* linux: 4.13.0-37.42 -proposed tracker (LP: #1751798)
* CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754
- arm64: Add ASM_BUG()
- arm64: consistently use bl for C exception entry
- arm64: move non-entry code out of .entry.text
- arm64: unwind: avoid percpu indirection for irq stack
- arm64: unwind: disregard frame.sp when validating frame pointer
- arm64: mm: Fix set_memory_valid() declaration
- arm64: Convert __inval_cache_range() to area-based
- arm64: Expose DC CVAP to userspace
- arm64: Handle trapped DC CVAP
- arm64: Implement pmem API support
- arm64: uaccess: Implement *_flushcache variants
- arm64/vdso: Support mremap() for vDSO
- arm64: unwind: reference pt_regs via embedded stack frame
- arm64: unwind: remove sp from struct stackframe
- arm64: uaccess: Add the uaccess_flushcache.c file
- arm64: fix pmem interface definition
- arm64: compat: Remove leftover variable declaration
- fork: allow arch-override of VMAP stack alignment
- arm64: kernel: remove {THREAD,IRQ_STACK}_START_SP
- arm64: factor out PAGE_* and CONT_* definitions
- arm64: clean up THREAD_* definitions
- arm64: clean up irq stack definitions
- arm64: move SEGMENT_ALIGN to <asm/memory.h>
- efi/arm64: add EFI_KIMG_ALIGN
- arm64: factor out entry stack manipulation
- arm64: assembler: allow adr_this_cpu to use the stack pointer
- arm64: use an irq stack pointer
- arm64: add basic VMAP_STACK support
- arm64: add on_accessible_stack()
- arm64: add VMAP_STACK overflow detection
- arm64: Convert pte handling from inline asm to using (cmp)xchg
- kvm: arm64: Convert kvm_set_s2pte_readonly() from inline asm to cmpxchg()
- arm64: Move PTE_RDONLY bit handling out of set_pte_at()
- arm64: Ignore hardware dirty bit updates in ptep_set_wrprotect()
- arm64: Remove the !CONFIG_ARM64_HW_AFDBM alternative code paths
- arm64: introduce separated bits for mm_context_t flags
- arm64: cleanup {COMPAT_,}SET_PERSONALITY() macro
- KVM: arm/arm64: Fix guest external abort matching
- KVM: arm/arm64: vgic: constify seq_operations and file_operations
- KVM: arm/arm64: vITS: Drop its_ite->lpi field
- KVM: arm/arm64: Extract GICv3 max APRn index calculation
- KVM: arm/arm64: Support uaccess of GICC_APRn
- arm64: Use larger stacks when KASAN is selected
- arm64: Define cputype macros for Falkor CPU
- arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
- arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
- x86/syscalls: Check address limit on user-mode return
- arm/syscalls: Check address limit on user-mode return
- arm64/syscalls: Check address limit on user-mode return
- Revert "arm/syscalls: Check address limit on user-mode return"
- syscalls: Use CHECK_DATA_CORRUPTION for addr_limit_user_check
- arm/syscalls: Optimize address limit check
- arm64/syscalls: Move address limit check in loop
- futex: Remove duplicated code and fix undefined behaviour
- arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
- arm64: syscallno is secretly an int, make it official
- arm64: move TASK_* definitions to <asm/processor.h>
- arm64: mm: Use non-global mappings for kernel space
- arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
- arm64: mm: Move ASID from TTBR0 to TTBR1
- arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003
- arm64: mm: Rename post_ttbr0_update_workaround
- arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
- arm64: mm: Allocate ASIDs in pairs
- arm64: mm: Add arm64_kernel_unmapped_at_el0 helper
- arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
- arm64: entry: Add exception trampoline page for exceptions from EL0
- arm64: mm: Map entry trampoline into trampoline and kernel page tables
- arm64: entry: Explicitly pass exception level to kernel_ventry macro
- arm64: entry: Hook up entry trampoline to exception vectors
- arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
- arm64: cpu_errata: Add Kryo to Falkor 1003 errata
- arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
- arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
