| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 14 May 2019 20:04:24 +0200
From: Greg KH <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org,
Andrew Morton <akpm@...ux-foundation.org>,
torvalds@...ux-foundation.org, stable@...r.kernel.org
Cc: lwn@....net, Jiri Slaby <jslaby@...e.cz>
Subject: Linux 5.1.2
I'm announcing the release of the 5.1.2 kernel.
All users of the 5.1 kernel series must upgrade. Well, kind of, let me rephrase that...
All users of Intel processors made since 2011 must upgrade.
Note, this release, and the other stable releases that are all being
released right now at the same time, just went out all contain patches
that have only seen the "public eye" for about 5 minutes. So be
forwarned, they might break things, they might not build, but hopefully
they fix things. Odds are we will be fixing a number of small things in
this area for the next few weeks as things shake out on real hardware
and workloads. So don't think you are done updating your kernel, you
never are done with that :)
As for what specifically these changes fix, I'll let the tech news sites
fill you in on the details. Or go read the excellently written Xen
Security Advisory 297:
https://xenbits.xen.org/xsa/advisory-297.html
That should give you a good idea of what a number of people have been
dealing with for many many many months now.
Many thanks goes out to Thomas Gleixner for going above and beyond to do
the backports to the 5.1, 5.0, 4.19, and 4.14 kernel trees, and to Ben
Hutchings for doing the 4.9 work. And of course to all of the
developers who have been working on this in secret and doing reviews of
the many different proposals and versions of the patches.
As I said before just over a year ago, Intel once again owes a bunch of
people a lot of drinks for fixing their hardware bugs, in our
software...
Anyway, as usual, the updated 5.1.y git tree can be found at:
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.1.y
and can be browsed at the normal kernel.org git web browser:
https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary
thanks,
greg k-h
------------
Documentation/ABI/testing/sysfs-devices-system-cpu | 4
Documentation/admin-guide/hw-vuln/index.rst | 13
Documentation/admin-guide/hw-vuln/l1tf.rst | 615 +++++++++++++++++++++
Documentation/admin-guide/hw-vuln/mds.rst | 308 ++++++++++
Documentation/admin-guide/index.rst | 6
Documentation/admin-guide/kernel-parameters.txt | 62 ++
Documentation/admin-guide/l1tf.rst | 614 --------------------
Documentation/index.rst | 1
Documentation/x86/conf.py | 10
Documentation/x86/index.rst | 8
Documentation/x86/mds.rst | 225 +++++++
Makefile | 2
arch/powerpc/kernel/security.c | 6
arch/powerpc/kernel/setup_64.c | 2
arch/s390/kernel/nospec-branch.c | 3
arch/x86/entry/common.c | 3
arch/x86/include/asm/cpufeatures.h | 3
arch/x86/include/asm/irqflags.h | 4
arch/x86/include/asm/msr-index.h | 39 -
arch/x86/include/asm/mwait.h | 7
arch/x86/include/asm/nospec-branch.h | 50 +
arch/x86/include/asm/processor.h | 6
arch/x86/kernel/cpu/bugs.c | 146 ++++
arch/x86/kernel/cpu/common.c | 121 ++--
arch/x86/kernel/nmi.c | 4
arch/x86/kernel/traps.c | 8
arch/x86/kvm/cpuid.c | 3
arch/x86/kvm/vmx/vmx.c | 7
arch/x86/mm/pti.c | 4
drivers/base/cpu.c | 8
include/linux/cpu.h | 26
kernel/cpu.c | 15
tools/power/x86/turbostat/Makefile | 2
tools/power/x86/x86_energy_perf_policy/Makefile | 2
34 files changed, 1632 insertions(+), 705 deletions(-)
Andi Kleen (2):
x86/speculation/mds: Add basic bug infrastructure for MDS
x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests
Boris Ostrovsky (1):
x86/speculation/mds: Fix comment
Greg Kroah-Hartman (1):
Linux 5.1.2
Josh Poimboeuf (9):
x86/speculation/mds: Add mds=full,nosmt cmdline option
x86/speculation: Move arch_smt_update() call to after mitigation decisions
x86/speculation/mds: Add SMT warning message
cpu/speculation: Add 'mitigations=' cmdline option
x86/speculation: Support 'mitigations=' cmdline option
powerpc/speculation: Support 'mitigations=' cmdline option
s390/speculation: Support 'mitigations=' cmdline option
x86/speculation/mds: Add 'mitigations=' support for MDS
x86/speculation/mds: Fix documentation typo
Konrad Rzeszutek Wilk (1):
x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off
Thomas Gleixner (12):
x86/msr-index: Cleanup bit defines
x86/speculation: Consolidate CPU whitelists
x86/speculation/mds: Add BUG_MSBDS_ONLY
x86/speculation/mds: Add mds_clear_cpu_buffers()
x86/speculation/mds: Clear CPU buffers on exit to user
x86/kvm/vmx: Add MDS protection when L1D Flush is not active
x86/speculation/mds: Conditionally clear CPU buffers on idle entry
x86/speculation/mds: Add mitigation control for MDS
x86/speculation/mds: Add sysfs reporting for MDS
x86/speculation/mds: Add mitigation mode VMWERV
Documentation: Move L1TF to separate directory
Documentation: Add MDS vulnerability documentation
Tyler Hicks (1):
Documentation: Correct the possible MDS sysfs values
speck for Pawan Gupta (1):
x86/mds: Add MDSUM variant to the MDS documentation
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists