lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20190514180424.GA11131@kroah.com>
Date:   Tue, 14 May 2019 20:04:24 +0200
From:   Greg KH <gregkh@...uxfoundation.org>
To:     linux-kernel@...r.kernel.org,
        Andrew Morton <akpm@...ux-foundation.org>,
        torvalds@...ux-foundation.org, stable@...r.kernel.org
Cc:     lwn@....net, Jiri Slaby <jslaby@...e.cz>
Subject: Linux 5.1.2

I'm announcing the release of the 5.1.2 kernel.

All users of the 5.1 kernel series must upgrade.  Well, kind of, let me rephrase that...

All users of Intel processors made since 2011 must upgrade.

Note, this release, and the other stable releases that are all being
released right now at the same time, just went out all contain patches
that have only seen the "public eye" for about 5 minutes.  So be
forwarned, they might break things, they might not build, but hopefully
they fix things.  Odds are we will be fixing a number of small things in
this area for the next few weeks as things shake out on real hardware
and workloads.  So don't think you are done updating your kernel, you
never are done with that :)

As for what specifically these changes fix, I'll let the tech news sites
fill you in on the details.  Or go read the excellently written Xen
Security Advisory 297:
	https://xenbits.xen.org/xsa/advisory-297.html
That should give you a good idea of what a number of people have been
dealing with for many many many months now.

Many thanks goes out to Thomas Gleixner for going above and beyond to do
the backports to the 5.1, 5.0, 4.19, and 4.14 kernel trees, and to Ben
Hutchings for doing the 4.9 work.  And of course to all of the
developers who have been working on this in secret and doing reviews of
the many different proposals and versions of the patches.

As I said before just over a year ago, Intel once again owes a bunch of
people a lot of drinks for fixing their hardware bugs, in our
software...

Anyway, as usual, the updated 5.1.y git tree can be found at:
	git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git linux-5.1.y
and can be browsed at the normal kernel.org git web browser:
	https://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=summary

thanks,

greg k-h

------------

 Documentation/ABI/testing/sysfs-devices-system-cpu |    4 
 Documentation/admin-guide/hw-vuln/index.rst        |   13 
 Documentation/admin-guide/hw-vuln/l1tf.rst         |  615 +++++++++++++++++++++
 Documentation/admin-guide/hw-vuln/mds.rst          |  308 ++++++++++
 Documentation/admin-guide/index.rst                |    6 
 Documentation/admin-guide/kernel-parameters.txt    |   62 ++
 Documentation/admin-guide/l1tf.rst                 |  614 --------------------
 Documentation/index.rst                            |    1 
 Documentation/x86/conf.py                          |   10 
 Documentation/x86/index.rst                        |    8 
 Documentation/x86/mds.rst                          |  225 +++++++
 Makefile                                           |    2 
 arch/powerpc/kernel/security.c                     |    6 
 arch/powerpc/kernel/setup_64.c                     |    2 
 arch/s390/kernel/nospec-branch.c                   |    3 
 arch/x86/entry/common.c                            |    3 
 arch/x86/include/asm/cpufeatures.h                 |    3 
 arch/x86/include/asm/irqflags.h                    |    4 
 arch/x86/include/asm/msr-index.h                   |   39 -
 arch/x86/include/asm/mwait.h                       |    7 
 arch/x86/include/asm/nospec-branch.h               |   50 +
 arch/x86/include/asm/processor.h                   |    6 
 arch/x86/kernel/cpu/bugs.c                         |  146 ++++
 arch/x86/kernel/cpu/common.c                       |  121 ++--
 arch/x86/kernel/nmi.c                              |    4 
 arch/x86/kernel/traps.c                            |    8 
 arch/x86/kvm/cpuid.c                               |    3 
 arch/x86/kvm/vmx/vmx.c                             |    7 
 arch/x86/mm/pti.c                                  |    4 
 drivers/base/cpu.c                                 |    8 
 include/linux/cpu.h                                |   26 
 kernel/cpu.c                                       |   15 
 tools/power/x86/turbostat/Makefile                 |    2 
 tools/power/x86/x86_energy_perf_policy/Makefile    |    2 
 34 files changed, 1632 insertions(+), 705 deletions(-)

Andi Kleen (2):
      x86/speculation/mds: Add basic bug infrastructure for MDS
      x86/kvm: Expose X86_FEATURE_MD_CLEAR to guests

Boris Ostrovsky (1):
      x86/speculation/mds: Fix comment

Greg Kroah-Hartman (1):
      Linux 5.1.2

Josh Poimboeuf (9):
      x86/speculation/mds: Add mds=full,nosmt cmdline option
      x86/speculation: Move arch_smt_update() call to after mitigation decisions
      x86/speculation/mds: Add SMT warning message
      cpu/speculation: Add 'mitigations=' cmdline option
      x86/speculation: Support 'mitigations=' cmdline option
      powerpc/speculation: Support 'mitigations=' cmdline option
      s390/speculation: Support 'mitigations=' cmdline option
      x86/speculation/mds: Add 'mitigations=' support for MDS
      x86/speculation/mds: Fix documentation typo

Konrad Rzeszutek Wilk (1):
      x86/speculation/mds: Print SMT vulnerable on MSBDS with mitigations off

Thomas Gleixner (12):
      x86/msr-index: Cleanup bit defines
      x86/speculation: Consolidate CPU whitelists
      x86/speculation/mds: Add BUG_MSBDS_ONLY
      x86/speculation/mds: Add mds_clear_cpu_buffers()
      x86/speculation/mds: Clear CPU buffers on exit to user
      x86/kvm/vmx: Add MDS protection when L1D Flush is not active
      x86/speculation/mds: Conditionally clear CPU buffers on idle entry
      x86/speculation/mds: Add mitigation control for MDS
      x86/speculation/mds: Add sysfs reporting for MDS
      x86/speculation/mds: Add mitigation mode VMWERV
      Documentation: Move L1TF to separate directory
      Documentation: Add MDS vulnerability documentation

Tyler Hicks (1):
      Documentation: Correct the possible MDS sysfs values

speck for Pawan Gupta (1):
      x86/mds: Add MDSUM variant to the MDS documentation


Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