Ubuntu
linux-aws package

linux-aws 4.4.0-1049.58 source package in Ubuntu

Changelog

linux-aws (4.4.0-1049.58) xenial; urgency=low

  * linux-aws: 4.4.0-1049.58 -proposed tracker (LP: #1743001)

  [ Ubuntu: 4.4.0-110.133 ]

  * linux: 4.4.0-110.133 -proposed tracker (LP: #1742995)
  * CVE-2017-5753
    - x86/microcode/AMD: Add support for fam17h microcode loading
    - bpf: add bpf_patch_insn_single helper
    - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
    - bpf: add generic constant blinding for use in jits
    - locking/barriers: introduce new memory barrier gmb()
    - bpf: prevent speculative execution in eBPF interpreter
    - x86, bpf, jit: prevent speculative execution when JIT is enabled
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - Thermal/int340x: prevent speculative execution
    - userns: prevent speculative execution
    - ipv6: prevent speculative execution
    - fs: prevent speculative execution
    - net: mpls: prevent speculative execution
    - udf: prevent speculative execution
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/kvm: Pad RSB on VM transition
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/syscall: Clear unused extra registers on syscall entrance
    - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
      entrance
    - x86/entry: Use retpoline for syscall's indirect calls
    - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Add speculative control CPUID support for guests
    - x86/svm: Add code to clobber the RSB on VM exit
    - x86/svm: Add code to clear registers on VM exit
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - powerpc: add gmb barrier
    - s390/spinlock: add gmb memory barrier
    - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
    - arm64: no gmb() implementation yet
    - arm: no gmb() implementation yet
  * CVE-2017-5715
    - x86/microcode/AMD: Add support for fam17h microcode loading
    - bpf: add bpf_patch_insn_single helper
    - bpf: prepare bpf_int_jit_compile/bpf_prog_select_runtime apis
    - bpf: add generic constant blinding for use in jits
    - locking/barriers: introduce new memory barrier gmb()
    - bpf: prevent speculative execution in eBPF interpreter
    - x86, bpf, jit: prevent speculative execution when JIT is enabled
    - uvcvideo: prevent speculative execution
    - carl9170: prevent speculative execution
    - qla2xxx: prevent speculative execution
    - Thermal/int340x: prevent speculative execution
    - userns: prevent speculative execution
    - ipv6: prevent speculative execution
    - fs: prevent speculative execution
    - net: mpls: prevent speculative execution
    - udf: prevent speculative execution
    - x86/feature: Enable the x86 feature to control Speculation
    - x86/feature: Report presence of IBPB and IBRS control
    - x86/enter: MACROS to set/clear IBRS and set IBPB
    - x86/enter: Use IBRS on syscall and interrupts
    - x86/idle: Disable IBRS entering idle and enable it on wakeup
    - x86/idle: Disable IBRS when offlining cpu and re-enable on wakeup
    - x86/mm: Set IBPB upon context switch
    - x86/mm: Only set IBPB when the new thread cannot ptrace current thread
    - x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
    - x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
    - x86/kvm: Set IBPB when switching VM
    - x86/kvm: Toggle IBRS on VM entry and exit
    - x86/kvm: Pad RSB on VM transition
    - x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL feature
    - x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb control
    - x86/syscall: Clear unused extra registers on syscall entrance
    - x86/syscall: Clear unused extra registers on 32-bit compatible syscall
      entrance
    - x86/entry: Use retpoline for syscall's indirect calls
    - x86/cpu/amd, kvm: Satisfy guest kernel reads of IC_CFG MSR
    - x86/cpu/AMD: Add speculative control support for AMD
    - x86/microcode: Extend post microcode reload to support IBPB feature
    - KVM: SVM: Do not intercept new speculative control MSRs
    - x86/svm: Set IBRS value on VM entry and exit
    - x86/svm: Set IBPB when running a different VCPU
    - KVM: x86: Add speculative control CPUID support for guests
    - x86/svm: Add code to clobber the RSB on VM exit
    - x86/svm: Add code to clear registers on VM exit
