Only one of the patches for this release actually needed to be applied, as the rest had already been applied previously for spectre/meltdown (CVE-2017-5754) though not necessarily in the same order.
The only patch that actually needed to be applied is: * KPTI: Rename to PAGE_TABLE_ISOLATION Further, one additional patch was required in debian.master/config/config.common.ubuntu to change the config name from CONFIG_KAISER to CONFIG_PAGE_TABLE_ISOLATION. ** Description changed: + SRU Justification - SRU Justification + Impact: + The upstream process for stable tree updates is quite similar + in scope to the Ubuntu SRU process, e.g., each patch has to + demonstrably fix a bug, and each patch is vetted by upstream + by originating either directly from a mainline/stable Linux tree or + a minimally backported form of that patch. The 4.4.110 upstream stable + patch set is now available. It should be included in the Ubuntu + kernel as well. - Impact: - The upstream process for stable tree updates is quite similar - in scope to the Ubuntu SRU process, e.g., each patch has to - demonstrably fix a bug, and each patch is vetted by upstream - by originating either directly from a mainline/stable Linux tree or - a minimally backported form of that patch. The 4.4.110 upstream stable - patch set is now available. It should be included in the Ubuntu - kernel as well. + git://git.kernel.org/ - git://git.kernel.org/ + TEST CASE: TBD - TEST CASE: TBD - - The following patches from the 4.4.110 stable release shall be - applied: + The following patches from the 4.4.110 stable release shall be applied: + * x86/boot: Add early cmdline parsing for options with arguments + * KAISER: Kernel Address Isolation + * kaiser: merged update + * kaiser: do not set _PAGE_NX on pgd_none + * kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE + * kaiser: fix build and FIXME in alloc_ldt_struct() + * kaiser: KAISER depends on SMP + * kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER + * kaiser: fix perf crashes + * kaiser: ENOMEM if kaiser_pagetable_walk() NULL + * kaiser: tidied up asm/kaiser.h somewhat + * kaiser: tidied up kaiser_add/remove_mapping slightly + * kaiser: kaiser_remove_mapping() move along the pgd + * kaiser: cleanups while trying for gold link + * kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET + * kaiser: delete KAISER_REAL_SWITCH option + * kaiser: vmstat show NR_KAISERTABLE as nr_overhead + * kaiser: enhanced by kernel and user PCIDs + * kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user + * kaiser: PCID 0 for kernel and 128 for user + * kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user + * kaiser: paranoid_entry pass cr3 need to paranoid_exit + * kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls + * kaiser: fix unlikely error in alloc_ldt_struct() + * kaiser: add "nokaiser" boot option, using ALTERNATIVE + * x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling + * x86/kaiser: Check boottime cmdline params + * kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush + * kaiser: drop is_atomic arg to kaiser_pagetable_walk() + * kaiser: asm/tlbflush.h handle noPGE at lower level + * kaiser: kaiser_flush_tlb_on_return_to_user() check PCID + * x86/paravirt: Dont patch flush_tlb_single + * x86/kaiser: Reenable PARAVIRT + * kaiser: disabled on Xen PV + * x86/kaiser: Move feature detection up + * KPTI: Rename to PAGE_TABLE_ISOLATION + * KPTI: Report when enabled + * x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader + * x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap + * x86/kasan: Clear kasan_zero_page after TLB flush + * kaiser: Set _PAGE_NX only if supported + * Linux 4.4.110 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-5754 -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1745071 Title: Xenial update to 4.4.110 stable release Status in linux package in Ubuntu: New Bug description: SRU Justification Impact: The upstream process for stable tree updates is quite similar in scope to the Ubuntu SRU process, e.g., each patch has to demonstrably fix a bug, and each patch is vetted by upstream by originating either directly from a mainline/stable Linux tree or a minimally backported form of that patch. The 4.4.110 upstream stable patch set is now available. It should be included in the Ubuntu kernel as well. git://git.kernel.org/ TEST CASE: TBD The following patches from the 4.4.110 stable release shall be applied: * x86/boot: Add early cmdline parsing for options with arguments * KAISER: Kernel Address Isolation * kaiser: merged update * kaiser: do not set _PAGE_NX on pgd_none * kaiser: stack map PAGE_SIZE at THREAD_SIZE-PAGE_SIZE * kaiser: fix build and FIXME in alloc_ldt_struct() * kaiser: KAISER depends on SMP * kaiser: fix regs to do_nmi() ifndef CONFIG_KAISER * kaiser: fix perf crashes * kaiser: ENOMEM if kaiser_pagetable_walk() NULL * kaiser: tidied up asm/kaiser.h somewhat * kaiser: tidied up kaiser_add/remove_mapping slightly * kaiser: kaiser_remove_mapping() move along the pgd * kaiser: cleanups while trying for gold link * kaiser: name that 0x1000 KAISER_SHADOW_PGD_OFFSET * kaiser: delete KAISER_REAL_SWITCH option * kaiser: vmstat show NR_KAISERTABLE as nr_overhead * kaiser: enhanced by kernel and user PCIDs * kaiser: load_new_mm_cr3() let SWITCH_USER_CR3 flush user * kaiser: PCID 0 for kernel and 128 for user * kaiser: x86_cr3_pcid_noflush and x86_cr3_pcid_user * kaiser: paranoid_entry pass cr3 need to paranoid_exit * kaiser: _pgd_alloc() without __GFP_REPEAT to avoid stalls * kaiser: fix unlikely error in alloc_ldt_struct() * kaiser: add "nokaiser" boot option, using ALTERNATIVE * x86/kaiser: Rename and simplify X86_FEATURE_KAISER handling * x86/kaiser: Check boottime cmdline params * kaiser: use ALTERNATIVE instead of x86_cr3_pcid_noflush * kaiser: drop is_atomic arg to kaiser_pagetable_walk() * kaiser: asm/tlbflush.h handle noPGE at lower level * kaiser: kaiser_flush_tlb_on_return_to_user() check PCID * x86/paravirt: Dont patch flush_tlb_single * x86/kaiser: Reenable PARAVIRT * kaiser: disabled on Xen PV * x86/kaiser: Move feature detection up * KPTI: Rename to PAGE_TABLE_ISOLATION * KPTI: Report when enabled * x86, vdso, pvclock: Simplify and speed up the vdso pvclock reader * x86/vdso: Get pvclock data from the vvar VMA instead of the fixmap * x86/kasan: Clear kasan_zero_page after TLB flush * kaiser: Set _PAGE_NX only if supported * Linux 4.4.110 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1745071/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