- arm64: kaslr: Put kernel vectors address in separate data page
- arm64: use RET instruction for exiting the trampoline
- arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0
- arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
- arm64: Take into account ID_AA64PFR0_EL1.CSV3
- arm64: capabilities: Handle duplicate entries for a capability
- arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
- arm64: kpti: Fix the interaction between ASID switching and software PAN
- arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
- arm64: Turn on KPTI only on CPUs that need it
- arm64: kpti: Make use of nG dependent on arm64_kernel_unmapped_at_el0()
- arm64: mm: Permit transitioning from Global to Non-Global without BBM
- arm64: kpti: Add ->enable callback to remap swapper using nG mappings
- arm64: Force KPTI to be disabled on Cavium ThunderX
- arm64: entry: Reword comment about post_ttbr_update_workaround
- arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
- arm64: barrier: Add CSDB macros to control data-value prediction
- arm64: Implement array_index_mask_nospec()
- arm64: Make USER_DS an inclusive limit
- arm64: Use pointer masking to limit uaccess speculation
- arm64: entry: Ensure branch through syscall table is bounded under
speculation
- arm64: uaccess: Prevent speculative use of the current addr_limit
- arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
- arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
- arm64: futex: Mask __user pointers prior to dereference
- arm64: cpufeature: __this_cpu_has_cap() shouldn't stop early
- arm64: Run enable method for errata work arounds on late CPUs
- arm64: cpufeature: Pass capability structure to ->enable callback
- drivers/firmware: Expose psci_get_version through psci_ops structure
- arm64: Move post_ttbr_update_workaround to C code
- arm64: Add skeleton to harden the branch predictor against aliasing attacks
- arm64: Move BP hardening to check_and_switch_context
- arm64: KVM: Use per-CPU vector when BP hardening is enabled
- arm64: entry: Apply BP hardening for high-priority synchronous exceptions
- arm64: entry: Apply BP hardening for suspicious interrupts from EL0
- arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
- arm64: Implement branch predictor hardening for affected Cortex-A CPUs
- arm64: Implement branch predictor hardening for Falkor
- arm64: Branch predictor hardening for Cavium ThunderX2
- arm64: KVM: Increment PC after handling an SMC trap
- arm/arm64: KVM: Consolidate the PSCI include files
- arm/arm64: KVM: Add PSCI_VERSION helper
- arm/arm64: KVM: Add smccc accessors to PSCI code
- arm/arm64: KVM: Implement PSCI 1.0 support
- arm/arm64: KVM: Advertise SMCCC v1.1
- arm64: KVM: Make PSCI_VERSION a fast path
- arm/arm64: KVM: Turn kvm_psci_version into a static inline
- arm64: KVM: Report SMCCC_ARCH_WORKAROUND_1 BP hardening support
- arm64: KVM: Add SMCCC_ARCH_WORKAROUND_1 fast handling
- firmware/psci: Expose PSCI conduit
- firmware/psci: Expose SMCCC version through psci_ops
- arm/arm64: smccc: Make function identifiers an unsigned quantity
- arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
- arm64: Add ARM_SMCCC_ARCH_WORKAROUND_1 BP hardening support
- arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
- [Config] UNMAP_KERNEL_AT_EL0=y && HARDEN_BRANCH_PREDICTOR=y
- SAUCE: arm64: __idmap_cpu_set_reserved_ttbr1: fix !ARM64_PA_BITS_52 logic
- arm64: Add missing Falkor part number for branch predictor hardening
- arm64: mm: fix thinko in non-global page table attribute check
* linux-image-4.13.0-26-generic / linux-image-extra-4.13.0-26-generic fail to
boot (LP: #1742721)
- staging: sm750fb: Fix parameter mistake in poke32
-- Thadeu Lima de Souza Cascardo <email address hidden> Fri, 09 Mar 2018 12:40:45 -0300
This bug was fixed in the package linux-raspi2 - 4.13.0-1015.16
---------------
linux-raspi2 (4.13.0-1015.16) artful; urgency=medium
* linux-raspi2: 4.13.0-1015.16 -proposed tracker (LP: #1751807)
* CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 AT_EL0= y && HARDEN_ BRANCH_ PREDICTOR= y
- [Config] UNMAP_KERNEL_
[ Ubuntu: 4.13.0-37.42 ]
* linux: 4.13.0-37.42 -proposed tracker (LP: #1751798) cache_range( ) to area-based flushcache. c file IRQ_STACK} _START_ SP stack() s2pte_readonly( ) from inline asm to cmpxchg() wrprotect( ) ARM64_HW_ AFDBM alternative code paths ,}SET_PERSONALI TY() macro CORRUPTION for addr_limit_ user_check update_ workaround for Falkor erratum #E1003 update_ workaround unmapped_ at_el0 helper UNMAP_KERNEL_ AT_EL0 EL1.CSV3 unmapped_ at_el0( ) update_ workaround mask_nospec( ) cpu_has_ cap() shouldn't stop early update_ workaround to C code switch_ context WORKAROUND_ 1 BP hardening support WORKAROUND_ 1 fast handling ARCH_WORKAROUND _1 BP hardening support AT_EL0= y && HARDEN_ BRANCH_ PREDICTOR= y cpu_set_ reserved_ ttbr1: fix !ARM64_PA_BITS_52 logic 4.13.0- 26-generic / linux-image- extra-4. 13.0-26- generic fail to
* CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754
- arm64: Add ASM_BUG()
- arm64: consistently use bl for C exception entry
- arm64: move non-entry code out of .entry.text
- arm64: unwind: avoid percpu indirection for irq stack
- arm64: unwind: disregard frame.sp when validating frame pointer
- arm64: mm: Fix set_memory_valid() declaration
- arm64: Convert __inval_
- arm64: Expose DC CVAP to userspace
- arm64: Handle trapped DC CVAP
- arm64: Implement pmem API support
- arm64: uaccess: Implement *_flushcache variants
- arm64/vdso: Support mremap() for vDSO
- arm64: unwind: reference pt_regs via embedded stack frame
- arm64: unwind: remove sp from struct stackframe
- arm64: uaccess: Add the uaccess_
- arm64: fix pmem interface definition
- arm64: compat: Remove leftover variable declaration
- fork: allow arch-override of VMAP stack alignment
- arm64: kernel: remove {THREAD,
- arm64: factor out PAGE_* and CONT_* definitions
- arm64: clean up THREAD_* definitions
- arm64: clean up irq stack definitions
- arm64: move SEGMENT_ALIGN to <asm/memory.h>
- efi/arm64: add EFI_KIMG_ALIGN
- arm64: factor out entry stack manipulation
- arm64: assembler: allow adr_this_cpu to use the stack pointer
- arm64: use an irq stack pointer
- arm64: add basic VMAP_STACK support
- arm64: add on_accessible_
- arm64: add VMAP_STACK overflow detection
- arm64: Convert pte handling from inline asm to using (cmp)xchg
- kvm: arm64: Convert kvm_set_
- arm64: Move PTE_RDONLY bit handling out of set_pte_at()
- arm64: Ignore hardware dirty bit updates in ptep_set_
- arm64: Remove the !CONFIG_
- arm64: introduce separated bits for mm_context_t flags
- arm64: cleanup {COMPAT_
- KVM: arm/arm64: Fix guest external abort matching
- KVM: arm/arm64: vgic: constify seq_operations and file_operations
- KVM: arm/arm64: vITS: Drop its_ite->lpi field
- KVM: arm/arm64: Extract GICv3 max APRn index calculation
- KVM: arm/arm64: Support uaccess of GICC_APRn
- arm64: Use larger stacks when KASAN is selected
- arm64: Define cputype macros for Falkor CPU
- arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm
- arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb
- x86/syscalls: Check address limit on user-mode return
- arm/syscalls: Check address limit on user-mode return
- arm64/syscalls: Check address limit on user-mode return
- Revert "arm/syscalls: Check address limit on user-mode return"
- syscalls: Use CHECK_DATA_
- arm/syscalls: Optimize address limit check
- arm64/syscalls: Move address limit check in loop
- futex: Remove duplicated code and fix undefined behaviour
- arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls
- arm64: syscallno is secretly an int, make it official
- arm64: move TASK_* definitions to <asm/processor.h>
- arm64: mm: Use non-global mappings for kernel space
- arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN
- arm64: mm: Move ASID from TTBR0 to TTBR1
- arm64: mm: Remove pre_ttbr0_
- arm64: mm: Rename post_ttbr0_
- arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN
- arm64: mm: Allocate ASIDs in pairs
- arm64: mm: Add arm64_kernel_
- arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI
- arm64: entry: Add exception trampoline page for exceptions from EL0
- arm64: mm: Map entry trampoline into trampoline and kernel page tables
- arm64: entry: Explicitly pass exception level to kernel_ventry macro
- arm64: entry: Hook up entry trampoline to exception vectors
- arm64: erratum: Work around Falkor erratum #E1003 in trampoline code
- arm64: cpu_errata: Add Kryo to Falkor 1003 errata
- arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks
- arm64: entry: Add fake CPU feature for unmapping the kernel at EL0
- arm64: kaslr: Put kernel vectors address in separate data page
- arm64: use RET instruction for exiting the trampoline
- arm64: Kconfig: Add CONFIG_
- arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry
- arm64: Take into account ID_AA64PFR0_
- arm64: capabilities: Handle duplicate entries for a capability
- arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR
- arm64: kpti: Fix the interaction between ASID switching and software PAN
- arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs
- arm64: Turn on KPTI only on CPUs that need it
- arm64: kpti: Make use of nG dependent on arm64_kernel_
- arm64: mm: Permit transitioning from Global to Non-Global without BBM
- arm64: kpti: Add ->enable callback to remap swapper using nG mappings
- arm64: Force KPTI to be disabled on Cavium ThunderX
- arm64: entry: Reword comment about post_ttbr_
- arm64: idmap: Use "awx" flags for .idmap.text .pushsection directives
- arm64: barrier: Add CSDB macros to control data-value prediction
- arm64: Implement array_index_
- arm64: Make USER_DS an inclusive limit
- arm64: Use pointer masking to limit uaccess speculation
- arm64: entry: Ensure branch through syscall table is bounded under
speculation
- arm64: uaccess: Prevent speculative use of the current addr_limit
- arm64: uaccess: Don't bother eliding access_ok checks in __{get, put}_user
- arm64: uaccess: Mask __user pointers for __arch_{clear, copy_*}_user
- arm64: futex: Mask __user pointers prior to dereference
- arm64: cpufeature: __this_
- arm64: Run enable method for errata work arounds on late CPUs
- arm64: cpufeature: Pass capability structure to ->enable callback
- drivers/firmware: Expose psci_get_version through psci_ops structure
- arm64: Move post_ttbr_
- arm64: Add skeleton to harden the branch predictor against aliasing attacks
- arm64: Move BP hardening to check_and_
- arm64: KVM: Use per-CPU vector when BP hardening is enabled
- arm64: entry: Apply BP hardening for high-priority synchronous exceptions
- arm64: entry: Apply BP hardening for suspicious interrupts from EL0
- arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75
- arm64: Implement branch predictor hardening for affected Cortex-A CPUs
- arm64: Implement branch predictor hardening for Falkor
- arm64: Branch predictor hardening for Cavium ThunderX2
- arm64: KVM: Increment PC after handling an SMC trap
- arm/arm64: KVM: Consolidate the PSCI include files
- arm/arm64: KVM: Add PSCI_VERSION helper
- arm/arm64: KVM: Add smccc accessors to PSCI code
- arm/arm64: KVM: Implement PSCI 1.0 support
- arm/arm64: KVM: Advertise SMCCC v1.1
- arm64: KVM: Make PSCI_VERSION a fast path
- arm/arm64: KVM: Turn kvm_psci_version into a static inline
- arm64: KVM: Report SMCCC_ARCH_
- arm64: KVM: Add SMCCC_ARCH_
- firmware/psci: Expose PSCI conduit
- firmware/psci: Expose SMCCC version through psci_ops
- arm/arm64: smccc: Make function identifiers an unsigned quantity
- arm/arm64: smccc: Implement SMCCC v1.1 inline primitive
- arm64: Add ARM_SMCCC_
- arm64: Kill PSCI_GET_VERSION as a variant-2 workaround
- [Config] UNMAP_KERNEL_
- SAUCE: arm64: __idmap_
- arm64: Add missing Falkor part number for branch predictor hardening
- arm64: mm: fix thinko in non-global page table attribute check
* linux-image-
boot (LP: #1742721)
- staging: sm750fb: Fix parameter mistake in poke32
-- Thadeu Lima de Souza Cascardo <email address hidden> Fri, 09 Mar 2018 12:40:45 -0300