    - x86/cpu/AMD: Make the LFENCE instruction serialized
    - x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature
    - powerpc: add gmb barrier
    - s390/spinlock: add gmb memory barrier
    - SAUCE: x86/kvm: Fix stuff_RSB() for 32-bit
    - arm64: no gmb() implementation yet
    - arm: no gmb() implementation yet
  * powerpc: flush L1D on return to use (LP: #1742772)
    - SAUCE: powerpc: Secure memory rfi flush
    - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
    - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
    - SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid
    - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host
    - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
    - SAUCE: rfi-flush: Implement congruence-first fallback flush
    - SAUCE: rfi-flush: Make l1d_flush_type bit flags
    - SAUCE: rfi-flush: Push the instruction selection down to the patching
      routine
    - SAUCE: rfi-flush: Expand the RFI section to two nop slots
    - SAUCE: rfi-flush: Support more than one flush type at once
    - SAUCE: rfi-flush: Allow HV to advertise multiple flush types
    - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
    - SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files
    - SAUCE: Remove setup.h include file otherwise compilation complains about
      missing header file.
    - SAUCE: Fix compilation errors for arch/powerpc/lib/feature-fixups.c
    - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
    - SAUCE: rfi-flush: Rework powernv logic to be more cautious
    - SAUCE: rfi-flush: Rework pseries logic to be more cautious
    - SAUCE: rfi-flush: Fix the fallback flush to actually activate
    - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
    - SAUCE: rfi-flush: Refactor the macros so the nops are defined once
    - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
    - SAUCE: rfi-flush: Use rfi-flush in printks
    - SAUCE: rfi-flush: Fallback flush add load dependency
    - SAUCE: rfi-flush: Fix the 32-bit KVM build
    - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
    - SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI
  * s390: add ppa to kernel entry/exit (LP: #1742771)
    - s390: introduce CPU alternatives
    - s390: add ppa to kernel entry / exit
  * CVE-2017-5754
    - x86/tlb: Drop the _GPL from the cpu_tlbstate export
    - Map the vsyscall page with _PAGE_USER
    - s390: introduce CPU alternatives
    - s390: add ppa to kernel entry / exit
    - SAUCE: powerpc: Secure memory rfi flush
    - SAUCE: rfi-flush: Make DEBUG_RFI a CONFIG option
    - SAUCE: rfi-flush: Add HRFI_TO_UNKNOWN and use it in denorm
    - SAUCE: Fixup rfid in kvmppc_skip_Hinterrupt should be hrfid
    - SAUCE: rfi-flush: kvmppc_skip_(H)interrupt returns to host
    - SAUCE: KVM: Revert the implementation of H_GET_CPU_CHARACTERISTICS
    - SAUCE: rfi-flush: Implement congruence-first fallback flush
    - SAUCE: rfi-flush: Make l1d_flush_type bit flags
    - SAUCE: rfi-flush: Push the instruction selection down to the patching
      routine
    - SAUCE: rfi-flush: Expand the RFI section to two nop slots
    - SAUCE: rfi-flush: Support more than one flush type at once
    - SAUCE: rfi-flush: Allow HV to advertise multiple flush types
    - SAUCE: rfi-flush: Add speculation barrier before ori 30,30,0 flush
    - SAUCE: powerpc/asm: Allow including ppc_asm.h in asm files
    - SAUCE: Remove setup.h include file otherwise compilation complains about
      missing header file.
    - SAUCE: Fix compilation errors for arch/powerpc/lib/feature-fixups.c
    - SAUCE: rfi-flush: Add barriers to the fallback L1D flushing
    - SAUCE: rfi-flush: Rework powernv logic to be more cautious
    - SAUCE: rfi-flush: Rework pseries logic to be more cautious
    - SAUCE: rfi-flush: Fix the fallback flush to actually activate
    - SAUCE: rfi-flush: Fix HRFI_TO_UNKNOWN
    - SAUCE: rfi-flush: Refactor the macros so the nops are defined once
    - SAUCE: rfi-flush: Add no_rfi_flush and nopti comandline options
    - SAUCE: rfi-flush: Use rfi-flush in printks
    - SAUCE: rfi-flush: Fallback flush add load dependency
    - SAUCE: rfi-flush: Fix the 32-bit KVM build
    - SAUCE: rfi-flush: Fix some RFI conversions in the KVM code
    - SAUCE: UBUNTU: [Config] Disable CONFIG_PPC_DEBUG_RFI

