This bug was fixed in the package qemu - 1:2.11+dfsg-1ubuntu7.6
---------------
qemu (1:2.11+dfsg-1ubuntu7.6) bionic; urgency=medium
[ Christian Ehrhardt ]
* Add cpu model for z14 ZR1 (LP: #1780773)
* d/p/ubuntu/lp-1789551-seccomp-set-the-seccomp-filter-to-all-threads.patch:
ensure that the seccomp blacklist is applied to all threads (LP: #1789551)
- CVE-2018-15746
* improve s390x spectre mitigation with etoken facility (LP: #1790457)
- debian/patches/ubuntu/lp-1790457-s390x-kvm-add-etoken-facility.patch
- debian/patches/ubuntu/lp-1790457-partial-s390x-linux-headers-update.patch
[ Phillip Susi ]
* d/p/ubuntu/lp-1787267-fix-en_us-vnc-pipe.patch: Fix pipe, greater than and
less than keys over vnc when using en_us kemaps (LP: #1787267).
-- Christian Ehrhardt <christian.ehrha...@canonical.com> Wed, 29 Aug
2018 11:46:37 +0200
** Changed in: qemu (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-15746
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1790457
Title:
kernel: improve spectre mitigation
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in linux package in Ubuntu:
Fix Released
Status in qemu package in Ubuntu:
Fix Released
Status in linux source package in Bionic:
Fix Released
Status in qemu source package in Bionic:
Fix Released
Bug description:
[Impact]
* eToken Facility will help to mitigate spectre.
With it in place use of expolines can be ommitted.
Kernel
https://github.com/torvalds/linux/commit/aeaf7002a76c8da60c0f503badcbddc07650678c
KVM to pass it to guests:
https://patchwork.kernel.org/patch/10532197/
* Backport the changes to Qemu/Kernel so that the impact of the spectre
fixes can be minimized.
[Test Case]
* First of all you need HW with the facility available.
For HW without nothing should change at all, well maybe a message that
it wasn't detected when the new kernel boots.
* When running on HW with the Facility and a fixed kernel then the
facility should be reported as being available.
* With a fixed Kernel AND Qemu this facility should be passed to the
guest so that it can benefit from the improvements as well.
* Due to a lack of such HW IBM volunteered to do the verification on
this bug.
[Regression Potential]
* Detection and passing of a Facility is nothing new, s390x has plenty of
them and this is in some sense "just one more" so regressions should be
minimal. The one thing we thought about was how an enabled Kernel/qemu
would behave on systems that do not have the facility, but in all tests
that was correctly detected and continues to use expoline.
[Other Info]
* n/a
---
Description will follow
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1790457/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
