This bug was fixed in the package linux - 4.13.0-43.48
---------------
linux (4.13.0-43.48) artful; urgency=medium
* CVE-2018-3639 (powerpc)
- SAUCE: rfi-flush: update H_CPU_* macro names to upstream
- SAUCE: rfi-flush: update plpar_get_cpu_characteristics() signature to
upstream
- SAUCE: update pseries_setup_rfi_flush() capitalization to upstream
- powerpc/pseries: Support firmware disable of RFI flush
- powerpc/powernv: Support firmware disable of RFI flush
- powerpc/64s: Allow control of RFI flush via debugfs
- powerpc/rfi-flush: Move the logic to avoid a redo into the debugfs code
- powerpc/rfi-flush: Always enable fallback flush on pseries
- powerpc/rfi-flush: Differentiate enabled and patched flush types
- powerpc/pseries: Add new H_GET_CPU_CHARACTERISTICS flags
- powerpc: Add security feature flags for Spectre/Meltdown
- powerpc/powernv: Set or clear security feature flags
- powerpc/pseries: Set or clear security feature flags
- powerpc/powernv: Use the security flags in pnv_setup_rfi_flush()
- powerpc/pseries: Use the security flags in pseries_setup_rfi_flush()
- powerpc/pseries: Fix clearing of security feature flags
- powerpc: Move default security feature flags
- powerpc/pseries: Restore default security feature flags on setup
- powerpc/64s: Add support for a store forwarding barrier at kernel
entry/exit
* CVE-2018-3639 (x86)
- SAUCE: Add X86_FEATURE_ARCH_CAPABILITIES
- SAUCE: x86: Add alternative_msr_write
- x86/nospec: Simplify alternative_msr_write()
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown
- x86/bugs: Concentrate bug detection into a separate function
- x86/bugs: Concentrate bug reporting into a separate function
- x86/msr: Add definitions for new speculation control MSRs
- x86/bugs: Read SPEC_CTRL MSR during boot and re-use reserved bits
- x86/bugs, KVM: Support the combination of guest and host IBRS
- x86/bugs: Expose /sys/../spec_store_bypass
- x86/cpufeatures: Add X86_FEATURE_RDS
- x86/bugs: Provide boot parameters for the spec_store_bypass_disable
mitigation
- x86/bugs/intel: Set proper CPU features and setup RDS
- x86/bugs: Whitelist allowed SPEC_CTRL MSR values
- x86/bugs/AMD: Add support to disable RDS on Fam[15,16,17]h if requested
- x86/KVM/VMX: Expose SPEC_CTRL Bit(2) to the guest
- x86/speculation: Create spec-ctrl.h to avoid include hell
- prctl: Add speculation control prctls
- x86/process: Allow runtime control of Speculative Store Bypass
- x86/speculation: Add prctl for Speculative Store Bypass mitigation
- nospec: Allow getting/setting on non-current task
- proc: Provide details on speculation flaw mitigations
- seccomp: Enable speculation flaw mitigations
- SAUCE: x86/bugs: Honour SPEC_CTRL default
- x86/bugs: Make boot modes __ro_after_init
- prctl: Add force disable speculation
- seccomp: Use PR_SPEC_FORCE_DISABLE
- seccomp: Add filter flag to opt-out of SSB mitigation
- seccomp: Move speculation migitation control to arch code
- x86/speculation: Make "seccomp" the default mode for Speculative Store
Bypass
- x86/bugs: Rename _RDS to _SSBD
- proc: Use underscores for SSBD in 'status'
- Documentation/spec_ctrl: Do some minor cleanups
- x86/bugs: Fix __ssb_select_mitigation() return type
- x86/bugs: Make cpu_show_common() static
* LSM Stacking prctl values should be redefined as to not collide with
upstream prctls (LP: #1769263) // CVE-2018-3639
- SAUCE: LSM stacking: adjust prctl values
linux (4.13.0-42.47) artful; urgency=medium
* linux: 4.13.0-42.47 -proposed tracker (LP: #1769993)
* arm64: fix CONFIG_DEBUG_WX address reporting (LP: #1765850)
- arm64: fix CONFIG_DEBUG_WX address reporting
* HiSilicon HNS NIC names are truncated in /proc/interrupts (LP: #1765977)
- net: hns: Avoid action name truncation
* CVE-2017-18208
- mm/madvise.c: fix madvise() infinite loop under special circumstances
* CVE-2018-8822
- staging: ncpfs: memory corruption in ncp_read_kernel()
* CVE-2017-18203
- dm: fix race between dm_get_from_kobject() and __dm_destroy()
* CVE-2017-17449
- netlink: Add netns check on taps
* CVE-2017-17975
- media: usbtv: prevent double free in error case
* [8086:3e92] display becomes blank after S3 (LP: #1763271)
- drm/i915/edp: Allow alternate fixed mode for eDP if available.
