Looks like this is the likely candidate:
commit 7fa1a35564b270e940111c31828e553bff8f063b
Author: Gustavo A. R. Silva <[email protected]>
Date: Thu Aug 2 22:40:19 2018 -0500
drm/i915/kvmgt: Fix potential Spectre v1
info.index can be indirectly controlled by user-space, hence leading
to a potential exploitation of the Spectre variant 1 vulnerability.
This issue was detected with the help of Smatch:
drivers/gpu/drm/i915/gvt/kvmgt.c:1232 intel_vgpu_ioctl() warn:
potential spectre issue 'vgpu->vdev.region' [r]
Fix this by sanitizing info.index before indirectly using it to index
vgpu->vdev.region
Notice that given that speculation windows are large, the policy is
to kill the speculation on the first load and not worry if it can be
completed with a dependent load/store [1].
[1] https://marc.info/?l=linux-kernel&m=152449131114778&w=2
Cc: [email protected]
Signed-off-by: Gustavo A. R. Silva <[email protected]>
Signed-off-by: Zhenyu Wang <[email protected]>
CVE-2017-5753
(cherry picked from commit de5372da605d3bca46e3102bab51b7e1c0e0a6f6)
Signed-off-by: Juerg Haefliger <[email protected]>
Acked-by: Stefan Bader <[email protected]>
Acked-by: Kleber Sacilotto de Souza <[email protected]>
Signed-off-by: Stefan Bader <[email protected]>
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5753
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1834177
Title:
regression: between 4.15.0-45 and 4.15.0-50 - i915 vmalloc_fault
Status in linux package in Ubuntu:
Confirmed
Bug description:
From the logs:
Jun 25 11:14:21 machine-name kernel: ------------[ cut here ]------------
Jun 25 11:14:21 machine-name kernel: kernel BUG at
/build/linux-H3Eec1/linux-4.15.0/arch/x86/mm/fault.c:268!
Jun 25 11:14:21 machine-name kernel: invalid opcode: 0000 [#1] SMP PTI
Jun 25 11:14:21 machine-name kernel: Modules linked in: i915(+) video
i2c_algo_bit crc32_pclmul drm_kms_helper syscopyarea sysfillrect psmouse ahci
sysimgblt e1000e fb_sys_fops libahci drm ptp pps_core wmi
Jun 25 11:14:21 machine-name kernel: CPU: 1 PID: 168 Comm: systemd-udevd Not
tainted 4.15.0-52-generic #56-Ubuntu
Jun 25 11:14:21 machine-name kernel: Hardware name: Hewlett-Packard HP Compaq
8200 Elite SFF PC/1495, BIOS J01 v02.15 11/10/2011
Jun 25 11:14:21 machine-name kernel: EIP: vmalloc_fault+0x229/0x240
Jun 25 11:14:21 machine-name kernel: EFLAGS: 00010086 CPU: 1
Jun 25 11:14:21 machine-name kernel: EAX: 027b0000 EBX: c5e20e28 ECX:
fe0000f3 EDX: 00000000
Jun 25 11:14:21 machine-name kernel: ESI: f8a78000 EDI: fe000000 EBP:
f550fc08 ESP: f550fbec
Jun 25 11:14:21 machine-name kernel: DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS:
0068
Jun 25 11:14:21 machine-name kernel: CR0: 80050033 CR2: f8a78000 CR3:
356b2000 CR4: 000406f0
Jun 25 11:14:21 machine-name kernel: Call Trace:
Jun 25 11:14:21 machine-name kernel: ? __do_page_fault+0x510/0x510
Jun 25 11:14:21 machine-name kernel: __do_page_fault+0x39d/0x510
Jun 25 11:14:21 machine-name kernel: ? __do_page_fault+0x510/0x510
Jun 25 11:14:21 machine-name kernel: do_page_fault+0x27/0xf0
Jun 25 11:14:21 machine-name kernel: ? __do_page_fault+0x510/0x510
Jun 25 11:14:21 machine-name kernel: common_exception+0x130/0x136
Jun 25 11:14:21 machine-name kernel: EIP: i915_check_vgpu+0x11/0xb0 [i915]
Jun 25 11:14:21 machine-name kernel: EFLAGS: 00010286 CPU: 1
Jun 25 11:14:21 machine-name kernel: EAX: f57d8000 EBX: f57d8000 ECX:
f550fcb4 EDX: f8a00000
Jun 25 11:14:21 machine-name kernel: ESI: 00000000 EDI: f57d83f8 EBP:
f550fcb8 ESP: f550fcac
Jun 25 11:14:21 machine-name kernel: DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS:
0068
Jun 25 11:14:21 machine-name kernel: ? pci_conf1_read+0xbb/0xf0
Jun 25 11:14:21 machine-name kernel: intel_uncore_init+0x15/0x5c0 [i915]
Jun 25 11:14:21 machine-name kernel: i915_driver_load+0x456/0xcc0 [i915]
Jun 25 11:14:21 machine-name kernel: ? acpi_dev_found+0x6c/0x80
Jun 25 11:14:21 machine-name kernel: ? i915_pci_remove+0x20/0x20 [i915]
Jun 25 11:14:21 machine-name kernel: i915_pci_probe+0x3a/0x70 [i915]
Jun 25 11:14:21 machine-name kernel: pci_device_probe+0xc7/0x160
