Ubuntu
linux package

NULL pointer dereference when using z3fold and zswap

Bug #1814874 reported by Ken Sharp
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Linux
Fix Released
High
linux (Ubuntu)
Fix Released
Undecided
Po-Hsu Lin
Bionic
Fix Released
Undecided
Unassigned
Cosmic
Fix Released
Undecided
Unassigned

Bug Description

== Justification ==
When using z3fold and zswap on a VM under overcommitted memory stress,
z3fold will complains about an "unknown buddy id 0" and fail to get a
pointer to the mapped allocation in z3fold_map().

 z3fold: unknown buddy id 0
 WARNING: CPU: 2 PID: 1584 at mm/z3fold.c:971 z3fold_zpool_map+0xce/0x100 [z3fold]

And it will leads to a null pointer dereference in zswap

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
 PGD 0 P4D 0
 Oops: 0000 [#1] SMP PTI
 CPU: 2 PID: 1584 Comm: stress Tainted: G W 4.18.0-17-generic #18-Ubuntu
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.11.1-1ubuntu1 04/01/2014
 RIP: 0010:zswap_writeback_entry+0x4d/0x360

== Fix ==
ca0246bb (z3fold: fix possible reclaim races)

This patch has already in Disco, and can be cherry-picked into B/C.
Not needed for Xenial and older kernels as z3fold is not supported.

== Test ==
Test kernels for Bionic / Cosmic could be found here:
http://people.canonical.com/~phlin/kernel/lp-1814874-z3fold-zswap/Bionic/
http://people.canonical.com/~phlin/kernel/lp-1814874-z3fold-zswap/Cosmic/

This issue can be reproduced easily in a KVM with the following setup:
 * 8G disk, 4G RAM, 4 CPUs
 * 1G swap
 * "zswap.enabled=1 zswap.zpool=z3fold zswap.max_pool_percent=7" added to grub
 * "z3fold" module added into /etc/initramfs-tools/modules

Stress it with two childs running:
 * stress --vm-bytes 512M --vm 4 --vm-hang 3
 * stress --vm-bytes 512M --vm 4 --vm-hang 7

The VM is expected to crash within 5 minutes.

With the patched kernel, the VM can withstand this stress for over an
hour with crashing with this issue

== Regression potential ==
Small.

Fix limited to z3fold. User needs to enable it explicitly for this
feature.

== Original Bug Report ==
Under memory pressure, my VM locks up. This has been reported upstream though I don't know how far any solution has progressed.

https://bugzilla.kernel.org/show_bug.cgi?id=201603

Feb 6 07:15:42 vps632258 kernel: [151336.450064] z3fold: unknown buddy id 0
Feb 6 07:15:42 vps632258 kernel: [151336.454450] BUG: unable to handle kernel NULL pointer dereference at 0000000000000008

The little bit of log I managed to salvage is attached.

This has happened to two identical VMs. Unusually it has not occurred on a third VM which is configured the same but has less RAM (fingers crossed it won't).

Irrelevant information:
I thought the lock-ups were due to me using a BTRFS filesystem, however I swapped over to NILFS2 and this still occurs. The only difference seems to be that I am now able to grab some of the kernel output.

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: linux-image-4.18.0-14-generic 4.18.0-14.15~18.04.1
ProcVersionSignature: Ubuntu 4.18.0-14.15~18.04.1-generic 4.18.20
Uname: Linux 4.18.0-14-generic x86_64
ApportVersion: 2.20.9-0ubuntu7.5
Architecture: amd64
Date: Wed Feb 6 10:55:05 2019
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
SourcePackage: linux-signed-hwe
UpgradeStatus: No upgrade log present (probably fresh install)

See original description
Revision history for this message
In , jagannathante (jagannathante-linux-kernel-bugs) wrote :

Created attachment 279297
dmesg log of crash

This happens mostly during memory pressure but I am not sure how to trigger it reliably. I am attaching the full log.