- drm/i915/dp: rename intel_dp_is_edp to intel_dp_is_port_edp
- drm/i915/dp: make is_edp non-static and rename to intel_dp_is_edp
- drm/i915/edp: Do not do link training fallback or prune modes on EDP
* sky2 gigabit ethernet driver sometimes stops working after lid-open resume
from sleep (88E8055) (LP: #1758507)
- sky2: Increase D3 delay to sky2 stops working after suspend
* perf vendor events arm64: Enable JSON events for ThunderX2 B0 (LP: #1760712)
- perf vendor events arm64: Enable JSON events for ThunderX2 B0
* No network with e1000e driver on 4.13.0-38-generic (LP: #1762693)
- e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
* /dev/ipmi enumeration flaky on Cavium Sabre nodes (LP: #1762812)
- i2c: xlp9xx: return ENXIO on slave address NACK
- i2c: xlp9xx: Handle transactions with I2C_M_RECV_LEN properly
- i2c: xlp9xx: Check for Bus state before every transfer
- i2c: xlp9xx: Handle NACK on DATA properly
* "ip a" command on a guest VM shows UNKNOWN status (LP: #1761534)
- virtio-net: Fix operstate for virtio when no VIRTIO_NET_F_STATUS
* fix regression in mm/hotplug, allows NVIDIA driver to work (LP: #1761104)
- SAUCE: Fix revert "mm, memory_hotplug: do not associate hotadded memory to
zones until online"
* ibrs/ibpb fixes result in excessive kernel logging (LP: #1755627)
- SAUCE: remove ibrs_dump sysctl interface
-- Stefan Bader <stefan.ba...@canonical.com> Tue, 15 May 2018 07:39:26
+0200
** Changed in: linux (Ubuntu Artful)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17449
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-17975
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18203
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-18208
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-3639
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-8822
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1761104
Title:
fix regression in mm/hotplug, allows NVIDIA driver to work
Status in linux package in Ubuntu:
Invalid
Status in linux source package in Artful:
Fix Released
Bug description:
== SRU Justification, ARTFUL ==
Bug fix #1747069 causes an issue for NVIDIA drivers on ppc64el
platforms. According to Will Davis at NVIDIA:
"- The original patch 3d79a728f9b2e6ddcce4e02c91c4de1076548a4c changed
the call to arch_add_memory in mm/memory_hotplug.c to call with the
boolean argument set to true instead of false, and inverted the
semantics of that argument in the arch layers.
- The revert patch 4fe85d5a7c50f003fe4863a1a87f5d8cc121c75c reverted
the semantic change in the arch layers, but didn't revert the change
to the arch_add_memory call in mm/memory_hotplug.c"
And also:
"It looks like the problem here is that the online_type is _MOVABLE but
can_online_high_movable(nid=255) is returning false:
if ((zone_idx(zone) > ZONE_NORMAL ||
online_type == MMOP_ONLINE_MOVABLE) &&
!can_online_high_movable(pfn_to_nid(pfn)))
This check was removed by upstream commit
57c0a17238e22395428248c53f8e390c051c88b8, and I've verified that if I apply
that commit (partially) to the 4.13.0-37.42 tree along with the previous
arch_add_memory patch to make the probe work, I can fully online the GPU
device
memory as expected.
Commit 57c0a172.. implies that the can_online_high_movable() checks weren't
useful anyway, so in addition to the arch_add_memory fix, does it make sense
to
revert the pieces of 4fe85d5a7c50f003fe4863a1a87f5d8cc121c75c that added back
the can_online_high_movable() check?"
== Fix ==
Fix partial backport from bug #1747069, remove can_online_high_movable
and fix the incorrectly set boolean argument to arch_add_memory().
== Testing ==
run ADT memory hotplug test, should not regress this. Without the fix,
the nvidia driver on powerpc will not load because it cannot map
memory for the device. With the fix it loads.
== Regression Potential ==
This fixes a regression in the original fix and hence the regression
potential is the same as the previously SRU'd bug fix for #1747069,
namely:
"Reverting this commit does remove some functionality, however this
does not regress the kernel compared to previous releases and having a
working reliable memory hotplug is the preferred option. This fix does
touch some memory hotplug, so there is a risk that this may break this
functionality that is not covered by the kernel regression testing."
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1761104/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
