v1
- mac80211_hwsim: Fix possible Spectre-v1 for hwsim_world_regdom_custom
- switchtec: Fix Spectre v1 vulnerability
- misc: hmc6352: fix potential Spectre v1
- tty: vt_ioctl: fix potential Spectre v1
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT
- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds
- IB/ucm: Fix Spectre v1 vulnerability
- RDMA/ucma: Fix Spectre v1 vulnerability
- drm/bufs: Fix Spectre v1 vulnerability
- usb: gadget: storage: Fix Spectre v1 vulnerability
- ptp: fix Spectre v1 vulnerability
- HID: hiddev: fix potential Spectre v1
- vhost: Fix Spectre V1 vulnerability
- drivers/misc/sgi-gru: fix Spectre v1 vulnerability
- ipv4: Fix potential Spectre v1 vulnerability
- aio: fix spectre gadget in lookup_ioctx
- ALSA: emux: Fix potential Spectre v1 vulnerabilities
- ALSA: pcm: Fix potential Spectre v1 vulnerability
- ip6mr: Fix potential Spectre v1 vulnerability
- ALSA: rme9652: Fix potential Spectre v1 vulnerability
- ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities
- KVM: arm/arm64: vgic: Fix off-by-one bug in vgic_get_irq()
- drm/ioctl: Fix Spectre v1 vulnerabilities
- char/mwave: fix potential Spectre v1 vulnerability
- applicom: Fix potential Spectre v1 vulnerabilities
- ipmi: msghandler: Fix potential Spectre v1 vulnerabilities
- powerpc/ptrace: Mitigate potential Spectre v1
- cfg80211: prevent speculation on cfg80211_classify8021d() return
- ALSA: rawmidi: Fix potential Spectre v1 vulnerability
- ALSA: seq: oss: Fix Spectre v1 vulnerability
* Bionic: Sync to Xenial (Spectre) (LP: #1822760)
- x86/speculation/l1tf: Suggest what to do on systems with too much RAM
- KVM: SVM: Add MSR-based feature support for serializing LFENCE
- KVM: VMX: fixes for vmentry_l1d_flush module parameter
- KVM: X86: Allow userspace to define the microcode version
- SAUCE: [Fix] x86/KVM/VMX: Add L1D flush logic
- SAUCE: [Fix] x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on
vmentry
* [SRU] [B/OEM] Fix ACPI bug that causes boot failure (LP: #1819921)
- SAUCE: ACPI / bus: Add some Lenovo laptops in list of acpi table term list
* Bionic update: upstream stable patchset for fuse 2019-04-12 (LP: #1824553)
- fuse: fix double request_end()
- fuse: fix unlocked access to processing queue
- fuse: umount should wait for all requests
- fuse: Fix oops at process_init_reply()
- fuse: Don't access pipe->buffers without pipe_lock()
- fuse: Fix use-after-free in fuse_dev_do_read()
- fuse: Fix use-after-free in fuse_dev_do_write()
- fuse: set FR_SENT while locked
- fuse: fix blocked_waitq wakeup
- fuse: fix leaked notify reply
- fuse: fix possibly missed wake-up after abort
- fuse: fix use-after-free in fuse_direct_IO()
- fuse: continue to send FUSE_RELEASEDIR when FUSE_OPEN returns ENOSYS
- fuse: handle zero sized retrieve correctly
- fuse: call pipe_buf_release() under pipe lock
- fuse: decrement NR_WRITEBACK_TEMP on the right page
* Backport support for software count cache flush Spectre v2 mitigation. (CVE)
(required for POWER9 DD2.3) (LP: #1822870) // Backport support for software
count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
(LP: #1822870)
- powerpc64s: Show ori31 availability in spectre_v1 sysfs file not v2
- powerpc/fsl: Fix spectre_v2 mitigations reporting
- powerpc: Avoid code patching freed init sections
* Backport support for software count cache flush Spectre v2 mitigation. (CVE)
(required for POWER9 DD2.3) (LP: #1822870) // Backport support for software
count cache flush Spectre v2 mitigation. (CVE) (required for POWER9 DD2.3)
(LP: #1822870) // Backport support for software count cache flush Spectre v2
mitigation. (CVE) (required for POWER9 DD2.3) (LP: #1822870)
- powerpc/security: Fix spectre_v2 reporting
* CVE-2019-3874
- sctp: use sk_wmem_queued to check for writable space
- sctp: implement memory accounting on tx path
