Accepted linux 4.9.168-1+deb9u2 (all source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 13 May 2019 21:59:18 +0100
Binary: linux-doc-4.9 linux-headers-4.9.0-9-common linux-headers-4.9.0-9-common-rt linux-manual-4.9 linux-source-4.9 linux-support-4.9.0-9
Source: linux
Architecture: all source
Version: 4.9.168-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
Changed-By: Ben Hutchings <ben@decadent.org.uk>
Closes: 928125
Description:
linux-doc-4.9 - Linux kernel specific documentation for version 4.9
linux-headers-4.9.0-9-common - Common header files for Linux 4.9.0-9
linux-headers-4.9.0-9-common-rt - Common header files for Linux 4.9.0-9-rt
linux-manual-4.9 - Linux kernel API manual pages for version 4.9
linux-source-4.9 - Linux kernel source for version 4.9 with Debian patches
linux-support-4.9.0-9 - Support files for Linux 4.9
Changes:
linux (4.9.168-1+deb9u2) stretch-security; urgency=high
.
[ Salvatore Bonaccorso ]
* Revert "block/loop: Use global lock for ioctl() operation."
(Closes: #928125)
.
linux (4.9.168-1+deb9u1) stretch-security; urgency=high
.
* [x86] Update speculation mitigations:
- x86/MCE: Save microcode revision in machine check records
- x86/cpufeatures: Hide AMD-specific speculation flags
- x86/bugs: Add AMD's variant of SSB_NO
- x86/bugs: Add AMD's SPEC_CTRL MSR usage
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU
features
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR
- x86/microcode/intel: Add a helper which gives the microcode revision
- x86/microcode/intel: Check microcode revision before updating sibling
threads
- x86/microcode: Make sure boot_cpu_data.microcode is up-to-date
- x86/microcode: Update the new microcode revision unconditionally
- x86/mm: Use WRITE_ONCE() when setting PTEs
- bitops: avoid integer overflow in GENMASK(_ULL)
- x86/speculation: Simplify the CPU bug detection logic
- locking/atomics, asm-generic: Move some macros from <linux/bitops.h> to a
new <linux/bits.h> file
- x86/speculation: Remove SPECTRE_V2_IBRS in enum spectre_v2_mitigation
- x86/cpu: Sanitize FAM6_ATOM naming
- Documentation/l1tf: Fix small spelling typo
- x86/speculation: Apply IBPB more strictly to avoid cross-process data
leak
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation
- x86/speculation: Propagate information about RSB filling mitigation to
sysfs
- x86/speculation/l1tf: Drop the swap storage limit restriction when
l1tf=off
- x86/speculation: Update the TIF_SSBD comment
- x86/speculation: Clean up spectre_v2_parse_cmdline()
- x86/speculation: Remove unnecessary ret variable in cpu_show_common()
- x86/speculation: Move STIPB/IBPB string conditionals out of
cpu_show_common()
- x86/speculation: Disable STIBP when enhanced IBRS is in use
- x86/speculation: Rename SSBD update functions
- x86/speculation: Reorganize speculation control MSRs update
- x86/Kconfig: Select SCHED_SMT if SMP enabled
- sched: Add sched_smt_active()
- x86/speculation: Rework SMT state change
- x86/l1tf: Show actual SMT state
- x86/speculation: Reorder the spec_v2 code
- x86/speculation: Mark string arrays const correctly
- x86/speculataion: Mark command line parser data __initdata
- x86/speculation: Unify conditional spectre v2 print functions
- x86/speculation: Add command line control for indirect branch speculation
