** Changed in: linux (Ubuntu)
Assignee: Ubuntu on IBM Power Systems Bug Triage (ubuntu-power-triage) =>
Canonical Kernel Security Team (canonical-kernel-security-team)
** Changed in: linux (Ubuntu)
Importance: Undecided => Critical
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1822870
Title:
Backport support for software count cache flush Spectre v2 mitigation.
(CVE) (required for POWER9 DD2.3)
Status in The Ubuntu-power-systems project:
New
Status in linux package in Ubuntu:
New
Bug description:
For the different kernels:
The HWE a563fd9c62f0 UBUNTU: Ubuntu-hwe-4.18.0-17.18~18.04.1 appears
to have all patches.
Disco appears to be missing only this patch:
92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2
reporting
Cosmic (which is supported until July) is missing a number of patches:
cf175dc315f90185128fb061dc05b6fbb211aa2f powerpc/64: Disable the speculation
barrier from the command line
6453b532f2c8856a80381e6b9a1f5ea2f12294df powerpc/64: Make stf barrier
PPC_BOOK3S_64 specific.
179ab1cbf883575c3a585bcfc0f2160f1d22a149 powerpc/64: Add
CONFIG_PPC_BARRIER_NOSPEC
af375eefbfb27cbb5b831984e66d724a40d26b5c powerpc/64: Call
setup_barrier_nospec() from setup_arch()
406d2b6ae3420f5bb2b3db6986dc6f0b6dbb637b powerpc/64: Make meltdown reporting
Book3S 64 specific
06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro
& helpers for patching instructions
dc8c6cce9a26a51fc19961accb978217a3ba8c75 powerpc/64s: Add new security
feature flags for count cache flush
ee13cb249fabdff8b90aaff61add347749280087 powerpc/64s: Add support for
software count cache flush
ba72dc171954b782a79d25e0f4b3ed91090c3b1e powerpc/pseries: Query hypervisor
for count cache flush settings
99d54754d3d5f896a8f616b0b6520662bc99d66b powerpc/powernv: Query firmware for
count cache flush settings
7d8bad99ba5a22892f0cad6881289fdc3875a930 powerpc/fsl: Fix spectre_v2
mitigations reporting
92edf8df0ff2ae86cc632eeca0e651fd8431d40d powerpc/security: Fix spectre_v2
reporting
This appears to already be in -next.
For the bionic 18.04.1 (4.15) kernel only this patch is already part of
master-next:
a6b3964ad71a61bb7c61d80a60bea7d42187b2eb powerpc/64s: Add barrier_nospec
The others are ported, there were only 3 that were not clean. Those are:
2eea7f067f495e33b8b116b35b5988ab2b8aec55 powerpc/64s: Add support for ori
barrier_nospec patching
This failed because commit a048a07d7f4535baa4cbad6bc024f175317ab938 is
missing, but it does not look like that is required here.
cb3d6759a93c6d0aea1c10deb6d00e111c29c19c powerpc/64s: Enable barrier_nospec
based on firmware settings
This failed because debugfs was already included, I can see that previously
added, I didn't see where it was previously removed.
06d0bbc6d0f56dacac3a79900e9a9a0d5972d818 powerpc/asm: Add a patch_site macro
& helpers for patching instructions
This failed because 8183d99f4a22c is not included - but doesn't seem
necessary.
All other patches applied with, at most, some fuzz.
Has had a little testing - boots, check debugfs, etc.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1822870/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