- sctp: implement memory accounting on rx path
* NULL pointer dereference when using z3fold and zswap (LP: #1814874)
- z3fold: fix possible reclaim races
* Kprobe event argument syntax in ftrace from ubuntu_kernel_selftests failed
on B PowerPC (LP: #1812809)
- selftests/ftrace: Add ppc support for kprobe args tests
* The Realtek card reader does not enter PCIe 1.1/1.2 (LP: #1825487)
- misc: rtsx: make various functions static
- misc: rtsx: Enable OCP for rts522a rts524a rts525a rts5260
- SAUCE: misc: rtsx: Fixed rts5260 power saving parameter and sd glitch
* headset-mic doesn't work on two Dell laptops. (LP: #1825272)
- ALSA: hda/realtek - add two more pin configuration sets to quirk table
* CVE-2018-16884
- sunrpc: use SVC_NET() in svcauth_gss_* functions
- sunrpc: use-after-free in svc_process_common()
* sky2 ethernet card don't work after returning from suspension (LP: #1798921)
- sky2: Increase D3 delay again
* CVE-2019-9500
- brcmfmac: assure SSID length from firmware is limited
* CVE-2019-9503
- brcmfmac: add subtype check for event handling in data path
* CVE-2019-3882
- vfio/type1: Limit DMA mappings per container
* Intel I210 Ethernet card not working after hotplug [8086:1533]
(LP: #1818490)
- igb: Fix WARN_ONCE on runtime suspend
* bionic, xenial/hwe: misses "fuse: fix initial parallel dirops" patch
(LP: #1823972)
- fuse: fix initial parallel dirops
* amdgpu resume failure: failed to allocate wb slot (LP: #1825074)
- drm/amdgpu: fix&cleanups for wb_clear
* Pop noise when headset is plugged in or removed from GHS/Line-out jack
(LP: #1821290)
- ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode
for ALC225
- ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225
- ALSA: hda/realtek - Add support headset mode for DELL WYSE AIO
- ALSA: hda/realtek - Add support headset mode for New DELL WYSE NB
* mac80211_hwsim unable to handle kernel NULL pointer dereference
at0000000000000000 (LP: #1825058)
- mac80211_hwsim: Timer should be initialized before device registered
* [regression][snd_hda_codec_realtek] repeating crackling noise after 19.04
upgrade (LP: #1821663)
- ALSA: hda: Add Intel NUC7i3BNB to the power_save blacklist
- ALSA: hda - add Lenovo IdeaCentre B550 to the power_save_blacklist
- ALSA: hda - Add two more machines to the power_save_blacklist
* ubuntu_nbd_smoke_test failed on P9 with Bionic kernel (LP: #1822247)
- nbd: fix how we set bd_invalidated
* TSC clocksource not available in nested guests (LP: #1822821)
- kvmclock: fix TSC calibration for nested guests
* 4.15 kernel ip_vs --ops causes performance and hang problem (LP: #1819786)
- ipvs: fix refcount usage for conns in ops mode
* systemd cause kernel trace "BUG: unable to handle kernel paging request at
6db23a14" on Cosmic i386 (LP: #1813244) // systemd cause kernel trace "BUG:
unable to handle kernel paging request at 6db23a14" on Cosmic i386
(LP: #1813244)
- openvswitch: fix flow actions reallocation
linux-kvm (4.15.0-1032.32) bionic; urgency=medium
* linux-kvm: 4.15.0-1032.32 -proposed tracker (LP: #1822809)
* Packaging resync (LP: #1786013)
- [Packaging] resync git-ubuntu-log
[ Ubuntu: 4.15.0-48.51 ]
* linux: 4.15.0-48.51 -proposed tracker (LP: #1822820)
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
- [Packaging] resync retpoline extraction
* 3b080b2564287be91605bfd1d5ee985696e61d3c in ubuntu_btrfs_kernel_fixes
triggers system hang on i386 (LP: #1812845)
- btrfs: raid56: properly unmap parity page in finish_parity_scrub()
* [P9][LTCTest][Opal][FW910] cpupower monitor shows multiple stop Idle_Stats
(LP: #1719545)
- cpupower : Fix header name to read idle state name
* [amdgpu] screen corruption when using touchpad (LP: #1818617)
- drm/amdgpu/gmc: steal the appropriate amount of vram for fw hand-over (v3)
- drm/amdgpu: Free VGA stolen memory as soon as possible.
