ELBA-2018-4056
- ULN >
- Oracle Linux Errata repository >
- ELBA-2018-4056
ELBA-2018-4056 - Unbreakable Enterprise kernel bug fix update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2018-04-02 |
Description
kernel-uek
[4.1.12-94.8.2]
- config: sort out retpoline config options (Brian Maly) [Orabug: 27509502]
- x86: make HAVE_FENTRY dependent on !SIMULATE_GCC44_KABI (Todd Vierling) [Orabug: 27630312]
- kernel: on OL6 only, simulate the gcc 4.4 kABI for __stack_chk_fail() (Todd Vierling) [Orabug: 27509502]
- uek-rpm: configs: Don't set HAVE_FENTRY on OL6 builds. (Todd Vierling) [Orabug: 27509502]
- Revert 'x86: make HAVE_FENTRY dependent on !SIMULATE_GCC44_KABI' (Brian Maly) [Orabug: 27630312]
- Revert 'Makefile: Build with -Werror=date-time if the compiler supports it' (Gayatri Vasudevan) [Orabug: 27724742]
[4.1.12-94.8.1]
- x86/spectre_v2: Fix cpu offlining with IPBP. (Konrad Rzeszutek Wilk)
- retpoline: selectively disable IBRS in disable_ibrs_and_friends() (Chuck Anderson) [Orabug: 27673499]
- retpoline: move setting of sysctl_ibrs_enabled and sysctl_ibpb_enabled to where SPEC_CTRL_IBRS_INUSE and SPEC_CTRL_IBPB_INUSE are set (Chuck Anderson) [Orabug: 27672521]
- retpoline: set IBRS and IBPB in use only on the boot CPU call to init_scattered_cpuid_features() (Chuck Anderson) [Orabug: 27672521]
- retpoline: display IBPB feature status along with IBRS status (Chuck Anderson) [Orabug: 27672521]
- retpoline: move lock/unlock of spec_ctrl_mutex to check_modinfo() (Chuck Anderson) [Orabug: 27672521]
- retpoline: call clear_retpoline_fallback() with boot parm spectre_v2_heuristics=off (Chuck Anderson) [Orabug: 27672521]
- retpoline: add brackets to check_ibrs_inuse() and clear_ibpb_inuse() (Chuck Anderson) [Orabug: 27672521]
- retpoline/module: do not enable IBRS/IPBP if SPEC_CTRL_IBRS_ADMIN_DISABLED/SPEC_CTRL_IBPB_ADMIN_DISABLED is set (Chuck Anderson) [Orabug: 27547729]
- retpoline: microcode incorrectly reported as broken during early boot (Chuck Anderson) [Orabug: 27672521]
- retpoline: move lock/unlock of spec_ctrl_mutex into init_scattered_cpuid_features() (Chuck Anderson) [Orabug: 27672521]
- KVM: Disable irq while unregistering user notifier (Ignacio Alvarado)
- x86/speculation: Use IBRS if available before calling into firmware (David Woodhouse) [Orabug: 27630399]
- Revert 'x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation' (Konrad Rzeszutek Wilk) [Orabug: 27630379]
- Revert 'x86/spec: Add 'lfence_enabled' in sysfs' (Konrad Rzeszutek Wilk)
- x86/spectre_v2: Fix the documentation to say the right thing. (Konrad Rzeszutek Wilk)
- x86/spectre_v2: Don't check bad microcode versions when running under hypervisors. (Konrad Rzeszutek Wilk) [Orabug: 27630364]
- x86/ia32/syscall: RESTORE_EXTRA_REGS when returning from syscall (Ankur Arora) [Orabug: 27630345] {CVE-2017-5715}
- x86/ia32/syscall: don't do RESTORE_EXTRA_REGS prematurely (Ankur Arora) [Orabug: 27630345] {CVE-2017-5715}
- trace: declare blk_add_trace_rq non-static on OL6 (Todd Vierling) [Orabug: 27630338]
- x86/spectre: move microcode check before kernel ibrs flags are set (Daniel Jordan) [Orabug: 27630331] {CVE-2017-5715}
- bonding: attempt to better support longer hw addresses (Jarod Wilson) [Orabug: 27630325]
- x86: make HAVE_FENTRY dependent on !SIMULATE_GCC44_KABI (Todd Vierling) [Orabug: 27630312]
- retpoline/module: fall back to another spectre mitigation when disabling retpoline (Chuck Anderson) [Orabug: 27630299]
- retpoline/module: add bit defs for use_ibpb (Chuck Anderson) [Orabug: 27630299]
- x86/spectre_v2: Only use IBRS when ibrs_inuse tells us to (Konrad Rzeszutek Wilk)
- x86/spectre_v2: Disable IBRS if spectre_v2=off (Konrad Rzeszutek Wilk)
- KVM/VMX: Allow direct access to MSR_IA32_SPEC_CTRL (KarimAllah Ahmed) [Orabug: 27630289]
- x86/spectre_v2: Remove 0xc2 from spectre_bad_microcodes (Darren Kenny) [Orabug: 27630283]
- x86/speculation: Use Indirect Branch Prediction Barrier in context switch (Tim Chen) [Orabug: 27630273]
- x86/entry: RESTORE_IBRS needs to be done under kernel CR3 (Ankur Arora) [Orabug: 27630254]
