commit c36893f025cf83d5b8d40847d1a34239cb7152eb
OBS-URL: https://build.opensuse.org/package/show/Kernel:stable/kernel-source?expand=0&rev=797
This commit is contained in:
parent
d93904c017
commit
a4e1d37819
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -31,7 +31,7 @@
|
||||
Name: dtb-aarch64
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -31,7 +31,7 @@
|
||||
Name: dtb-armv6l
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -31,7 +31,7 @@
|
||||
Name: dtb-armv7l
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -60,7 +60,7 @@ License: GPL-2.0
|
||||
Group: System/Kernel
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -60,7 +60,7 @@ License: GPL-2.0
|
||||
Group: System/Kernel
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -60,7 +60,7 @@ License: GPL-2.0
|
||||
Group: System/Kernel
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -33,7 +33,7 @@ License: GPL-2.0
|
||||
Group: Documentation/Man
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -60,7 +60,7 @@ License: GPL-2.0
|
||||
Group: System/Kernel
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -59,7 +59,7 @@ License: GPL-2.0
|
||||
Group: SLES
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -38,7 +38,7 @@ License: GPL-2.0
|
||||
Group: SLES
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -60,7 +60,7 @@ License: GPL-2.0
|
||||
Group: System/Kernel
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -32,7 +32,7 @@ License: GPL-2.0
|
||||
Group: Development/Sources
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -27,7 +27,7 @@ Group: Development/Sources
|
||||
Version: 4.14.11
|
||||
%if %using_buildservice
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -60,7 +60,7 @@ License: GPL-2.0
|
||||
Group: System/Kernel
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -60,7 +60,7 @@ License: GPL-2.0
|
||||
Group: System/Kernel
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,119 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 4 12:32:07 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Refresh
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch.
|
||||
- Refresh
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch.
|
||||
Fix i386 build.
|
||||
- commit c36893f
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 21:41:58 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Clear the host registers after setbe (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the ibpb_inuse variable (bnc#1068032 CVE-2017-5715).
|
||||
- Remove the code that uses MSR save/restore list (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- KVM: x86: add SPEC_CTRL to MSR and CPUID lists (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- kvm: vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- Reverting the commit e5247c4f209530 to replace (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- Use the "ibrs_inuse" variable (bnc#1068032 CVE-2017-5715).
|
||||
- kvm: svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/svm: Set IBPB when running a different VCPU (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- Revert x86/kvm: Pad RSB on VM transition (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/cpu/AMD: Add speculative control support for AMD
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/microcode: Recheck IBRS and IBPB feature on microcode reload
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Move IBRS/IBPB feature detection to scattered.c
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add lock to serialize changes to ibrs and ibpb
|
||||
control (bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: Add sysctl knobs to enable/disable SPEC_CTRL
|
||||
feature (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: clear registers on VM exit (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Pad RSB on VM transition (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: Toggle IBRS on VM entry and exit (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/kvm: Set IBPB when switching VM (bnc#1068032 CVE-2017-5715).
|
||||
- x86/kvm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD to kvm
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on 32-bit compatible
|
||||
syscall entrance (bnc#1068032 CVE-2017-5715).
|
||||
- x86/syscall: Clear unused extra registers on syscall entrance
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/entry: Stuff RSB for entry to kernel for non-SMEP platform
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Only set IBPB when the new thread cannot ptrace current
|
||||
thread (bnc#1068032 CVE-2017-5715).
|
||||
- x86/mm: Set IBPB upon context switch (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS when offlining cpu and re-enable on
|
||||
wakeup (bnc#1068032 CVE-2017-5715).
|
||||
- x86/idle: Disable IBRS entering idle and enable it on wakeup
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/spec_ctrl: save IBRS MSR value in paranoid_entry
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: Use IBRS on syscall and interrupts (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86: Add macro that does not save rax, rcx, rdx on stack to
|
||||
disable IBRS (bnc#1068032 CVE-2017-5715).
|
||||
- x86/enter: MACROS to set/clear IBRS and set IBPB (bnc#1068032
|
||||
CVE-2017-5715).
|
||||
- x86/feature: Report presence of IBPB and IBRS control
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- x86: Add STIBP feature enumeration (bnc#1068032 CVE-2017-5715).