This is the kernel commandline

>BOOT_IMAGE=../vmlinuz-linux root=UUID=57274b3a-92ab-468e-b03a-06026675c1af rw
>rd.luks.name=92b4aeb2-fb97-45c1-8a60-2816efe5d57e=home resume=/dev/mapper/home
>resume_offset=42772480 acpi_backlight=video zswap.enabled=1 zswap.zpool=z3fold
>zswap.max_pool_percent=5 transparent_hugepage=madvise scsi_mod.use_blk_mq=1
>vga=current initrd=../intel-ucode.img,../initramfs-linux.img

I found this bug https://bugzilla.kernel.org/show_bug.cgi?id=198585 to be very similar but the proposed fix has not been merged so I can't be sure if it will fix the issue I am having.

Revision history for this message
In , enelar (enelar-linux-kernel-bugs) wrote :

Created attachment 279341
Log before kernel panic and after hard reset

Arch+deepin+systemd-swap

zswap_enabled=1
zswap_compressor=lzo
zswap_max_pool_percent=5
zswap_zpool=z3fold

zram_enabled=1
zram_size=$(($RAM_SIZE*1/10))
zram_streams=$NCPU
zram_alg=lz4
zram_prio=32767

Revision history for this message
In , akpm (akpm-linux-kernel-bugs) wrote :

(switched to email. Please respond via emailed reply-to-all, not via the
bugzilla web interface).

On Fri, 02 Nov 2018 10:41:46 +0000 <email address hidden> wrote:

> https://bugzilla.kernel.org/show_bug.cgi?id=201603
>
> Bug ID: 201603
> Summary: NULL pointer dereference when using z3fold and zswap
> Product: Memory Management
> Version: 2.5
> Kernel Version: 4.18.16
> Hardware: All
> OS: Linux
> Tree: Mainline
> Status: NEW
> Severity: high
> Priority: P1
> Component: Page Allocator
> Assignee: <email address hidden>
> Reporter: <email address hidden>
> Regression: No
>
> Created attachment 279297
> --> https://bugzilla.kernel.org/attachment.cgi?id=279297&action=edit
> dmesg log of crash
>
> This happens mostly during memory pressure but I am not sure how to trigger
> it
> reliably. I am attaching the full log.
>
> This is the kernel commandline
>
> >BOOT_IMAGE=../vmlinuz-linux root=UUID=57274b3a-92ab-468e-b03a-06026675c1af
> rw
> >rd.luks.name=92b4aeb2-fb97-45c1-8a60-2816efe5d57e=home
> resume=/dev/mapper/home
> >resume_offset=42772480 acpi_backlight=video zswap.enabled=1
> zswap.zpool=z3fold
> >zswap.max_pool_percent=5 transparent_hugepage=madvise scsi_mod.use_blk_mq=1
> >vga=current initrd=../intel-ucode.img,../initramfs-linux.img
>
> I found this bug https://bugzilla.kernel.org/show_bug.cgi?id=198585 to be
> very
> similar but the proposed fix has not been merged so I can't be sure if it
> will
> fix the issue I am having.
>
> --
> You are receiving this mail because:
> You are the assignee for the bug.

Revision history for this message
In , vitalywool (vitalywool-linux-kernel-bugs) wrote :

Created attachment 279353
attachment-22937-0.html

Hi,
Den tis 6 nov. 2018 kl 22:48 skrev Andrew Morton <<email address hidden>
>:

>
> (switched to email. Please respond via emailed reply-to-all, not via the
> bugzilla web interface).
>
> On Fri, 02 Nov 2018 10:41:46 +0000 <email address hidden>
> wrote:
>
> > https://bugzilla.kernel.org/show_bug.cgi?id=201603
> >
> > Bug ID: 201603
> > Summary: NULL pointer dereference when using z3fold and zswap
> > Product: Memory Management
> > Version: 2.5
> > Kernel Version: 4.18.16
> > Hardware: All
> > OS: Linux
> > Tree: Mainline
> > Status: NEW
> > Severity: high
> > Priority: P1
> > Component: Page Allocator
> > Assignee: <email address hidden>
> > Reporter: <email address hidden>
> > Regression: No
> >
> > Created attachment 279297
> > --> https://bugzilla.kernel.org/attachment.cgi?id=279297&action=edit
> > dmesg log of crash
>
>
Basing on what I see in dmesg, it is highly likely to get fixed by
https://lkml.org/lkml/2018/11/5/726. Could you please apply/retest?