- x86/speculation: Prepare for per task indirect branch speculation control
- x86/process: Consolidate and simplify switch_to_xtra() code
- x86/speculation: Avoid __switch_to_xtra() calls
- x86/speculation: Prepare for conditional IBPB in switch_mm()
- x86/speculation: Split out TIF update
- x86/speculation: Prepare arch_smt_update() for PRCTL mode
- x86/speculation: Prevent stale SPEC_CTRL msr content
- x86/speculation: Add prctl() control for indirect branch speculation
- x86/speculation: Enable prctl mode for spectre_v2_user
- x86/speculation: Add seccomp Spectre v2 user space protection mode
- x86/speculation: Provide IBPB always command line options
- kvm: x86: Report STIBP on GET_SUPPORTED_CPUID
- x86/msr-index: Cleanup bit defines
- x86/speculation: Consolidate CPU whitelists
- Documentation: Move L1TF to separate directory
- cpu/speculation: Add 'mitigations=' cmdline option
- x86/speculation: Support 'mitigations=' cmdline option
- x86/speculation/mds: Add 'mitigations=' support for MDS
- x86/cpu/bugs: Use __initconst for 'const' init data
* [x86] Mitigate Microarchitectural Data Sampling (MDS) vulnerabilities
(CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091):
- x86/speculation/mds: Add basic bug infrastructure for MDS
- x86/speculation/mds: Add BUG_MSBDS_ONLY
- x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
- x86/speculation/mds: Add mds_clear_cpu_buffers()
- x86/speculation/mds: Clear CPU buffers on exit to user
- x86/kvm/vmx: Add MDS protection when L1D Flush is not active
- x86/speculation/mds: Conditionally clear CPU buffers on idle entry
- x86/speculation/mds: Add mitigation control for MDS
- x86/speculation/mds: Add sysfs reporting for MDS
- x86/speculation/mds: Add mitigation mode VMWERV
- Documentation: Add MDS vulnerability documentation
- x86/speculation/mds: Add mds=full,nosmt cmdline option
- x86/speculation: Move arch_smt_update() call to after mitigation decisions
- x86/speculation/mds: Add SMT warning message
- x86/speculation/mds: Fix comment
- x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
- x86/mds: Add MDSUM variant to the MDS documentation
- Documentation: Correct the possible MDS sysfs values
- x86/speculation/mds: Fix documentation typo
* [x86] msr-index: Remove dependency on <linux/bits.h>
* [rt] Update patches to apply on top of the speculation mitigation changes
* [x86] mce, tlb: Ignore ABI changes
Checksums-Sha1:
3cf9ad06772fa1e2250f95ccecf0a7107b0d0643 123228 linux_4.9.168-1+deb9u2.dsc
2f22afcec11f5491e4e8db61d6951b7b418a6315 94774584 linux_4.9.168.orig.tar.xz
1349d89187328a5102383cfe7c407f2865b042de 2732028 linux_4.9.168-1+deb9u2.debian.tar.xz
fe5d0672e36a74dd521508fc767457d428aa6cef 36957 linux_4.9.168-1+deb9u2_source.buildinfo
f3be321e50c16f8c99e8dc9579c98e9d2580d970 12499332 linux-doc-4.9_4.9.168-1+deb9u2_all.deb
e551224f199a979d90e1a7ae0cc0b389fcd76008 5740880 linux-headers-4.9.0-9-common-rt_4.9.168-1+deb9u2_all.deb
83305c5648a0daeda21e3be674ba12fbf4c3b2ed 7674072 linux-headers-4.9.0-9-common_4.9.168-1+deb9u2_all.deb
05d661dc8b328aadb6f2bdd2cf4ba6da8707dd16 3198870 linux-manual-4.9_4.9.168-1+deb9u2_all.deb
bf7a6e40877370ce9ac65e0d01e75f17b861206f 96825676 linux-source-4.9_4.9.168-1+deb9u2_all.deb
