[ubuntu/trusty-security] linux 3.13.0-139.188 (Accepted)

Steve Langasek steve.langasek at canonical.com
Tue Jan 9 23:22:13 UTC 2018 

linux (3.13.0-139.188) trusty; urgency=low

  * linux: 3.13.0-139.188 -proposed tracker (LP: #1741609)

  * CVE-2017-5754
    - perf/x86: Correctly use FEATURE_PDCM
    - arch: Introduce smp_load_acquire(), smp_store_release()
    - mm, x86: Account for TLB flushes only when debugging
    - x86/mm: Clean up inconsistencies when flushing TLB ranges
    - x86/mm: Eliminate redundant page table walk during TLB range flushing
    - mm, x86: Revisit tlb_flushall_shift tuning for page flushes except on
      IvyBridge
    - x86/mm: Clean up the TLB flushing code
    - x86/mm: Rip out complicated, out-of-date, buggy TLB flushing
    - x86/mm: Fix missed global TLB flush stat
    - x86/mm: New tunable for single vs full TLB flush
    - x86/mm: Set TLB flush tunable to sane value (33)
    - x86/mm: Fix sparse 'tlb_single_page_flush_ceiling' warning and make the
      variable read-mostly
    - rcu: Provide counterpart to rcu_dereference() for non-RCU situations
    - rcu: Move lockless_dereference() out of rcupdate.h
    - x86/ldt: Make modify_ldt synchronous
    - x86/ldt: Correct LDT access in single stepping logic
    - x86/ldt: Correct FPU emulation access to LDT
    - x86/ldt: Further fix FPU emulation
    - x86/mm: Disable preemption during CR3 read+write
    - x86: Clean up cr4 manipulation
    - x86/mm: Add INVPCID helpers
    - x86/mm: Fix INVPCID asm constraint
    - x86/mm: Add a 'noinvpcid' boot option to turn off INVPCID
    - x86/mm: If INVPCID is available, use it to flush global mappings
    - mm/mmu_context, sched/core: Fix mmu_context.h assumption
    - sched/core: Add switch_mm_irqs_off() and use it in the scheduler
    - x86/mm: Build arch/x86/mm/tlb.c even on !SMP
    - x86/mm, sched/core: Uninline switch_mm()
    - x86/mm, sched/core: Turn off IRQs in switch_mm()
    - sched/core: Idle_task_exit() shouldn't use switch_mm_irqs_off()
    - x86/irq: Do not substract irq_tlb_count from irq_call_count
    - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly()
    - x86/mm: Remove flush_tlb() and flush_tlb_current_task()
    - x86/mm: Make flush_tlb_mm_range() more predictable
    - x86/mm: Reimplement flush_tlb_page() using flush_tlb_mm_range()
    - x86/mm: Remove the UP asm/tlbflush.h code, always use the (formerly) SMP
      code
    - x86/mm: Disable PCID on 32-bit kernels
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm/64: Fix reboot interaction with CR4.PCIDE
    - KAISER: Kernel Address Isolation
    - x86/mm/kaiser: re-enable vsyscalls
    - kaiser: user_map __kprobes_text too
    - kaiser: alloc_ldt_struct() use get_zeroed_page()
    - x86/alternatives: Cleanup DPRINTK macro
    - x86/alternatives: Add instruction padding
    - x86/alternatives: Make JMPs more robust
    - x86/alternatives: Use optimized NOPs for padding
    - kaiser: add "nokaiser" boot option, using ALTERNATIVE
    - x86, boot: Carve out early cmdline parsing function
    - x86/boot: Fix early command-line parsing when matching at end
    - x86/boot: Fix early command-line parsing when partial word matches
    - x86/boot: Simplify early command line parsing
    - x86/boot: Pass in size to early cmdline parsing
    - x86/boot: Add early cmdline parsing for options with arguments
    - x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling
    - x86/kaiser: Check boottime cmdline params
    - kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush
    - kaiser: asm/tlbflush.h handle noPGE at lower level
    - kaiser: kaiser_flush_tlb_on_return_to_user() check PCID
    - x86/paravirt: Dont patch flush_tlb_single
    - x86/kaiser: Reenable PARAVIRT
    - kaiser: disabled on Xen PV
    - x86/kaiser: Move feature detection up
    - KPTI: Rename to PAGE_TABLE_ISOLATION
    - KPTI: Report when enabled
    - kvmclock: export kvmclock clocksource and data pointers
    - x86/mm/kaiser: remove paravirt clock warning
    - kaiser: x86: Fix NMI handling
    - [Config] updateconfigs - enable PAGE_TABLE_ISOLATION

Date: 2018-01-09 14:35:14.277953+00:00
Changed-By: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
Signed-By: Steve Langasek <steve.langasek at canonical.com>
https://launchpad.net/ubuntu/+source/linux/3.13.0-139.188
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list