Best regards,
   Vitaly

> > This happens mostly during memory pressure but I am not sure how to
> trigger it
> > reliably. I am attaching the full log.
> >
> > This is the kernel commandline
> >
> > >BOOT_IMAGE=../vmlinuz-linux
> root=UUID=57274b3a-92ab-468e-b03a-06026675c1af rw
> > >rd.luks.name=92b4aeb2-fb97-45c1-8a60-2816efe5d57e=home
> resume=/dev/mapper/home
> > >resume_offset=42772480 acpi_backlight=video zswap.enabled=1
> zswap.zpool=z3fold
> > >zswap.max_pool_percent=5 transparent_hugepage=madvise
> scsi_mod.use_blk_mq=1
> > >vga=current initrd=../intel-ucode.img,../initramfs-linux.img
> >
> > I found this bug https://bugzilla.kernel.org/show_bug.cgi?id=198585 to
> be very
> > similar but the proposed fix has not been merged so I can't be sure if
> it will
> > fix the issue I am having.
> >
> > --
> > You are receiving this mail because:
> > You are the assignee for the bug.
>

Revision history for this message
In , enelar (enelar-linux-kernel-bugs) wrote :

Created attachment 279367
attachment-27234-0.html

Additional to original report I have
kernel BUG at mm/zswap.c:1175
(please take a look at my log)
Will test patch tomorrow

On Wed, Nov 7, 2018, 1:10 AM <<email address hidden> wrote:

> https://bugzilla.kernel.org/show_bug.cgi?id=201603
>
> --- Comment #3 from Vitaly (<email address hidden>) ---
> Hi,
> Den tis 6 nov. 2018 kl 22:48 skrev Andrew Morton <
> <email address hidden>
> >:
>
> >
> > (switched to email. Please respond via emailed reply-to-all, not via the
> > bugzilla web interface).
> >
> > On Fri, 02 Nov 2018 10:41:46 +0000 <email address hidden>
> > wrote:
> >
> > > https://bugzilla.kernel.org/show_bug.cgi?id=201603
> > >
> > > Bug ID: 201603
> > > Summary: NULL pointer dereference when using z3fold and
> zswap
> > > Product: Memory Management
> > > Version: 2.5
> > > Kernel Version: 4.18.16
> > > Hardware: All
> > > OS: Linux
> > > Tree: Mainline
> > > Status: NEW
> > > Severity: high
> > > Priority: P1
> > > Component: Page Allocator
> > > Assignee: <email address hidden>
> > > Reporter: <email address hidden>
> > > Regression: No
> > >
> > > Created attachment 279297
> > > --> https://bugzilla.kernel.org/attachment.cgi?id=279297&action=edit
> > > dmesg log of crash
> >
> >
> Basing on what I see in dmesg, it is highly likely to get fixed by
> https://lkml.org/lkml/2018/11/5/726. Could you please apply/retest?
>
> Best regards,
> Vitaly
>
> > > This happens mostly during memory pressure but I am not sure how to
> > trigger it
> > > reliably. I am attaching the full log.
> > >
> > > This is the kernel commandline
> > >
> > > >BOOT_IMAGE=../vmlinuz-linux
> > root=UUID=57274b3a-92ab-468e-b03a-06026675c1af rw
> > > >rd.luks.name=92b4aeb2-fb97-45c1-8a60-2816efe5d57e=home
> > resume=/dev/mapper/home
> > > >resume_offset=42772480 acpi_backlight=video zswap.enabled=1
> > zswap.zpool=z3fold
> > > >zswap.max_pool_percent=5 transparent_hugepage=madvise
> > scsi_mod.use_blk_mq=1
> > > >vga=current initrd=../intel-ucode.img,../initramfs-linux.img
> > >
> > > I found this bug https://bugzilla.kernel.org/show_bug.cgi?id=198585 to
> > be very
> > > similar but the proposed fix has not been merged so I can't be sure if
> > it will
> > > fix the issue I am having.
> > >
> > > --
> > > You are receiving this mail because:
> > > You are the assignee for the bug.
> >
>
> --
> You are receiving this mail because:
> You are on the CC list for the bug.

Revision history for this message
In , imwellcushtymelike (imwellcushtymelike-linux-kernel-bugs) wrote :

Any update on this and does anyone know if this is a regression?

Revision history for this message
Ken Sharp (kennybobs) wrote :
no longer affects: systemd
Bug Watch Updater (bug-watch-updater)
Changed in linux:
importance: Unknown → High
status: Unknown → Confirmed
Revision history for this message
In , imwellcushtymelike (imwellcushtymelike-linux-kernel-bugs) wrote :

This seems related from Chrome OS:
https://bugs.chromium.org/p/chromium/issues/detail?id=822360

I'm afraid that I don't currently have the resources to test the patches (that haven't been committed upstream) at the moment, although I may need to in the end as one of my servers is crashing every day.

Revision history for this message
In , vitalywool (vitalywool-linux-kernel-bugs) wrote :

Wait a second, you are sitting on a discontinued kernel. The fix has gone in back in December. Upgrade to longterm series, it's there since 4.19.6, and retest. Otherwise I do suggest that we close this issue.

Revision history for this message
In , jagannathante (jagannathante-linux-kernel-bugs) wrote :

I am going to enable zswap and z3fold to confirm the fix. Sorry, I didn't follow through after it was merged.

Revision history for this message
In , imwellcushtymelike (imwellcushtymelike-linux-kernel-bugs) wrote :

I'm installing it too. I didn't know there was a fix in-place anywhere so this is good news! It'll take me a few days of testing to get a result.

Revision history for this message
In , jagannathante (jagannathante-linux-kernel-bugs) wrote :

I can confirm there have been no crashes since I switched, so closing. Thanks for the help and fix :)

Bug Watch Updater (bug-watch-updater)
Changed in linux:
status: Confirmed → Fix Released
Revision history for this message
Ken Sharp (kennybobs) wrote :

As above: this should be fixed in Disco, though I have only just switched to the upstream kernel for testing, I suspect that Jagannathan's testing is correct.

This is a very serious stability issue in the Ubuntu kernel and really should have had some sort of interaction here by now. It is probably being avoided in the wild by scaling busy systems, but that's not an option for everyone.

tags: added: kernel-fixed-upstream
removed: kernel-bug-exists-upstream
Revision history for this message
Ken Sharp (kennybobs) wrote :

As an aside: I'm seeing much better system response time using zRAM alone than I am using zswap alone, but this may have improved in the newer kernel. In both cases though I am using KSM and THP which clearly improve memory use.

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Fix available in upstream:
https://github.com/torvalds/linux/commit/ca0246bb97c23da9d267c2107c07fb77e38205c9

It can be cherry-picked into B/C

It's already landed in Disco as Ken mentioned in #13

affects: linux-signed-hwe (Ubuntu) → linux (Ubuntu)
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Hello Ken,

do you have a command to reproduce this? I would like to use it to verify the fix.