e96f76b1f005f231f2dc8bbe7910a3c080d0577c 678004 linux-support-4.9.0-9_4.9.168-1+deb9u2_all.deb
244269a9ceefac4eff43d79b392ab7efb4bf8502 41613 linux_4.9.168-1+deb9u2_all.buildinfo
Checksums-Sha256:
9ff4ff71bc5a3f087fef7e4201a8448040f84035a1298ad01a8f5d6fe5192795 123228 linux_4.9.168-1+deb9u2.dsc
8a2c04045b47472584fc8e72d8663b5c720b8ba5efba878f48ddba93bac29a7f 94774584 linux_4.9.168.orig.tar.xz
b909b4c1feb633d1d458d0fd80b96698d97d12fc790fa56a1398a951585d631a 2732028 linux_4.9.168-1+deb9u2.debian.tar.xz
e895f11c1735cd8609d81d74d25da0129b191eb9a39249b12ad5694a42e43dd4 36957 linux_4.9.168-1+deb9u2_source.buildinfo
39d4b4497dde28b68270de2758124ad4df3d061a882d0e29b72eb4254af7007f 12499332 linux-doc-4.9_4.9.168-1+deb9u2_all.deb
a40a10d1dc60d88816f2b2f88242192d02bfeacee846bf5c454ed303d028d6a8 5740880 linux-headers-4.9.0-9-common-rt_4.9.168-1+deb9u2_all.deb
f0d2dd38e1e674ab5960587adf60d2d955eec4ba755b9d03f4f9d1206368052c 7674072 linux-headers-4.9.0-9-common_4.9.168-1+deb9u2_all.deb
6b45830be32d9174a479d9850e987627067c6a6ca3366e2c3d3b6379b0f8085c 3198870 linux-manual-4.9_4.9.168-1+deb9u2_all.deb
d14c5fe9f20433bc2f947dea5d3a6ed6659213214887135ecf81604654407356 96825676 linux-source-4.9_4.9.168-1+deb9u2_all.deb
a37a8d788336c9305018a1eabc1f15f0625e670f70ebd0105668f66a8bd0d1f9 678004 linux-support-4.9.0-9_4.9.168-1+deb9u2_all.deb
d93897444ec7bd709287bc2acff6a89b31d02fbee77d3f25a816c05a316b3614 41613 linux_4.9.168-1+deb9u2_all.buildinfo
Files:
11d8ba1abf4d542429afda6d6286ba53 123228 kernel optional linux_4.9.168-1+deb9u2.dsc
efe7cbb8d928fe85597f60fca8ebb6e5 94774584 kernel optional linux_4.9.168.orig.tar.xz
717e9b64d520252d423d1445028ef3eb 2732028 kernel optional linux_4.9.168-1+deb9u2.debian.tar.xz
51b6346a6341ddddce639ee25b4e0c01 36957 kernel optional linux_4.9.168-1+deb9u2_source.buildinfo
7db9df654116a269453a56872273074e 12499332 doc optional linux-doc-4.9_4.9.168-1+deb9u2_all.deb
5759631401b852f584a6a27a8e38c5fc 5740880 kernel optional linux-headers-4.9.0-9-common-rt_4.9.168-1+deb9u2_all.deb
801b829bd43813ca60ff796160adfd23 7674072 kernel optional linux-headers-4.9.0-9-common_4.9.168-1+deb9u2_all.deb
e922a7d752d120739edfc136072ddff0 3198870 doc optional linux-manual-4.9_4.9.168-1+deb9u2_all.deb
7dffc0e4666b9a979fcec3629cb933f3 96825676 kernel optional linux-source-4.9_4.9.168-1+deb9u2_all.deb
243c25f44f29f58fb29b2e93455fd889 678004 devel optional linux-support-4.9.0-9_4.9.168-1+deb9u2_all.deb
33e1e411d9efe2880ed1d1b061f99c20 41613 kernel optional linux_4.9.168-1+deb9u2_all.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAlzZ+MsACgkQ57/I7JWG
EQmWdhAAu5l6jggBPmftnbk7W/oeoJHsRz+khKDdB3uHVPgl5GfLBixknTe0/bG5
wlFnMm2F2N3rFY1oeOv9JE4YOgGRNk50blBrWkKiTGcz9+g+xIbrewpp63o+O9zW
AtZhO55V9jcMuqRBoKEZOgyI+g8jDKkzkILsVg8dH+xPl7uIWAkBXEQ5oZIe+7rH
pKedXStpEcAtuUrTsANa/VduAhyULylNWm/8v0bUCt9Qf4oiHG9IxL09YVhsXtzw
DDhdOm7/mRqnxdOfVnAErceHW+PAMaCgkQfV1O6iRu+q9plILoCzLmc+E7LfXUOo
0DjQypgQGAHFfptq+nwHydiE7w71NJIzrjOjG1ZFb5OnbiBhI5TxpjyYD484aEvQ
ZbJ+WlA+KEMOVMNU4hjJnHLJHFajs7lG183mf5Tqzs3JTqPTpkrpA3jX6+aPBIhN
qWVfWV+eBaAU2pXj032YT+Qv8RiYI6XXkcsGnoDlBLgWQQWpPQaVZXw0CfAqByKz
WUVBCfXRls5dY5R1v43ZhC4mV3J/1+e6pV/+CVWYoubGQmeFxo1UlVg71Ap38K7l
OLy+4uDsuWLGog0ZILKzk+jod1cgVB2lxaqBwuy6YRMYozpwLVJJUjYVMFCNiBSj
9FZxAyxa5m4WY+qBg10JLVd0sHPaoA2tGEm0+iOax0Da0KrzIDU=
=29tk
-----END PGP SIGNATURE-----
Reply to: