Ubuntu
linux-kvm package

linux-kvm 4.15.0-1019.19 source package in Ubuntu

Changelog

linux-kvm (4.15.0-1019.19) bionic; urgency=medium

  [ Ubuntu: 4.15.0-32.34 ]

  * CVE-2018-5391
    - Revert "net: increase fragment memory usage limits"
  * CVE-2018-3620 // CVE-2018-3646
    - x86/Centaur: Initialize supported CPU features properly
    - x86/Centaur: Report correct CPU/cache topology
    - x86/CPU/AMD: Have smp_num_siblings and cpu_llc_id always be present
    - perf/events/amd/uncore: Fix amd_uncore_llc ID to use pre-defined cpu_llc_id
    - x86/CPU: Rename intel_cacheinfo.c to cacheinfo.c
    - x86/CPU/AMD: Calculate last level cache ID from number of sharing threads
    - x86/CPU: Modify detect_extended_topology() to return result
    - x86/CPU/AMD: Derive CPU topology from CPUID function 0xB when available
    - x86/CPU: Move cpu local function declarations to local header
    - x86/CPU: Make intel_num_cpu_cores() generic
    - x86/CPU: Move cpu_detect_cache_sizes() into init_intel_cacheinfo()
    - x86/CPU: Move x86_cpuinfo::x86_max_cores assignment to
      detect_num_cpu_cores()
    - x86/CPU/AMD: Fix LLC ID bit-shift calculation
    - x86/mm: Factor out pageattr _PAGE_GLOBAL setting
    - x86/mm: Undo double _PAGE_PSE clearing
    - x86/mm: Introduce "default" kernel PTE mask
    - x86/espfix: Document use of _PAGE_GLOBAL
    - x86/mm: Do not auto-massage page protections
    - x86/mm: Remove extra filtering in pageattr code
    - x86/mm: Comment _PAGE_GLOBAL mystery
    - x86/mm: Do not forbid _PAGE_RW before init for __ro_after_init
    - x86/ldt: Fix support_pte_mask filtering in map_ldt_struct()
    - x86/power/64: Fix page-table setup for temporary text mapping
    - x86/pti: Filter at vma->vm_page_prot population
    - x86/boot/64/clang: Use fixup_pointer() to access '__supported_pte_mask'
    - x86/speculation/l1tf: Increase 32bit PAE __PHYSICAL_PAGE_SHIFT
    - x86/speculation/l1tf: Change order of offset/type in swap entry
    - x86/speculation/l1tf: Protect swap entries against L1TF
    - x86/speculation/l1tf: Protect PROT_NONE PTEs against speculation
    - x86/speculation/l1tf: Make sure the first page is always reserved
    - x86/speculation/l1tf: Add sysfs reporting for l1tf
    - x86/speculation/l1tf: Disallow non privileged high MMIO PROT_NONE mappings
    - x86/speculation/l1tf: Limit swap file size to MAX_PA/2
    - x86/bugs: Move the l1tf function and define pr_fmt properly
    - sched/smt: Update sched_smt_present at runtime
    - x86/smp: Provide topology_is_primary_thread()
    - x86/topology: Provide topology_smt_supported()
    - cpu/hotplug: Make bringup/teardown of smp threads symmetric
    - cpu/hotplug: Split do_cpu_down()
    - cpu/hotplug: Provide knobs to control SMT
    - x86/cpu: Remove the pointless CPU printout
    - x86/cpu/AMD: Remove the pointless detect_ht() call
    - x86/cpu/common: Provide detect_ht_early()
    - x86/cpu/topology: Provide detect_extended_topology_early()
    - x86/cpu/intel: Evaluate smp_num_siblings early
    - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info
    - x86/cpu/AMD: Evaluate smp_num_siblings early
    - x86/apic: Ignore secondary threads if nosmt=force
    - x86/speculation/l1tf: Extend 64bit swap file size limit
    - x86/cpufeatures: Add detection of L1D cache flush support.
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    - x86/speculation/l1tf: Protect PAE swap entries against L1TF
    - x86/speculation/l1tf: Fix up pte->pfn conversion for PAE
    - Revert "x86/apic: Ignore secondary threads if nosmt=force"
    - cpu/hotplug: Boot HT siblings at least once
    - x86/KVM: Warn user if KVM is loaded SMT and L1TF CPU bug being present
    - x86/KVM/VMX: Add module argument for L1TF mitigation
    - x86/KVM/VMX: Add L1D flush algorithm
    - x86/KVM/VMX: Add L1D MSR based flush
    - x86/KVM/VMX: Add L1D flush logic
    - x86/KVM/VMX: Split the VMX MSR LOAD structures to have an host/guest numbers
    - x86/KVM/VMX: Add find_msr() helper function
    - x86/KVM/VMX: Separate the VMX AUTOLOAD guest/host number accounting
    - x86/KVM/VMX: Extend add_atomic_switch_msr() to allow VMENTER only MSRs
    - x86/KVM/VMX: Use MSR save list for IA32_FLUSH_CMD if required
    - cpu/hotplug: Online siblings when SMT control is turned on
    - x86/litf: Introduce vmx status variable
    - x86/kvm: Drop L1TF MSR list approach
    - x86/l1tf: Handle EPT disabled state proper
    - x86/kvm: Move l1tf setup function
    - x86/kvm: Add static key for flush always
    - x86/kvm: Serialize L1D flush parameter setter
    - x86/kvm: Allow runtime control of L1D flush
    - cpu/hotplug: Expose SMT control init function
    - cpu/hotplug: Set CPU_SMT_NOT_SUPPORTED early
    - x86/bugs, kvm: Introduce boot-time control of L1TF mitigations
    - Documentation: Add section about CPU vulnerabilities
    - x86/speculation/l1tf: Unbreak !__HAVE_ARCH_PFN_MODIFY_ALLOWED architectures
    - x86/KVM/VMX: Initialize the vmx_l1d_flush_pages' content
    - Documentation/l1tf: Fix typos
    - cpu/hotplug: detect SMT disabled by BIOS
    - x86/KVM/VMX: Don't set l1tf_flush_l1d to true from vmx_l1d_flush()
    - x86/KVM/VMX: Replace 'vmx_l1d_flush_always' with 'vmx_l1d_flush_cond'
    - x86/KVM/VMX: Move the l1tf_flush_l1d test to vmx_l1d_flush()
    - x86/irq: Demote irq_cpustat_t::__softirq_pending to u16
    - x86/KVM/VMX: Introduce per-host-cpu analogue of l1tf_flush_l1d
    - x86: Don't include linux/irq.h from asm/hardirq.h
    - x86/irq: Let interrupt handlers set kvm_cpu_l1tf_flush_l1d
    - x86/KVM/VMX: Don't set l1tf_flush_l1d from vmx_handle_external_intr()
    - Documentation/l1tf: Remove Yonah processors from not vulnerable list
    - x86/speculation: Simplify sysfs report of VMX L1TF vulnerability
    - x86/speculation: Use ARCH_CAPABILITIES to skip L1D flush on vmentry
    - KVM: x86: Add a framework for supporting MSR-based features
    - KVM: X86: Introduce kvm_get_msr_feature()
    - KVM: VMX: support MSR_IA32_ARCH_CAPABILITIES as a feature MSR
    - KVM: VMX: Tell the nested hypervisor to skip L1D flush on vmentry
    - cpu/hotplug: Fix SMT supported evaluation
    - x86/speculation/l1tf: Invert all not present mappings
    - x86/speculation/l1tf: Make pmd/pud_mknotpresent() invert
    - x86/mm/pat: Make set_memory_np() L1TF safe

 -- Stefan Bader <email address hidden>  Fri, 10 Aug 2018 12:08:55 +0200

Upload details

Uploaded by:
Stefan Bader
Uploaded to:
Bionic
Original maintainer:
Ubuntu Kernel Team
Architectures:
all amd64
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Builds

Bionic: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
linux-kvm_4.15.0.orig.tar.gz 150.4 MiB c33b8ba5c45a40b689979caa2421c4d933864cd70eb93c00eb69adf43e9a24fc
linux-kvm_4.15.0-1019.19.diff.gz 7.5 MiB 2c12154be8abd4a2ee64ba8c41e9803fc20bb9754a367e027c5c3daf2df9266d
linux-kvm_4.15.0-1019.19.dsc 3.8 KiB 61490a3e688af2a5b877b1eab82e6e6eaac572d61fa2333d5926cd2ab459ce41

View changes file

Binary packages built by this source

linux-headers-4.15.0-1019-kvm: Linux kernel headers for version 4.15.0 on 64 bit x86 SMP

 This package provides kernel header files for version 4.15.0 on
 64 bit x86 SMP.
 .
 This is for sites that want the latest kernel headers. Please read
 /usr/share/doc/linux-headers-4.15.0-1019/debian.README.gz for details.

linux-image-4.15.0-1019-kvm: Linux kernel image for version 4.15.0 on 64 bit x86 SMP

 This package contains the Linux kernel image for version 4.15.0 on
 64 bit x86 SMP.
 .
 Supports amd64 processors.
 .
 Geared toward virtual systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-kvm meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-image-4.15.0-1019-kvm-dbgsym: Linux kernel debug image for version 4.15.0 on 64 bit x86 SMP

 This package provides a kernel debug image for version 4.15.0 on
 64 bit x86 SMP.
 .
 This is for sites that wish to debug the kernel.
 .
 The kernel image contained in this package is NOT meant to boot from. It
 is uncompressed, and unstripped. This package also includes the
 unstripped modules.

linux-kvm-headers-4.15.0-1019: Header files related to Linux kernel version 4.15.0

 This package provides kernel header files for version 4.15.0, for sites
 that want the latest kernel headers. Please read
 /usr/share/doc/linux-kvm-headers-4.15.0-1019/debian.README.gz for details

linux-kvm-tools-4.15.0-1019: Linux kernel version specific tools for version 4.15.0-1019

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 4.15.0-1019 on
 64 bit x86.
 You probably want to install linux-tools-4.15.0-1019-<flavour>.

linux-kvm-tools-4.15.0-1019-dbgsym: debug symbols for linux-kvm-tools-4.15.0-1019
linux-modules-4.15.0-1019-kvm: Linux kernel extra modules for version 4.15.0 on 64 bit x86 SMP

 Contains the corresponding System.map file, the modules built by the
 packager, and scripts that try to ensure that the system is not left in an
 unbootable state after an update.
 .
 Supports amd64 processors.
 .
 Geared toward virtual systems.
 .
 You likely do not want to install this package directly. Instead, install
 the linux-kvm meta-package, which will ensure that upgrades work
 correctly, and that supporting packages are also installed.

linux-tools-4.15.0-1019-kvm: Linux kernel version specific tools for version 4.15.0-1019

 This package provides the architecture dependant parts for kernel
 version locked tools (such as perf and x86_energy_perf_policy) for
 version 4.15.0-1019 on
 64 bit x86.