[ubuntu/bionic-updates] linux-gke-4.15_4.15.0-1048.51_amd64.tar.gz - (Accepted)
Stefan Bader
stefan.bader at canonical.com
Tue Nov 12 22:32:55 UTC 2019
linux-gke-4.15 (4.15.0-1048.51) bionic; urgency=medium
* CVE-2019-11135
- [Config] gke-4.15: Disable TSX by default when possible
[ Ubuntu: 4.15.0-69.78 ]
* KVM NULL pointer deref (LP: #1851205)
- KVM: nVMX: handle page fault in vmread fix
* CVE-2018-12207
- KVM: MMU: drop vcpu param in gpte_access
- kvm: Convert kvm_lock to a mutex
- kvm: x86: Do not release the page inside mmu_set_spte()
- KVM: x86: make FNAME(fetch) and __direct_map more similar
- KVM: x86: remove now unneeded hugepage gfn adjustment
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
- SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
active
- SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
- SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
- SAUCE: kvm: Add helper function for creating VM worker threads
- SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
- SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
- SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
* CVE-2019-11135
- KVM: x86: use Intel speculation bugs and features as derived in generic x86
code
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation/taa: Add mitigation for TSX Async Abort
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation/taa: Add documentation for TSX Async Abort
- x86/tsx: Add config options to set tsx=on|off|auto
- SAUCE: x86/speculation/taa: Call tsx_init()
- SAUCE: x86/cpu: Include cpu header from bugs.c
- [Config] Disable TSX by default when possible
* CVE-2019-0154
- SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
- SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
* CVE-2019-0155
- drm/i915/gtt: Add read only pages to gen8_pte_encode
- drm/i915/gtt: Read-only pages for insert_entries on bdw+
- drm/i915/gtt: Disable read-only support under GVT
- drm/i915: Prevent writing into a read-only object via a GGTT mmap
- drm/i915/cmdparser: Check reg_table_count before derefencing.
- drm/i915/cmdparser: Do not check past the cmd length.
- drm/i915: Silence smatch for cmdparser
- drm/i915: Move engine->needs_cmd_parser to engine->flags
- SAUCE: drm/i915: Rename gen7 cmdparser tables
- SAUCE: drm/i915: Disable Secure Batches for gen6+
- SAUCE: drm/i915: Remove Master tables from cmdparser
- SAUCE: drm/i915: Add support for mandatory cmdparsing
- SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
- SAUCE: drm/i915: Allow parsing of unsized batches
- SAUCE: drm/i915: Add gen9 BCS cmdparsing
- SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
- SAUCE: drm/i915/cmdparser: Add support for backward jumps
- SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching
[ Ubuntu: 4.15.0-68.77 ]
* bionic/linux: 4.15.0-68.77 -proposed tracker (LP: #1849855)
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."
Date: Thu, 07 Nov 2019 18:02:20 +0100
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Maintainer: Launchpad Build Daemon <buildd at lgw01-amd64-046.buildd>
-------------- next part --------------
Format: 1.8
Date: Thu, 07 Nov 2019 18:02:20 +0100
Source: linux-gke-4.15
Binary: linux-gke-4.15-headers-4.15.0-1048 linux-gke-4.15-tools-4.15.0-1048 linux-image-unsigned-4.15.0-1048-gke linux-modules-4.15.0-1048-gke linux-modules-extra-4.15.0-1048-gke linux-headers-4.15.0-1048-gke linux-image-unsigned-4.15.0-1048-gke-dbgsym linux-tools-4.15.0-1048-gke linux-buildinfo-4.15.0-1048-gke
Architecture: amd64 amd64_translations
Version: 4.15.0-1048.51
Distribution: bionic
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd at lgw01-amd64-046.buildd>
Changed-By: Stefan Bader <stefan.bader at canonical.com>
Description:
linux-buildinfo-4.15.0-1048-gke - Linux kernel buildinfo for version 4.15.0 on 64 bit x86 SMP
linux-gke-4.15-headers-4.15.0-1048 - Header files related to Linux kernel version 4.15.0
linux-gke-4.15-tools-4.15.0-1048 - Linux kernel version specific tools for version 4.15.0-1048
linux-headers-4.15.0-1048-gke - Linux kernel headers for version 4.15.0 on 64 bit x86 SMP
linux-image-unsigned-4.15.0-1048-gke - Linux kernel image for version 4.15.0 on 64 bit x86 SMP
linux-image-unsigned-4.15.0-1048-gke-dbgsym - Linux kernel debug image for version 4.15.0 on 64 bit x86 SMP
linux-modules-4.15.0-1048-gke - Linux kernel extra modules for version 4.15.0 on 64 bit x86 SMP
linux-modules-extra-4.15.0-1048-gke - Linux kernel extra modules for version 4.15.0 on 64 bit x86 SMP
linux-tools-4.15.0-1048-gke - Linux kernel version specific tools for version 4.15.0-1048
Launchpad-Bugs-Fixed: 1849682 1849855 1851205
Changes:
linux-gke-4.15 (4.15.0-1048.51) bionic; urgency=medium
.
