This bug was fixed in the package linux - 3.13.0-145.194
---------------
linux (3.13.0-145.194) trusty; urgency=medium
* linux: 3.13.0-145.194 -proposed tracker (LP: #1761430)
* intel-microcode 3.20180312.0 causes lockup at login screen(w/ linux-
image-4.13.0-37-generic) (LP: #1759920) // CVE-2017-5715 (Spectre v2 Intel)
- Revert "UBUNTU: SAUCE: x86/mm: Only set IBPB when the new thread cannot
ptrace current thread"
- x86/speculation: Use Indirect Branch Prediction Barrier in context switch
* DKMS driver builds fail with: Cannot use CONFIG_STACK_VALIDATION=y, please
install libelf-dev, libelf-devel or elfutils-libelf-devel (LP: #1760876)
- [Packaging] include the retpoline extractor in the headers
* retpoline hints: primary infrastructure and initial hints (LP: #1758856)
- [Packaging] retpoline-extract: flag *0xNNN(%reg) branches
- x86/speculation, objtool: Annotate indirect calls/jumps for objtool
- x86/speculation, objtool: Annotate indirect calls/jumps for objtool on
32bit
- x86/paravirt, objtool: Annotate indirect calls
- x86/asm: Stop depending on ptrace.h in alternative.h
- [Packaging] retpoline -- add safe usage hint support
- [Packaging] retpoline-check -- only report additions
- [Packaging] retpoline -- widen indirect call/jmp detection
- [Packaging] retpoline -- elide %rip relative indirections
- [Packaging] retpoline -- clear hint information from packages
- SAUCE: modpost: add discard to non-allocatable whitelist
- KVM: x86: Make indirect calls in emulator speculation safe
- KVM: VMX: Make indirect call speculation safe
- x86/boot, objtool: Annotate indirect jump in secondary_startup_64()
- SAUCE: early/late -- annotate indirect calls in early/late initialisation
code
- SAUCE: vga_set_mode -- avoid jump tables
- [Config] retpoline -- switch to new format
- [Packaging] retpoline hints -- handle missing files when RETPOLINE not
enabled
- [Packaging] final-checks -- remove check for empty retpoline files
* retpoline: ignore %cs:0xNNN constant indirections (LP: #1752655)
- [Packaging] retpoline -- elide %cs:0xNNNN constants on i386
* Boot crash with Trusty 3.13 (LP: #1757193)
- Revert "UBUNTU: SAUCE: x86, extable: fix uaccess fixup detection"
- x86/mm: Expand the exception table logic to allow new handling options
* Segmentation fault in ldt_gdt_64 (LP: #1755817) // CVE-2017-5754
- x86/kvm: Rename VMX's segment access rights defines
- x86/signal/64: Fix SS if needed when delivering a 64-bit signal
-- Kleber Sacilotto de Souza <kleber.so...@canonical.com> Thu, 05 Apr
2018 16:26:39 +0200
** Changed in: linux (Ubuntu Trusty)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5715
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1755817
Title:
Segmentation fault in ldt_gdt_64
Status in linux package in Ubuntu:
Incomplete
Status in linux source package in Trusty:
Fix Released
Bug description:
== SRU Justification ==
The ldt_gdt_64 x86 selftest segfaults with the currently released Trusty 3.13
kernel. The commit that introduced the segfault is aeb315d60afe ("x86/ldt: Make
modify_ldt synchronous").
== Fix ==
Upstream commit 8ff5bd2e1e27 ("x86/signal/64: Fix SS if needed when
delivering a 64-bit signal"). This commit was found by doing a reverse git
bisect of the upstream kernel (i.e., when did the test stop segfaulting).
The backport of the commit is a simple context adjustment. The second commit
is a pre-requisite which simply renames some defines (no functional changes).
== Regression Potential ==
Low. The commit is very small and isolated and the code path is only executed
in special circumstances (and for x86 only). I built a test kernel and ran the
whole set of x86 selftests and perf NMI test for several hours to verify
stability.
== Test Case ==
Run the ldt_gdt_64 x86 selftets from a current upstream kernel source. The
test segfaults consistently.
Original bug description:
Trusty 3.13 segfaults when running ldt_gdt_64 from the kernel's x86
selftests.
git bisect revealed that the following commit introduced the issue:
commit aeb315d60afee129d32558f4a4b356eec2e7da7b
Author: Andy Lutomirski <l...@kernel.org>
Date: Thu Jul 30 14:31:32 2015 -0700
x86/ldt: Make modify_ldt synchronous
CVE-2017-5754
commit 37868fe113ff2ba814b3b4eb12df214df555f8dc upstream.
modify_ldt() has questionable locking and does not synchronize
threads. Improve it: redesign the locking and synchronize all
threads' LDTs using an IPI on all modifications.
This will dramatically slow down modify_ldt in multithreaded
programs, but there shouldn't be any multithreaded programs that
care about modify_ldt's performance in the first place.
This fixes some fallout from the CVE-2015-5157 fixes.
Signed-off-by: Andy Lutomirski <l...@kernel.org>
Reviewed-by: Borislav Petkov <b...@suse.de>
Cc: Andrew Cooper <andrew.coop...@citrix.com>
Cc: Andy Lutomirski <l...@amacapital.net>
Cc: Boris Ostrovsky <boris.ostrov...@oracle.com>
Cc: Borislav Petkov <b...@alien8.de>
Cc: Brian Gerst <brge...@gmail.com>
Cc: Denys Vlasenko <dvlas...@redhat.com>
Cc: H. Peter Anvin <h...@zytor.com>
Cc: Jan Beulich <jbeul...@suse.com>
Cc: Konrad Rzeszutek Wilk <konrad.w...@oracle.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Peter Zijlstra <pet...@infradead.org>
Cc: Sasha Levin <sasha.le...@oracle.com>
Cc: Steven Rostedt <rost...@goodmis.org>
Cc: Thomas Gleixner <t...@linutronix.de>
Link:
http://lkml.kernel.org/r/4c6978476782160600471bd865b318db34c7b628.1438291540.git.l...@kernel.org
Signed-off-by: Ingo Molnar <mi...@kernel.org>
Signed-off-by: Jiri Slaby <jsl...@suse.cz>
(cherry picked from commit 62fc7228f8cc8c89ecbd37008a0495ac28e41c5c)
Signed-off-by: Juerg Haefliger <juerg.haefli...@canonical.com>
Signed-off-by: Stefan Bader <stefan.ba...@canonical.com>
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1755817/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
