~andyliuliming/ubuntu/+source/linux/+git/artful:cloud_tools_common

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

c0fce9f... by Andy on 2018-07-27

Ensure that hv-kvp-daemon.service starts before cloud-init and walinuxagent.service.

27b99f0... by Stefan Bader on 2018-05-30

UBUNTU: Ubuntu-4.13.0-45.50

Signed-off-by: Stefan Bader <email address hidden>

a44e863... by Stefan Bader on 2018-05-30

Revert "bpf: Prevent memory disambiguation attack"

This reverts commit 674d89956465bec861a0bf32b3b734d3719882e6
because there are doubts that the backport was done correctly
and there was no guarantee we can properly test this in time.

CVE-2018-3639

Signed-off-by: Stefan Bader <email address hidden>

32f2fe3... by Stefan Bader on 2018-05-28

UBUNTU: SAUCE: Set generic SSBD feature for Intel cpus

The generic feature bit needs to be set for Intel and AMD CPUs
which have support. In more recent code there is a shared
function for this in arch/x86/kernel/cpu/common.c. But for the
backport we need to duplicate that code into amd.c and intel.c.

CVE-2018-3639 (x86)

Fixes: a93338c "x86/cpufeatures: Disentangle SSBD enumeration"
Signed-off-by: Stefan Bader <email address hidden>

be9a7ab... by Stefan Bader on 2018-05-28

UBUNTU: Start new release

Ignore: yes
Signed-off-by: Stefan Bader <email address hidden>

a35d91e... by Stefan Bader on 2018-05-24

UBUNTU: Ubuntu-4.13.0-44.49

Signed-off-by: Stefan Bader <email address hidden>

78ebf99... by Konrad Rzeszutek Wilk on 2018-05-21

KVM: VMX: Expose SSBD properly to guests.

The X86_FEATURE_SSBD is an synthetic CPU feature - that is
it bit location has no relevance to the real CPUID 0x7.EBX[31]
bit position. For that we need the new CPU feature name.

Fixes: 52817587e706 ("x86/cpufeatures: Disentangle SSBD enumeration")

CC: Paolo Bonzini <email address hidden>
Cc: "Radim Krčmář" <email address hidden>
Cc: Thomas Gleixner <email address hidden>
Cc: Ingo Molnar <email address hidden>
Cc: "H. Peter Anvin" <email address hidden>
Cc: <email address hidden>
Signed-off-by: Konrad Rzeszutek Wilk <email address hidden>

CVE-2018-3639 (x86)

(backported from https://patchwork.kernel.org/patch/10416823/)
Signed-off-by: Tyler Hicks <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

674d899... by Alexei Starovoitov <email address hidden> on 2018-05-15

bpf: Prevent memory disambiguation attack

Detect code patterns where malicious 'speculative store bypass' can be used
and sanitize such patterns.

 39: (bf) r3 = r10
 40: (07) r3 += -216
 41: (79) r8 = *(u64 *)(r7 +0) // slow read
 42: (7a) *(u64 *)(r10 -72) = 0 // verifier inserts this instruction
 43: (7b) *(u64 *)(r8 +0) = r3 // this store becomes slow due to r8
 44: (79) r1 = *(u64 *)(r6 +0) // cpu speculatively executes this load
 45: (71) r2 = *(u8 *)(r1 +0) // speculatively arbitrary 'load byte'
                                 // is now sanitized

Above code after x86 JIT becomes:
 e5: mov %rbp,%rdx
 e8: add $0xffffffffffffff28,%rdx
 ef: mov 0x0(%r13),%r14
 f3: movq $0x0,-0x48(%rbp)
 fb: mov %rdx,0x0(%r14)
 ff: mov 0x0(%rbx),%rdi
103: movzbq 0x0(%rdi),%rsi

Signed-off-by: Alexei Starovoitov <email address hidden>
Signed-off-by: Thomas Gleixner <email address hidden>

CVE-2018-3639 (x86)

(backported from commit af86ca4e3088fe5eacf2f7e58c01fa68ca067672)
Signed-off-by: Tyler Hicks <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

f3fbc8b... by Konrad Rzeszutek Wilk on 2018-05-17

x86/bugs: Rename SSBD_NO to SSB_NO

The "336996 Speculative Execution Side Channel Mitigations" from
May defines this as SSB_NO, hence lets sync-up.

Signed-off-by: Konrad Rzeszutek Wilk <email address hidden>
Signed-off-by: Thomas Gleixner <email address hidden>

CVE-2018-3639 (x86)

(backported from commit 240da953fcc6a9008c92fae5b1f727ee5ed167ab)
Signed-off-by: Tyler Hicks <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

5945728... by Tom Lendacky on 2018-05-10

KVM: SVM: Implement VIRT_SPEC_CTRL support for SSBD

Expose the new virtualized architectural mechanism, VIRT_SSBD, for using
speculative store bypass disable (SSBD) under SVM. This will allow guests
to use SSBD on hardware that uses non-architectural mechanisms for enabling
SSBD.

[ tglx: Folded the migration fixup from Paolo Bonzini ]

Signed-off-by: Tom Lendacky <email address hidden>
Signed-off-by: Thomas Gleixner <email address hidden>

CVE-2018-3639 (x86)

(backported from commit bc226f07dcd3c9ef0b7f6236fe356ea4a9cb4769)
Signed-off-by: Tyler Hicks <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>