[ubuntu/trusty-security] linux 3.13.0-139.188 (Accepted)
Steve Langasek
steve.langasek at canonical.com
Tue Jan 9 23:22:13 UTC 2018
linux (3.13.0-139.188) trusty; urgency=low
* linux: 3.13.0-139.188 -proposed tracker (LP: #1741609)
* CVE-2017-5754
- perf/x86: Correctly use FEATURE_PDCM
- arch: Introduce smp_load_acquire(), smp_store_release()
- mm, x86: Account for TLB flushes only when debugging
- x86/mm: Clean up inconsistencies when flushing TLB ranges
- x86/mm: Eliminate redundant page table walk during TLB range flushing
- mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on
IvyBridge
- x86/mm: Clean up the TLB flushing code
- x86/mm: Rip out complicated, out-of-date, buggy TLB flushing
- x86/mm: Fix missed global TLB flush stat
- x86/mm: New tunable for single vs full TLB flush
- x86/mm: Set TLB flush tunable to sane value (33)
- x86/mm: Fix sparse 'tlb_single_page_flush_ceiling' warning and make the
variable read-mostly
- rcu: Provide counterpart to rcu_dereference() for non-RCU situations
- rcu: Move lockless_dereference() out of rcupdate.h
- x86/ldt: Make modify_ldt synchronous
- x86/ldt: Correct LDT access in single stepping logic
- x86/ldt: Correct FPU emulation access to LDT
- x86/ldt: Further fix FPU emulation
- x86/mm: Disable preemption during CR3 read+write
- x86: Clean up cr4 manipulation
- x86/mm: Add INVPCID helpers
- x86/mm: Fix INVPCID asm constraint
- x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
- x86/mm: If INVPCID is available, use it to flush global mappings
- mm/mmu_context, sched/core: Fix mmu_context.h assumption
- sched/core: Add switch_mm_irqs_off() and use it in the scheduler
- x86/mm: Build arch/x86/mm/tlb.c even on !SMP
- x86/mm, sched/core: Uninline switch_mm()
- x86/mm, sched/core: Turn off IRQs in switch_mm()
- sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
- x86/irq: Do not substract irq_tlb_count from irq_call_count
- x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
- x86/mm: Remove flush_tlb() and flush_tlb_current_task()
- x86/mm: Make flush_tlb_mm_range() more predictable
- x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
- x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
code
- x86/mm: Disable PCID on 32-bit kernels
- x86/mm: Add the 'nopcid' boot option to turn off PCID
- x86/mm: Enable CR4.PCIDE on supported systems
- x86/mm/64: Fix reboot interaction with CR4.PCIDE
- KAISER: Kernel Address Isolation
- x86/mm/kaiser: re-enable vsyscalls
- kaiser: user_map __kprobes_text too
- kaiser: alloc_ldt_struct() use get_zeroed_page()
- x86/alternatives: Cleanup DPRINTK macro
- x86/alternatives: Add instruction padding
- x86/alternatives: Make JMPs more robust
- x86/alternatives: Use optimized NOPs for padding
- kaiser: add "nokaiser" boot option, using ALTERNATIVE
- x86, boot: Carve out early cmdline parsing function
- x86/boot: Fix early command-line parsing when matching at end
- x86/boot: Fix early command-line parsing when partial word matches
- x86/boot: Simplify early command line parsing
- x86/boot: Pass in size to early cmdline parsing
- x86/boot: Add early cmdline parsing for options with arguments
- x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
- x86/kaiser: Check boottime cmdline params
- kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
- kaiser: asm/tlbflush.h handle noPGE at lower level
- kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
- x86/paravirt: Dont patch flush_tlb_single
- x86/kaiser: Reenable PARAVIRT
- kaiser: disabled on Xen PV
- x86/kaiser: Move feature detection up
- KPTI: Rename to PAGE_TABLE_ISOLATION
- KPTI: Report when enabled
- kvmclock: export kvmclock clocksource and data pointers
- x86/mm/kaiser: remove paravirt clock warning
- kaiser: x86: Fix NMI handling
- [Config] updateconfigs - enable PAGE_TABLE_ISOLATION
Date: 2018-01-09 14:35:14.277953+00:00
Changed-By: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/linux/3.13.0-139.188
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list