Jun 25 11:14:21 machine-name kernel: driver_probe_device+0x2af/0x440
Jun 25 11:14:21 machine-name kernel: __driver_attach+0x99/0xe0
Jun 25 11:14:21 machine-name kernel: ? driver_probe_device+0x440/0x440
Jun 25 11:14:21 machine-name kernel: bus_for_each_dev+0x5a/0xa0
Jun 25 11:14:21 machine-name kernel: driver_attach+0x19/0x20
Jun 25 11:14:21 machine-name kernel: ? driver_probe_device+0x440/0x440
Jun 25 11:14:21 machine-name kernel: bus_add_driver+0x187/0x230
Jun 25 11:14:21 machine-name kernel: ? 0xf8951000
Jun 25 11:14:21 machine-name kernel: driver_register+0x56/0xd0
Jun 25 11:14:21 machine-name kernel: ? 0xf8951000
Jun 25 11:14:21 machine-name kernel: __pci_register_driver+0x3a/0x40
Jun 25 11:14:21 machine-name kernel: i915_init+0x51/0x56 [i915]
Jun 25 11:14:21 machine-name kernel: do_one_initcall+0x49/0x174
Jun 25 11:14:21 machine-name kernel: ? _cond_resched+0x17/0x40
Jun 25 11:14:21 machine-name kernel: ? kmem_cache_alloc_trace+0x165/0x1d0
Jun 25 11:14:21 machine-name kernel: ? do_init_module+0x21/0x1ec
Jun 25 11:14:21 machine-name kernel: ? do_init_module+0x21/0x1ec
Jun 25 11:14:21 machine-name kernel: do_init_module+0x50/0x1ec
Jun 25 11:14:21 machine-name kernel: load_module+0x1588/0x1ab0
Jun 25 11:14:21 machine-name kernel: ? ima_post_read_file+0xb4/0xc0
Jun 25 11:14:21 machine-name kernel: ?
security_kernel_post_read_file+0x62/0x70
Jun 25 11:14:21 machine-name kernel: SyS_finit_module+0x8a/0xe0
Jun 25 11:14:21 machine-name kernel: do_fast_syscall_32+0x7f/0x200
Jun 25 11:14:21 machine-name kernel: entry_SYSENTER_32+0x6b/0xbe
Jun 25 11:14:21 machine-name kernel: EIP: 0xb7f4bd09
Jun 25 11:14:21 machine-name kernel: EFLAGS: 00000296 CPU: 1
Jun 25 11:14:21 machine-name kernel: EAX: ffffffda EBX: 00000013 ECX:
b7d5da15 EDX: 00000000
Jun 25 11:14:21 machine-name kernel: ESI: 01f2c530 EDI: 01f17d50 EBP:
01f11800 ESP: bfec3c4c
Jun 25 11:14:21 machine-name kernel: DS: 007b ES: 007b FS: 0000 GS: 0033 SS:
007b
Jun 25 11:14:21 machine-name kernel: Code: cf 89 7d ec 8b 45 ec 0f ac d0 0c
89 c2 8d 04 80 c1 ea 11 c1 e2 04 8b 92 40 32 eb c5 83 e2 f8 8d 04 c2 39 45 e4
0f 84 d0 fe ff ff <0f> 0b 90 8d 74 26 00 83 c4 10 b8 ff ff ff ff 5b 5e 5f 5d c3
8d
Jun 25 11:14:21 machine-name kernel: EIP: vmalloc_fault+0x229/0x240 SS:ESP:
0068:f550fbec
Jun 25 11:14:21 machine-name kernel: ---[ end trace fc80bb0be413797b ]---
After this, Xorg will unload modeset and use fbdev instead.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.15.0-52-generic 4.15.0-52.56
ProcVersionSignature: Ubuntu 4.15.0-52.56-generic 4.15.18
Uname: Linux 4.15.0-52-generic i686
ApportVersion: 2.20.9-0ubuntu7.6
Architecture: i386
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq',
'/dev/snd/timer'] failed with exit code 1:
CurrentDesktop: GNOME
Date: Tue Jun 25 12:23:12 2019
HibernationDevice: RESUME=UUID=1b857197-e601-497b-b773-025fbe39d2db
InstallationDate: Installed on 2013-09-16 (2107 days ago)
InstallationMedia: Ubuntu 13.04 "Raring Ringtail" - Release i386 (20130424)
IwConfig:
lo no wireless extensions.
eth0 no wireless extensions.
MachineType: Hewlett-Packard HP Compaq 8200 Elite SFF PC
ProcFB: 0 VESA VGA
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-52-generic
root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=1
RelatedPackageVersions:
linux-restricted-modules-4.15.0-52-generic N/A
linux-backports-modules-4.15.0-52-generic N/A
linux-firmware 1.173.6
RfKill:
SourcePackage: linux
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 11/10/2011
dmi.bios.vendor: Hewlett-Packard
dmi.bios.version: J01 v02.15
dmi.board.asset.tag: CZC2141GVS
dmi.board.name: 1495
dmi.board.vendor: Hewlett-Packard
dmi.chassis.asset.tag: CZC2141GVS
dmi.chassis.type: 6
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias:
dmi:bvnHewlett-Packard:bvrJ01v02.15:bd11/10/2011:svnHewlett-Packard:pnHPCompaq8200EliteSFFPC:pvr:rvnHewlett-Packard:rn1495:rvr:cvnHewlett-Packard:ct6:cvr:
dmi.product.family: 103C_53307F G=D
dmi.product.name: HP Compaq 8200 Elite SFF PC
dmi.sys.vendor: Hewlett-Packard
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1834177/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