|
||||
- x86/cpufeature: Add X86_FEATURE_IA32_ARCH_CAPS and
|
||||
X86_FEATURE_IBRS_ATT (bnc#1068032 CVE-2017-5715).
|
||||
- x86/feature: Enable the x86 feature to control Speculation
|
||||
(bnc#1068032 CVE-2017-5715).
|
||||
- commit 816f713
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 19:49:03 CET 2018 - jslaby@suse.cz
|
||||
|
||||
- userns: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- udf: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- net: mpls: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- fs: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv6: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- ipv4: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- Thermal/int340x: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- cw1200: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- qla2xxx: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- p54: prevent speculative execution (bnc#1068032 CVE-2017-5753).
|
||||
- carl9170: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- uvcvideo: prevent speculative execution (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- x86, bpf, jit: prevent speculative execution when JIT is enabled
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- bpf: prevent speculative execution in eBPF interpreter
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- locking/barriers: introduce new observable speculation barrier
|
||||
(bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Remove now unused definition of MFENCE_RDTSC
|
||||
feature (bnc#1068032 CVE-2017-5753).
|
||||
- x86/cpu/AMD: Make the LFENCE instruction serialized (bnc#1068032
|
||||
CVE-2017-5753).
|
||||
- commit cf46932
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 3 16:57:12 CET 2018 - jslaby@suse.cz
|
||||
|
||||
|
@ -60,7 +60,7 @@ License: GPL-2.0
|
||||
Group: System/Kernel
|
||||
Version: 4.14.11
|
||||
%if 0%{?is_kotd}
|
||||
Release: <RELEASE>.g58fec0f
|
||||
Release: <RELEASE>.gc36893f
|
||||
%else
|
||||
Release: 0
|
||||
%endif
|
||||
|
@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a58d31ac1efeae1453bad72bf2c9b35a43cdf3ba2d963670fcac3cbf8f5d6b80
|
||||
size 54017
|
||||
oid sha256:3d788a1435ce36e6d0ec9d692cd4f13ee1e908bc0d9a0f5c3094ad8f7d57c89a
|
||||
size 79393
|
||||
|
56
series.conf
56
series.conf
@ -1275,6 +1275,62 @@
|
||||
patches.suse/setuid-dumpable-wrongdir
|
||||
patches.suse/0002-futex-futex_wake_op-fix-sign_extend32-sign-bits.patch
|
||||
|
||||
patches.suse/0001-x86-cpu-AMD-Make-the-LFENCE-instruction-serialized.patch
|
||||
patches.suse/0002-x86-cpu-AMD-Remove-now-unused-definition-of-MFENCE_R.patch
|
||||
patches.suse/0003-locking-barriers-introduce-new-observable-speculatio.patch
|
||||
patches.suse/0004-bpf-prevent-speculative-execution-in-eBPF-interprete.patch
|
||||
patches.suse/0005-x86-bpf-jit-prevent-speculative-execution-when-JIT-i.patch
|
||||
patches.suse/0006-uvcvideo-prevent-speculative-execution.patch
|
||||
patches.suse/0007-carl9170-prevent-speculative-execution.patch
|
||||
patches.suse/0008-p54-prevent-speculative-execution.patch
|
||||
patches.suse/0009-qla2xxx-prevent-speculative-execution.patch
|
||||
patches.suse/0010-cw1200-prevent-speculative-execution.patch
|
||||
patches.suse/0011-Thermal-int340x-prevent-speculative-execution.patch
|
||||
patches.suse/0012-ipv4-prevent-speculative-execution.patch
|
||||
patches.suse/0013-ipv6-prevent-speculative-execution.patch
|
||||
patches.suse/0014-fs-prevent-speculative-execution.patch
|
||||