I tired this on a Cosmic KVM allocated with 2G ram, 512MB swap, with:
  * "zswap.enabled=1 zswap.zpool=z3fold zswap.max_pool_percent=5 zswap.compressor=lz4" added to the grub
  * z3pool, lz4, lz4_compress module added to initramfs

and stress it with the stress command with 115% of available memory.

stress --vm-bytes $(awk '/MemAvailable/{printf "%d\n", $2 * 1.15;}' < /proc/meminfo)k --vm-keep -m 1

All I got is a soft CPU lockup. Or should I leave it there for a while?
Thanks

Revision history for this message
Ken Sharp (kennybobs) wrote :

I don't recall seeing a soft lockup at all, not a related one anyway. Sadly I don't have a specific command but I did find it triggered when:

1. Memory is overcommited. It doesn't have to be heavily overcommitted.
2. I/O is very high.
3. I “leave“ an SSH session, releasing a small amount of memory.

The patch seems to suggest that it is this release that causes the problem. My guess would be that part of the session is already in the compressed cache, and it is released while another process attempts to enter the compressed cache. I don't even know if that makes sense.

To add to the confusion: it crashes fairly consistently across VMs and bare metal, but occasionally a server under the same sort of stress, and otherwise identical setup, can run weeks or months without issue.

At this point, though, I know of no specific command to trigger it. If I get time I can have a play around but that may never happen.

I usually have zswap.max_pool_percent=50, but everything else can vary and the result is the same.

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Thanks for the feedback, I will see if I can reproduce this and SRU this patch.

Changed in linux (Ubuntu):
assignee: nobody → Po-Hsu Lin (cypressyew)
status: New → In Progress
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Can be reproduced easily with Cosmic kernel, patch works as expected. A test kernel could be found here: http://people.canonical.com/~phlin/kernel/lp-1814874-z3fold-zswap/Cosmic/

Will try this on Bionic next.

Po-Hsu Lin (cypressyew)
Changed in linux (Ubuntu Bionic):
status: New → In Progress
Changed in linux (Ubuntu Cosmic):
status: New → In Progress
Changed in linux (Ubuntu):
status: In Progress → Fix Released
tags: added: cosmic
Po-Hsu Lin (cypressyew)
description: updated
Kleber Sacilotto de Souza (kleber-souza)
Changed in linux (Ubuntu Cosmic):
status: In Progress → Fix Committed
Changed in linux (Ubuntu Bionic):
status: In Progress → Fix Committed
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-cosmic' to 'verification-done-cosmic'. If the problem still exists, change the tag 'verification-needed-cosmic' to 'verification-failed-cosmic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-cosmic
Revision history for this message
Ubuntu Kernel Bot (ubuntu-kernel-bot) wrote :

This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed-bionic' to 'verification-done-bionic'. If the problem still exists, change the tag 'verification-needed-bionic' to 'verification-failed-bionic'.

If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed.

See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you!

tags: added: verification-needed-bionic
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Bionic VM with proposed kernel withstand the stress for over an hour.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Cosmic verification in progress.

Revision history for this message
Po-Hsu Lin (cypressyew) wrote :

Cosmic VM with proposed kernel withstand the stress for over 12 hours.

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (12.6 KiB)

This bug was fixed in the package linux - 4.15.0-50.54

---------------
linux (4.15.0-50.54) bionic; urgency=medium

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS

  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux (4.15.0-49.53) bionic; urgency=medium

  * linux: 4.15.0-49.53 -proposed tracker (LP: #1826358)

  * Backport support for software count cache flush Spectre v2 mitigation. (CVE)
    (required for POWER9 DD2.3) (LP: #1822870)
    - powerpc/64s: Add support for ori barrier_nospec patching
    - powerpc/64s: Patch barrier_nospec in modules
    - powerpc/64s: Enable barrier_nospec based on firmware settings
    - powerpc: Use barrier_nospec in copy_from_user()
    - powerpc/64: Use barrier_nospec in syscall entry
    - powerpc/64s: Enhance the information in cpu_show_spectre_v1()
    - powerpc/64: Disable the speculation barrier from the command line
    - powerpc/64: Make stf barrier PPC_BOOK3S_64 specific.
    - powerpc/64: Add CONFIG_PPC_BARRIER_NOSPEC
    - powerpc/64: Call setup_barrier_nospec() from setup_arch()
    - powerpc/64: Make meltdown reporting Book3S 64 specific
    - powerpc/lib/code-patching: refactor patch_instruction()
    - powerpc/lib/feature-fixups: use raw_patch_instruction()
    - powerpc/asm: Add a patch_site mac...