* CVE-2019-11135
- [Config] gke-4.15: Disable TSX by default when possible
.
[ Ubuntu: 4.15.0-69.78 ]
.
* KVM NULL pointer deref (LP: #1851205)
- KVM: nVMX: handle page fault in vmread fix
* CVE-2018-12207
- KVM: MMU: drop vcpu param in gpte_access
- kvm: Convert kvm_lock to a mutex
- kvm: x86: Do not release the page inside mmu_set_spte()
- KVM: x86: make FNAME(fetch) and __direct_map more similar
- KVM: x86: remove now unneeded hugepage gfn adjustment
- KVM: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON
- KVM: x86: add tracepoints around __direct_map and FNAME(fetch)
- kvm: x86, powerpc: do not allow clearing largepages debugfs entry
- SAUCE: KVM: vmx, svm: always run with EFER.NXE=1 when shadow paging is
active
- SAUCE: x86: Add ITLB_MULTIHIT bug infrastructure
- SAUCE: kvm: mmu: ITLB_MULTIHIT mitigation
- SAUCE: kvm: Add helper function for creating VM worker threads
- SAUCE: kvm: x86: mmu: Recovery of shattered NX large pages
- SAUCE: cpu/speculation: Uninline and export CPU mitigations helpers
- SAUCE: kvm: x86: mmu: Apply global mitigations knob to ITLB_MULTIHIT
* CVE-2019-11135
- KVM: x86: use Intel speculation bugs and features as derived in generic x86
code
- x86/msr: Add the IA32_TSX_CTRL MSR
- x86/cpu: Add a helper function x86_read_arch_cap_msr()
- x86/cpu: Add a "tsx=" cmdline option with TSX disabled by default
- x86/speculation/taa: Add mitigation for TSX Async Abort
- x86/speculation/taa: Add sysfs reporting for TSX Async Abort
- kvm/x86: Export MDS_NO=0 to guests when TSX is enabled
- x86/tsx: Add "auto" option to the tsx= cmdline parameter
- x86/speculation/taa: Add documentation for TSX Async Abort
- x86/tsx: Add config options to set tsx=on|off|auto
- SAUCE: x86/speculation/taa: Call tsx_init()
- SAUCE: x86/cpu: Include cpu header from bugs.c
- [Config] Disable TSX by default when possible
* CVE-2019-0154
- SAUCE: drm/i915: Lower RM timeout to avoid DSI hard hangs
- SAUCE: drm/i915/gen8+: Add RC6 CTX corruption WA
* CVE-2019-0155
- drm/i915/gtt: Add read only pages to gen8_pte_encode
- drm/i915/gtt: Read-only pages for insert_entries on bdw+
- drm/i915/gtt: Disable read-only support under GVT
- drm/i915: Prevent writing into a read-only object via a GGTT mmap
- drm/i915/cmdparser: Check reg_table_count before derefencing.
- drm/i915/cmdparser: Do not check past the cmd length.
- drm/i915: Silence smatch for cmdparser
- drm/i915: Move engine->needs_cmd_parser to engine->flags
- SAUCE: drm/i915: Rename gen7 cmdparser tables
- SAUCE: drm/i915: Disable Secure Batches for gen6+
- SAUCE: drm/i915: Remove Master tables from cmdparser
- SAUCE: drm/i915: Add support for mandatory cmdparsing
- SAUCE: drm/i915: Support ro ppgtt mapped cmdparser shadow buffers
- SAUCE: drm/i915: Allow parsing of unsized batches
- SAUCE: drm/i915: Add gen9 BCS cmdparsing
- SAUCE: drm/i915/cmdparser: Use explicit goto for error paths
- SAUCE: drm/i915/cmdparser: Add support for backward jumps
- SAUCE: drm/i915/cmdparser: Ignore Length operands during command matching
.
[ Ubuntu: 4.15.0-68.77 ]
.
* bionic/linux: 4.15.0-68.77 -proposed tracker (LP: #1849855)
* [REGRESSION] md/raid0: cannot assemble multi-zone RAID0 with default_layout
setting (LP: #1849682)
- Revert "md/raid0: avoid RAID0 data corruption due to layout confusion."