* [SRU][B/C/OEM]IOMMU: add kernel dma protection (LP: #1820153)
- ACPICA: AML parser: attempt to continue loading table after error
- ACPI / property: Allow multiple property compatible _DSD entries
- PCI / ACPI: Identify untrusted PCI devices
- iommu/vt-d: Force IOMMU on for platform opt in hint
- iommu/vt-d: Do not enable ATS for untrusted devices
- thunderbolt: Export IOMMU based DMA protection support to userspace
- iommu/vt-d: Disable ATS support on untrusted devices
* Add basic support to NVLink2 passthrough (LP: #1819989)
- powerpc/powernv/npu: Do not try invalidating 32bit table when 64bit table is
enabled
- powerpc/powernv: call OPAL_QUIESCE before OPAL_SIGNAL_SYSTEM_RESET
- powerpc/powernv: Export opal_check_token symbol
- powerpc/powernv: Make possible for user to force a full ipl cec reboot
- powerpc/powernv/idoa: Remove unnecessary pcidev from pci_dn
- powerpc/powernv: Move npu struct from pnv_phb to pci_controller
- powerpc/powernv/npu: Move OPAL calls away from context manipulation
- powerpc/pseries/iommu: Use memory@ nodes in max RAM address calculation
- powerpc/pseries/npu: Enable platform support
- powerpc/pseries: Remove IOMMU API support for non-LPAR systems
- powerpc/powernv/npu: Check mmio_atsd array bounds when populating
- powerpc/powernv/npu: Fault user page into the hypervisor's pagetable
* Huawei Hi1822 NIC has poor performance (LP: #1820187)
- net-next: hinic: fix a problem in free_tx_poll()
- hinic: remove ndo_poll_controller
- net-next/hinic: add checksum offload and TSO support
- hinic: Fix l4_type parameter in hinic_task_set_tunnel_l4
- net-next/hinic:replace multiply and division operators
- net-next/hinic:add rx checksum offload for HiNIC
- net-next/hinic:fix a bug in set mac address
- net-next/hinic: fix a bug in rx data flow
- net: hinic: fix null pointer dereference on pointer hwdev
- hinic: optmize rx refill buffer mechanism
- net-next/hinic:add shutdown callback
- net-next/hinic: replace disable_irq_nosync/enable_irq
* [CONFIG] please enable highdpi font FONT_TER16x32 (LP: #1819881)
- Fonts: New Terminus large console font
- [Config]: enable highdpi Terminus 16x32 font support
* [19.04 FEAT] qeth: Enhanced link speed - kernel part (LP: #1814892)
- s390/qeth: report 25Gbit link speed
* CVE-2017-5754
- x86/nmi: Fix NMI uaccess race against CR3 switching
- x86/mm: Fix documentation of module mapping range with 4-level paging
- x86/pti: Enable global pages for shared areas
- x86/pti: Never implicitly clear _PAGE_GLOBAL for kernel image
- x86/pti: Leave kernel text global for !PCID
- x86/pti: Fix boot problems from Global-bit setting
- x86/pti: Fix boot warning from Global-bit setting
- x86/pti: Reduce amount of kernel text allowed to be Global
- x86/pti: Disallow global kernel text with RANDSTRUCT
- x86/entry/32: Add explicit 'l' instruction suffix
- x86/asm-offsets: Move TSS_sp0 and TSS_sp1 to asm-offsets.c
- x86/entry/32: Rename TSS_sysenter_sp0 to TSS_entry2task_stack
- x86/entry/32: Load task stack from x86_tss.sp1 in SYSENTER handler
- x86/entry/32: Put ESPFIX code into a macro
- x86/entry/32: Unshare NMI return path
- x86/entry/32: Split off return-to-kernel path
- x86/entry/32: Enter the kernel via trampoline stack
- x86/entry/32: Leave the kernel via trampoline stack
- x86/entry/32: Introduce SAVE_ALL_NMI and RESTORE_ALL_NMI