 -- Kamal Mostafa <email address hidden>  Fri, 12 Jan 2018 14:39:25 -0800

Upload details

Uploaded by:
Kamal Mostafa
Uploaded to:
Xenial
Original maintainer:
Ubuntu Kernel Team
Architectures:
all amd64
Section:
devel
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Xenial: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
linux-aws_4.4.0.orig.tar.gz 126.7 MiB 730e75919b5d30a9bc934ccb300eaedfdf44994ca9ee1d07a46901c46c221357
linux-aws_4.4.0-1049.58.diff.gz 16.9 MiB e080573ae4cb11ae9cb89750647b67a33a03579d4a5ee3808bb43f78aac5af14
linux-aws_4.4.0-1049.58.dsc 3.5 KiB 72d05fb0af19d086319a53b48e1b243cca8b682f6a9c930308e5af3c46560e9b

Available diffs

View changes file

Binary packages built by this source

linux-aws-cloud-tools-4.4.0-1049: Linux kernel version specific cloud tools for version 4.4.0-1049

 This package provides the architecture dependant parts for kernel
 version locked tools for cloud tools for version 4.4.0-1049 on
 64 bit x86.
 You probably want to install linux-cloud-tools-4.4.0-1049-<flavour>.

linux-aws-cloud-tools-4.4.0-1049-dbgsym: debug symbols for package linux-aws-cloud-tools-4.4.0-1049

 This package provides the architecture dependant parts for kernel
 version locked tools for cloud tools for version 4.4.0-1049 on
 64 bit x86.
 You probably want to install linux-cloud-tools-4.4.0-1049-<flavour>.

linux-aws-headers-4.4.0-1049: Header files related to Linux kernel version 4.4.0

 This package provides kernel header files for version 4.4.0, for sites
 that want the latest kernel headers. Please read
 /usr/share/doc/linux-aws-headers-4.4.0-1049/debian.README.gz for details

linux-aws-tools-4.4.0-1049: Linux kernel version specific tools for version 4.4.0-1049

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 4.4.0-1049 on
 64 bit x86.
 You probably want to install linux-tools-4.4.0-1049-<flavour>.

linux-aws-tools-4.4.0-1049-dbgsym: debug symbols for package linux-aws-tools-4.4.0-1049

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 4.4.0-1049 on
 64 bit x86.
 You probably want to install linux-tools-4.4.0-1049-<flavour>.

linux-cloud-tools-4.4.0-1049-aws: Linux kernel version specific cloud tools for version 4.4.0-1049

 This package provides the architecture dependant parts for kernel
 version locked tools for cloud for version 4.4.0-1049 on
 64 bit x86.

linux-headers-4.4.0-1049-aws: Linux kernel headers for version 4.4.0 on 64 bit x86 SMP

 This package provides kernel header files for version 4.4.0 on
 64 bit x86 SMP.
 .
 This is for sites that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-4.4.0-1049/debian.README.gz for details.

linux-image-4.4.0-1049-aws: Linux kernel image for version 4.4.0 on 64 bit x86 SMP

 This package contains the Linux kernel image for version 4.4.0 on
 64 bit x86 SMP.
 .
 Also includes the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports AWS processors.
 .
 Geared toward Amazon Web Services (AWS) systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-aws meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-image-4.4.0-1049-aws-dbgsym: Linux kernel debug image for version 4.4.0 on 64 bit x86 SMP

 This package provides a kernel debug image for version 4.4.0 on
 64 bit x86 SMP.
 .
 This is for sites that wish to debug the kernel.
 .
 The kernel image contained in this package is NOT meant to boot from. It
 is uncompressed, and unstripped. This package also includes the
 unstripped modules.

linux-tools-4.4.0-1049-aws: Linux kernel version specific tools for version 4.4.0-1049

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 4.4.0-1049 on
 64 bit x86.