Checksums-Sha1:
62f9ddd1ce20a19dc65efb5a97021c531454a6e5 392840 linux-buildinfo-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
cdf535007f0b0d9d512efd2ee7f86ad414c08236 11079776 linux-gke-4.15-headers-4.15.0-1048_4.15.0-1048.51_amd64.deb
097eddead5859341674601d081f2221cf809f6f3 4509160 linux-gke-4.15-tools-4.15.0-1048_4.15.0-1048.51_amd64.deb
ceffcf5e40f181681f34732ebbf9d2bb3072232d 15730 linux-gke-4.15_4.15.0-1048.51_amd64.buildinfo
cd1469dd2b16a1d8e8c0ba78527e8fce17dbc782 7965910 linux-gke-4.15_4.15.0-1048.51_amd64.tar.gz
4eddef9b030bfbd7c5ade59d624aae3c0dae44eb 24557 linux-gke-4.15_4.15.0-1048.51_amd64_translations.tar.gz
e552426fee215a73bff39d86efad293e5e406ded 1251404 linux-headers-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
4829fc91728d3a3325bf46e25aa2acd440faa609 782685572 linux-image-unsigned-4.15.0-1048-gke-dbgsym_4.15.0-1048.51_amd64.ddeb
d37658f5bfab2e6cd110f2aa2ae12cd9576e1fea 8137536 linux-image-unsigned-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
b40f6076949509323c8dd87eb018d608177fe8b1 13014092 linux-modules-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
daaa8ba9383ddfef54526e58c040144e537b0ac1 32749384 linux-modules-extra-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
e804723408d2e4397b14be4970c0b9d11835240f 1956 linux-tools-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
Checksums-Sha256:
9c7ae557c336e344f823647449866ef925593eec9d8769bfa422d449e572116b 392840 linux-buildinfo-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
e117a829c02f91b12c0ebef0f3ffcbe12831fc75546d97573d49d730352e7752 11079776 linux-gke-4.15-headers-4.15.0-1048_4.15.0-1048.51_amd64.deb
4d94276a882f95f7d312574932a772b45d5f21e2fe11b6c9b698da92803f3d68 4509160 linux-gke-4.15-tools-4.15.0-1048_4.15.0-1048.51_amd64.deb
0355608f9cd6daecb55c3ab2063dafe42073a69e49873c8c967c86c6c881ab7d 15730 linux-gke-4.15_4.15.0-1048.51_amd64.buildinfo
23782a1cfdcc2c1dfbd8bd5538f8c42ba234ae2f1eaf9322c111d4f50b698eb4 7965910 linux-gke-4.15_4.15.0-1048.51_amd64.tar.gz
9c460f1fe40b01711d47b65a37ca1f9033475abd02f9e350a1693182cf3ba477 24557 linux-gke-4.15_4.15.0-1048.51_amd64_translations.tar.gz
039f55b5f9f62701e45a8f1e7c361319b86cc0c49bccc5c32842c204df636d1a 1251404 linux-headers-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
71b42b372042a9e87cd8d42255f570b099ca31cf0af7012e8b4b96cf2d9626a7 782685572 linux-image-unsigned-4.15.0-1048-gke-dbgsym_4.15.0-1048.51_amd64.ddeb
92816473ce523226ce3e4c37d8671e3b8feec1f1feaff1718ede65a1d09a9d35 8137536 linux-image-unsigned-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
359c51572e31571daa445815bf59d57b4f4a2fce11b93b8f8efdb80866f42659 13014092 linux-modules-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
43aae12c123d0966e0ad5244ce18c36c5374eff2aef550bd7c04350b8573fa34 32749384 linux-modules-extra-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
c679377f3817ff028289cf7e1f5616bd13f789ba242eea6c9ec464b24fd5e604 1956 linux-tools-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
Files:
f6213957f7623695e0b69f56f2fa6f82 392840 kernel optional linux-buildinfo-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
cc7942e3446e1b6e0767312073388f15 11079776 devel optional linux-gke-4.15-headers-4.15.0-1048_4.15.0-1048.51_amd64.deb
5b8eb852be218c951705b831cd0a701e 4509160 devel optional linux-gke-4.15-tools-4.15.0-1048_4.15.0-1048.51_amd64.deb
1ec7edc0db9d535e8e5bcd371397c6c1 15730 devel optional linux-gke-4.15_4.15.0-1048.51_amd64.buildinfo
088a296e045153c0fe5fb261d2c9a86d 7965910 raw-signing - linux-gke-4.15_4.15.0-1048.51_amd64.tar.gz
840d416334f2fb46d8e69a6ac201849e 24557 raw-translations - linux-gke-4.15_4.15.0-1048.51_amd64_translations.tar.gz
bd25b570651f8d8bf51373b8f05e0426 1251404 devel optional linux-headers-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
5b7a8e5f22d823b57144f34c04c08cf0 782685572 devel optional linux-image-unsigned-4.15.0-1048-gke-dbgsym_4.15.0-1048.51_amd64.ddeb
e7c93ebcd4723cdf582be6f51300f180 8137536 kernel optional linux-image-unsigned-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
b82f90459e4102a02646e32f227068df 13014092 kernel optional linux-modules-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
3b4563ab1a916b8a80574a3e144be141 32749384 kernel optional linux-modules-extra-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
e9b866188fbf20b7019cb05750a996fb 1956 devel optional linux-tools-4.15.0-1048-gke_4.15.0-1048.51_amd64.deb
More information about the Bionic-changes
mailing list