Changed in linux (Ubuntu Bionic):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (7.0 KiB)

This bug was fixed in the package linux - 4.18.0-20.21

---------------
linux (4.18.0-20.21) cosmic; urgency=medium

  * CVE-2018-12126 // CVE-2018-12127 // CVE-2018-12130
    - Documentation/l1tf: Fix small spelling typo
    - x86/cpu: Sanitize FAM6_ATOM naming
    - kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
    - locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
      new <linux/bits.h> file
    - tools include: Adopt linux/bits.h
    - x86/msr-index: Cleanup bit defines
    - x86/speculation: Consolidate CPU whitelists
    - x86/speculation/mds: Add basic bug infrastructure for MDS
    - x86/speculation/mds: Add BUG_MSBDS_ONLY
    - x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
    - x86/speculation/mds: Add mds_clear_cpu_buffers()
    - x86/speculation/mds: Clear CPU buffers on exit to user
    - x86/kvm/vmx: Add MDS protection when L1D Flush is not active
    - x86/speculation/mds: Conditionally clear CPU buffers on idle entry
    - x86/speculation/mds: Add mitigation control for MDS
    - x86/speculation/mds: Add sysfs reporting for MDS
    - x86/speculation/mds: Add mitigation mode VMWERV
    - Documentation: Move L1TF to separate directory
    - Documentation: Add MDS vulnerability documentation
    - x86/speculation/mds: Add mds=full,nosmt cmdline option
    - x86/speculation: Move arch_smt_update() call to after mitigation decisions
    - x86/speculation/mds: Add SMT warning message
    - x86/speculation/mds: Fix comment
    - x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
    - x86/speculation/mds: Add 'mitigations=' support for MDS

  * CVE-2017-5715 // CVE-2017-5753
    - s390/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5753 // CVE-2017-5754 // CVE-2018-3639
    - powerpc/speculation: Support 'mitigations=' cmdline option

  * CVE-2017-5715 // CVE-2017-5754 // CVE-2018-3620 // CVE-2018-3639 //
    CVE-2018-3646
    - cpu/speculation: Add 'mitigations=' cmdline option
    - x86/speculation: Support 'mitigations=' cmdline option

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

linux (4.18.0-19.20) cosmic; urgency=medium

  * linux: 4.18.0-19.20 -proposed tracker (LP: #1826171)

  * Packaging resync (LP: #1786013)
    - [Packaging] resync git-ubuntu-log

  * autopkgtests run too often, too much and don't skip enough (LP: #1823056)
    - [Debian] Set +x on rebuild testcase.
    - [Debian] Skip rebuild test, for regression-suite deps.
    - [Debian] Make ubuntu-regression-suite skippable on unbootable kernels.
    - [Debian] make rebuild use skippable error codes when skipping.
    - [Debian] Only run regression-suite, if requested to.

  * CVE-2017-5753
    - s390/keyboard: sanitize array index in do_kdsk_ioctl
    - drm/bufs: Fix Spectre v1 vulnerability
    - drivers/misc/sgi-gru: fix Spectre v1 vulnerability
    - ipv4: Fix potential Spectre v1 vulnerability
    - aio: fix spectre gadget in lookup_ioctx
    - ALSA: emux: Fix potential Spectre v1 vulnerabilities
    - ALSA: pcm: Fix potential Spectre v1 vulnerability
    - ip6mr: Fix potential Spectre v1 vulnerability
    - ALSA: rme9652: Fix potential Spectre v1...

Read more...

Changed in linux (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote : Update Released

The verification of the Stable Release Update for linux-aws has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.