patches.suse/0015-net-mpls-prevent-speculative-execution.patch
|
||||
patches.suse/0016-udf-prevent-speculative-execution.patch
|
||||
patches.suse/0017-userns-prevent-speculative-execution.patch
|
||||
|
||||
patches.suse/0001-x86-feature-Enable-the-x86-feature-to-control-Specul.patch
|
||||
patches.suse/0002-x86-cpufeature-Add-X86_FEATURE_IA32_ARCH_CAPS-and-X8.patch
|
||||
patches.suse/0003-x86-Add-STIBP-feature-enumeration.patch
|
||||
patches.suse/0004-x86-feature-Report-presence-of-IBPB-and-IBRS-control.patch
|
||||
patches.suse/0005-x86-enter-MACROS-to-set-clear-IBRS-and-set-IBPB.patch
|
||||
patches.suse/0006-x86-Add-macro-that-does-not-save-rax-rcx-rdx-on-stac.patch
|
||||
patches.suse/0007-x86-enter-Use-IBRS-on-syscall-and-interrupts.patch
|
||||
patches.suse/0008-x86-spec_ctrl-save-IBRS-MSR-value-in-paranoid_entry.patch
|
||||
patches.suse/0009-x86-idle-Disable-IBRS-entering-idle-and-enable-it-on.patch
|
||||
patches.suse/0010-x86-idle-Disable-IBRS-when-offlining-cpu-and-re-enab.patch
|
||||
patches.suse/0011-x86-mm-Set-IBPB-upon-context-switch.patch
|
||||
patches.suse/0012-x86-mm-Only-set-IBPB-when-the-new-thread-cannot-ptra.patch
|
||||
patches.suse/0013-x86-entry-Stuff-RSB-for-entry-to-kernel-for-non-SMEP.patch
|
||||
patches.suse/0014-x86-syscall-Clear-unused-extra-registers-on-syscall-.patch
|
||||
patches.suse/0015-x86-syscall-Clear-unused-extra-registers-on-32-bit-c.patch
|
||||
patches.suse/0016-x86-kvm-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch
|
||||
patches.suse/0017-x86-kvm-Set-IBPB-when-switching-VM.patch
|
||||
patches.suse/0018-x86-kvm-Toggle-IBRS-on-VM-entry-and-exit.patch
|
||||
patches.suse/0019-x86-kvm-Pad-RSB-on-VM-transition.patch
|
||||
patches.suse/0020-x86-kvm-clear-registers-on-VM-exit.patch
|
||||
patches.suse/0021-x86-spec_ctrl-Add-sysctl-knobs-to-enable-disable-SPE.patch
|
||||
patches.suse/0022-x86-spec_ctrl-Add-lock-to-serialize-changes-to-ibrs-.patch
|
||||
patches.suse/0023-x86-Move-IBRS-IBPB-feature-detection-to-scattered.c.patch
|
||||
patches.suse/0024-x86-microcode-Recheck-IBRS-and-IBPB-feature-on-micro.patch
|
||||
patches.suse/0025-x86-cpu-AMD-Add-speculative-control-support-for-AMD.patch
|
||||
patches.suse/0026-Revert-x86-kvm-Pad-RSB-on-VM-transition.patch
|
||||
patches.suse/0027-x86-kvm-Pad-RSB-on-VM-transition.patch
|
||||
patches.suse/0028-x86-svm-Set-IBPB-when-running-a-different-VCPU.patch
|
||||
patches.suse/0029-kvm-svm-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch
|
||||
patches.suse/0030-Use-the-ibrs_inuse-variable.patch
|
||||
patches.suse/0031-Reverting-the-commit-e5247c4f209530-to-replace.patch
|
||||
patches.suse/0032-kvm-vmx-add-MSR_IA32_SPEC_CTRL-and-MSR_IA32_PRED_CMD.patch
|
||||
patches.suse/0033-KVM-x86-add-SPEC_CTRL-to-MSR-and-CPUID-lists.patch
|
||||
patches.suse/0034-Remove-the-code-that-uses-MSR-save-restore-list.patch
|
||||
patches.suse/0035-Use-the-ibpb_inuse-variable.patch
|
||||
patches.suse/0036-Clear-the-host-registers-after-setbe.patch
|
||||
patches.suse/0037-Set-IBPB-when-running-a-different-VCPU.patch
|
||||
|
||||
########################################################
|
||||
# Architecture-specific patches. These used to be all
|
||||
# at the end of series.conf, but since we don't do
|
||||
|
@ -1,3 +1,3 @@
|
||||
2018-01-03 16:57:12 +0100
|
||||
GIT Revision: 58fec0f5680b7456aeed6bbf98fde270211b3637
|
||||
2018-01-04 12:32:07 +0100
|
||||
GIT Revision: c36893f025cf83d5b8d40847d1a34239cb7152eb
|
||||
GIT Branch: stable
|
||||
|
Loading…
Reference in New Issue
Block a user