- x86/entry/32: Handle Entry from Kernel-Mode on Entry-Stack
- x86/entry/32: Simplify debug entry point
- x86/entry/32: Add PTI cr3 switch to non-NMI entry/exit points
- x86/entry/32: Add PTI CR3 switches to NMI handler code
- x86/entry: Rename update_sp0 to update_task_stack
- x86/pgtable: Rename pti_set_user_pgd() to pti_set_user_pgtbl()
- x86/pgtable/pae: Unshare kernel PMDs when PTI is enabled
- x86/pgtable/32: Allocate 8k page-tables when PTI is enabled
- x86/pgtable: Move pgdp kernel/user conversion functions to pgtable.h
- x86/pgtable: Move pti_set_user_pgtbl() to pgtable.h
- x86/pgtable: Move two more functions from pgtable_64.h to pgtable.h
- x86/mm/pae: Populate valid user PGD entries
- x86/mm/pae: Populate the user page-table with user pgd's
- x86/mm/pti: Add an overflow check to pti_clone_pmds()
- x86/mm/pti: Define X86_CR3_PTI_PCID_USER_BIT on x86_32
- x86/mm/pti: Clone CPU_ENTRY_AREA on PMD level on x86_32
- x86/mm/pti: Make pti_clone_kernel_text() compile on 32 bit
- x86/mm/pti: Keep permissions when cloning kernel text in
pti_clone_kernel_text()
- x86/mm/pti: Introduce pti_finalize()
- x86/mm/pti: Clone entry-text again in pti_finalize()
- x86/mm/dump_pagetables: Define INIT_PGD
- x86/pgtable/pae: Use separate kernel PMDs for user page-table
- x86/ldt: Reserve address-space range on 32 bit for the LDT
- x86/ldt: Define LDT_END_ADDR
- x86/ldt: Split out sanity check in map_ldt_struct()
- x86/ldt: Enable LDT user-mapping for PAE
- x86/pti: Allow CONFIG_PAGE_TABLE_ISOLATION for x86_32
- [Config] Update PAGE_TABLE_ISOLATION annotations
- x86/mm/pti: Add Warning when booting on a PCID capable CPU
- x86/entry/32: Add debug code to check entry/exit CR3
- x86/pti: Check the return value of pti_user_pagetable_walk_p4d()
- x86/pti: Check the return value of pti_user_pagetable_walk_pmd()
- perf/core: Make sure the ring-buffer is mapped in all page-tables
- x86/entry/32: Check for VM86 mode in slow-path check
- x86/mm: Remove in_nmi() warning from vmalloc_fault()
- x86/kexec: Allocate 8k PGDs for PTI
- x86/mm/pti: Clear Global bit more aggressively
- mm: Allow non-direct-map arguments to free_reserved_area()
- x86/mm/init: Pass unconverted symbol addresses to free_init_pages()
- x86/mm/init: Add helper for freeing kernel image pages
- x86/mm/init: Remove freed kernel image areas from alias mapping
- x86/mm/pti: Fix 32 bit PCID check
- x86/mm/pti: Don't clear permissions in pti_clone_pmd()
- x86/mm/pti: Clone kernel-image on PTE level for 32 bit
- x86/relocs: Add __end_rodata_aligned to S_REL
- x86/mm/pti: Move user W+X check into pti_finalize()
- x86/efi: Load fixmap GDT in efi_call_phys_epilog()
- x86/efi: Load fixmap GDT in efi_call_phys_epilog() before setting %cr3
- x86/mm/doc: Clean up the x86-64 virtual memory layout descriptions
- x86/mm/doc: Enhance the x86-64 virtual memory layout descriptions
- x86/entry/32: Clear the CS high bits
- x86/mm: Move LDT remap out of KASLR region on 5-level paging
- x86/ldt: Unmap PTEs for the slot before freeing LDT pages
- x86/ldt: Remove unused variable in map_ldt_struct()
- x86/mm: Fix guard hole handling
- x86/dump_pagetables: Fix LDT remap address marker
* Avoid potential memory corruption on HiSilicon SoCs (LP: #1819546)
- iommu/arm-smmu-v3: Avoid memory corruption from Hisilicon MSI payloads
* Ubuntu18.04.01: [Power9] power8 Compat guest(RHEL7.6) crashes during guest
boot with > 256G of memory (kernel/kvm) (LP: #1818645)
- ]PATCH] KVM: PPC: Book3S HV: Don't truncate HPTE index in xlate function
* Fix for dual Intel NVMes (LP: #1821961)
- SAUCE: nvme: Merge two quirk entries into one for Intel 760p/Pro 7600p
* CVE-2017-5715
- tools headers: Synchronize prctl.h ABI header
- x86/spectre: Add missing family 6 check to microcode check
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak
- x86/speculation: Propagate information about RSB filling mitigation to sysfs
- x86/speculation: Add RETPOLINE_AMD support to the inline asm CALL_NOSPEC
variant
- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support
- x86/retpoline: Remove minimal retpoline support
- x86/speculation: Update the TIF_SSBD comment
- x86/speculation: Clean up spectre_v2_parse_cmdline()
- x86/speculation: Remove unnecessary ret variable in cpu_show_common()
- x86/speculation: Move STIPB/IBPB string conditionals out of
cpu_show_common()
- x86/speculation: Disable STIBP when enhanced IBRS is in use
- x86/speculation: Rename SSBD update functions
- x86/speculation: Reorganize speculation control MSRs update
- sched/smt: Make sched_smt_present track topology
- x86/Kconfig: Select SCHED_SMT if SMP enabled
- sched/smt: Expose sched_smt_present static key
- x86/speculation: Rework SMT state change
- x86/l1tf: Show actual SMT state
- x86/speculation: Reorder the spec_v2 code
- x86/speculation: Mark string arrays const correctly
- x86/speculataion: Mark command line parser data __initdata
- x86/speculation: Unify conditional spectre v2 print functions
- x86/speculation: Add command line control for indirect branch speculation
- x86/speculation: Prepare for per task indirect branch speculation control
- x86/process: Consolidate and simplify switch_to_xtra() code
- x86/speculation: Avoid __switch_to_xtra() calls
- x86/speculation: Prepare for conditional IBPB in switch_mm()
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS
- x86/speculation: Split out TIF update
- x86/speculation: Prevent stale SPEC_CTRL msr content
- x86/speculation: Prepare arch_smt_update() for PRCTL mode
- x86/speculation: Add prctl() control for indirect branch speculation
- x86/speculation: Enable prctl mode for spectre_v2_user
- x86/speculation: Add seccomp Spectre v2 user space protection mode
- x86/speculation: Provide IBPB always command line options
- kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb
- x86/speculation: Change misspelled STIPB to STIBP
- x86/speculation: Add support for STIBP always-on preferred mode
- x86, modpost: Replace last remnants of RETPOLINE with CONFIG_RETPOLINE
- s390: remove closung punctuation from spectre messages
- x86/speculation: Simplify the CPU bug detection logic
* CVE-2018-3639
- x86/bugs: Add AMD's variant of SSB_NO
- x86/bugs: Add AMD's SPEC_CTRL MSR usage
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features
- x86/bugs: Update when to check for the LS_CFG SSBD mitigation
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
- KVM: x86: SVM: Call x86_spec_ctrl_set_guest/host() with interrupts disabled
* [Ubuntu] vfio-ap: add subsystem to matrix device to avoid libudev failures
(LP: #1818854)
- s390: vfio_ap: link the vfio_ap devices to the vfio_ap bus subsystem
* Kernel regularly logs: Bluetooth: hci0: last event is not cmd complete
(0x0f) (LP: #1748565)
- Bluetooth: Fix unnecessary error message for HCI request completion
* HiSilicon HNS ethernet broken in 4.15.0-45 (LP: #1818294)
- net: hns: Fix WARNING when hns modules installed
* rtl8723be wifi does not work under linux-modules-extra-4.15.0-33-generic
(LP: #1788997)
- SAUCE: Revert "rtlwifi: cleanup 8723be ant_sel definition"
* Crash from :i915 module with 4.15.0-46-generic using multi-display
(LP: #1819486)
- SAUCE: Revert "drm/i915: Fix hotplug irq ack on i965/g4x"
* kernel linux-image-4.15.0-44 not booting on Hyperv Server 2008R2
(LP: #1814069)
- hv/netvsc: fix handling of fallback to single queue mode
- hv/netvsc: Fix NULL dereference at single queue mode fallback
* Lenovo ideapad 330-15ICH Wifi rfkill hard blocked (LP: #1811815)
- platform/x86: ideapad: Add ideapad 330-15ICH to no_hw_rfkill
* Qualcomm Atheros QCA9377 wireless does not work (LP: #1818204)
- platform/x86: ideapad-laptop: Add Ideapad 530S-14ARR to no_hw_rfkill list
* fscache: jobs might hang when fscache disk is full (LP: #1821395)
- fscache: fix race between enablement and dropping of object
* hns3: fix oops in hns3_clean_rx_ring() (LP: #1821064)
- net: hns3: add dma_rmb() for rx description
* Hard lockup in 2 CPUs due to deadlock in cpu_stoppers (LP: #1821259)
- stop_machine: Disable preemption after queueing stopper threads
- stop_machine: Atomically queue and wake stopper threads
* tcm_loop.ko: move from modules-extra into main modules package
(LP: #1817786)
- [Packaging] move tcm_loop.lo to main linux-modules package
* tcmu user space crash results in kernel module hang. (LP: #1819504)
- scsi: tcmu: delete unused __wait
- scsi: tcmu: track nl commands
- scsi: tcmu: simplify nl interface
- scsi: tcmu: add module wide block/reset_netlink support
* Intel XL710 - i40e driver does not work with kernel 4.15 (Ubuntu 18.04)
(LP: #1779756)
- i40e: Fix for Tx timeouts when interface is brought up if DCB is enabled
- i40e: prevent overlapping tx_timeout recover
* some codecs stop working after S3 (LP: #1820930)
- ALSA: hda - Enforces runtime_resume after S3 and S4 for each codec
* i40e xps management broken when > 64 queues/cpus (LP: #1820948)
- i40e: Do not allow use more TC queue pairs than MSI-X vectors exist
- i40e: Fix the number of queues available to be mapped for use
* 4.15 s390x kernel BUG at /build/linux-
Gycr4Z/linux-4.15.0/drivers/block/virtio_blk.c:565! (LP: #1788432)
- virtio/s390: avoid race on vcdev->config
- virtio/s390: fix race in ccw_io_helper()
* [SRU][B/B-OEM/C/D] Fix AMD IOMMU NULL dereference (LP: #1820990)
- iommu/amd: Fix NULL dereference bug in match_hid_uid
* New Intel Wireless-AC 9260 [8086:2526] card not correctly probed in Ubuntu
system (LP: #1821271)
- iwlwifi: add new card for 9260 series
* Add support for MAC address pass through on RTL8153-BD (LP: #1821276)
- r8152: Add support for MAC address pass through on RTL8153-BD
- r8152: Fix an error on RTL8153-BD MAC Address Passthrough support
Date: 2019-05-08 13:55:24.120093+00:00
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Signed-By: Andy Whitcroft <apw at canonical.com>
https://launchpad.net/ubuntu/+source/linux-kvm/4.15.0-1034.34
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list