- Fix typo IBRS_ATT, which should be IBRS_ALL (redux) (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre_v2: Add spectre_v2_heuristics= (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre_v2: Do not disable IBPB when disabling IBRS (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/scattered: Fix the order. (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre: Favor IBRS on Skylake over retpoline (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/speculation: Fix typo IBRS_ATT, which should be IBRS_ALL (Darren Kenny) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre: Now that we expose 'stbibp' make sure it is correct. (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/cpufeatures: Clean up Spectre v2 related CPUID flags (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/speculation: Add basic IBPB (Indirect Branch Prediction Barrier) support (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/bugs: Drop one 'mitigation' from dmesg (Borislav Petkov) [Orabug: 27630250] {CVE-2017-5715}
- x86/nospec: Fix header guards names (Borislav Petkov) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre_v2: Don't spam the console with these: (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/cpufeature: Blacklist SPEC_CTRL/PRED_CMD on early Spectre v2 microcodes (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/cpu: Keep model defines sorted by model number (Andy Shevchenko) [Orabug: 27630250] {CVE-2017-5715}
- x86/pti: Do not enable PTI on CPUs which are not vulnerable to Meltdown (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/msr: Add definitions for new speculation control MSRs (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/cpufeatures: Add AMD feature bits for Speculation Control (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre_v2: Print what options are available. (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre_v2: Add VMEXIT_FILL_RSB instead of RETPOLINE (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre: If IBRS is enabled disable 'Filling RSB on context switch' (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- KVM: VMX: Allow direct access to MSR_IA32_SPEC_CTRL (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre_v2: Don't allow {ibrs,ipbp,lfence}_enabled to be toggled if retpoline (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre: Fix retpoline_enabled (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre: Update sysctl values if toggled only by set_{ibrs,ibpb}_disabled (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- retpoline/module: Taint kernel for missing retpoline in module (Andi Kleen) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline: Fill RSB on context switch for affected CPUs (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline: Optimize inline assembler for vmexit_fill_RSB (Andi Kleen) [Orabug: 27630250] {CVE-2017-5715}
- kprobes/x86: Disable optimizing on the function jumps to indirect thunk (Masami Hiramatsu) [Orabug: 27630250] {CVE-2017-5715}
- kprobes/x86: Blacklist indirect thunk functions for kprobes (Masami Hiramatsu) [Orabug: 27630250] {CVE-2017-5715}
- retpoline: Introduce start/end markers of indirect thunk (Masami Hiramatsu) [Orabug: 27630250] {CVE-2017-5715}
- x86/mce: Make machine check speculation protected (Thomas Gleixner) [Orabug: 27630250] {CVE-2017-5715}
- kbuild: modversions for EXPORT_SYMBOL() for asm (Nicholas Piggin) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline: Add LFENCE to the retpoline/RSB filling RSB macros (Tom Lendacky) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline: Remove compile time warning (Thomas Gleixner) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline: Fill return stack buffer on vmexit (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline/irq32: Convert assembler indirect jumps (Andi Kleen) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline/checksum32: Convert assembler indirect jumps (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline/xen: Convert Xen hypercall indirect jumps (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline/hyperv: Convert assembler indirect jumps (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline/ftrace: Convert ftrace assembler indirect jumps (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline/entry: Convert entry assembler indirect jumps (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline/crypto: Convert crypto assembler indirect jumps (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre_v2: Add disable_ibrs_and_friends (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre_v2: Figure out if STUFF_RSB macro needs to be used. (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre_v2: Figure out when to use IBRS. (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre: Add IBRS option. (Konrad Rzeszutek Wilk) [Orabug: 27630250] {CVE-2017-5715}
- x86/spectre: Add boot time option to select Spectre v2 mitigation (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/retpoline: Add initial retpoline support (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- kconfig.h: use __is_defined() to check if MODULE is defined (Masahiro Yamada) [Orabug: 27630250] {CVE-2017-5715}
- EXPORT_SYMBOL() for asm (Al Viro) [Orabug: 27630250] {CVE-2017-5715}
- x86/asm: Make asm/alternative.h safe from assembly (Andy Lutomirski) [Orabug: 27630250] {CVE-2017-5715}
- x86/kbuild: enable modversions for symbols exported from asm (Adam Borowski) [Orabug: 27630250] {CVE-2017-5715}
- x86/asm: Use register variable to get stack pointer value (Andrey Ryabinin) [Orabug: 27630250] {CVE-2017-5715}
- x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (Andy Lutomirski) [Orabug: 27630250] {CVE-2017-5715}
- x86/alternatives: Add missing '
' at end of ALTERNATIVE inline asm (David Woodhouse) [Orabug: 27630250] {CVE-2017-5715}
- x86/alternatives: Fix optimize_nops() checking (Borislav Petkov) [Orabug: 27630250] {CVE-2017-5715}
- x86/microcode/intel: Extend BDW late-loading with a revision check (Jia Zhang) [Orabug: 27629973]
- x86/microcode/intel: Disable late loading on model 79 (Borislav Petkov) [Orabug: 27629973]
- x86/spec: Fix spectre_v1 bug and mitigation indicators (John Haxby) [Orabug: 27630236]
- x86: Fix compile issues if CONFIG_XEN not defined (Konrad Rzeszutek Wilk)
- x86/mitigation/spectre_v2: Add reporting of 'lfence' (Konrad Rzeszutek Wilk)
- x86/spec: Add 'lfence_enabled' in sysfs (Konrad Rzeszutek Wilk)
- x86/spec_ctrl: Add 'nolfence' knob to disable fallback for spectre_v2 mitigation (Konrad Rzeszutek Wilk)
- x86/IBRS/IBPB: Remove procfs interface to ibrs/ibpb_enable (Boris Ostrovsky) [Orabug: 27630222]
- x86: Use PRED_CMD MSR when ibpb is enabled (Konrad Rzeszutek Wilk)
- x86/IBRS: Drop unnecessary WRITE_ONCE (Boris Ostrovsky) [Orabug: 27630203]
- x86/IBRS: Don't try to change IBRS mode if IBRS is not available (Boris Ostrovsky) [Orabug: 27630203]
- x86/IBRS: Remove support for IBRS_ENABLED_USER mode (Boris Ostrovsky) [Orabug: 27630203]
- x86: Include linux/device.h in bugs_64.c (Boris Ostrovsky) [Orabug: 27630198]
- x86/spectre: Drop the warning about ibrs being obsolete. (Konrad Rzeszutek Wilk)
- x86/spec: Don't print the Missing arguments for option spectre_v2. (Konrad Rzeszutek Wilk)
- x86/spec: Also print IBRS if IBPB is disabled. (Konrad Rzeszutek Wilk)
- x86/IBPB: Provide debugfs interface for changing IBPB mode (Boris Ostrovsky) [Orabug: 27630193]
- x86: Move STUFF_RSB in to the idt macro (Konrad Rzeszutek Wilk)
- x86/spec: STUFF_RSB _before_ ENABLE_IBRS (Konrad Rzeszutek Wilk)
- x86: Move ENABLE_IBRS in the interrupt macro. (Konrad Rzeszutek Wilk) [Orabug: 27451922]
- x86: Clean up IBRS functionality resident in common code (Kanth Ghatraju) [Orabug: 27445637]
- x86: Display correct settings for the SPECTRE_V2 bug (Kanth Ghatraju) [Orabug: 27445637]
- Set CONFIG_GENERIC_CPU_VULNERABILITIES flag (Kanth Ghatraju) [Orabug: 27445637]
- x86/cpu: Implement CPU vulnerabilites sysfs functions (Thomas Gleixner) [Orabug: 27445637]
- sysfs/cpu: Fix typos in vulnerability documentation (David Woodhouse) [Orabug: 27445637]
- sysfs/cpu: Add vulnerability folder (Thomas Gleixner) [Orabug: 27445637]
- x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (David Woodhouse) [Orabug: 27445637]
- x86/cpufeatures: Add X86_BUG_CPU_MELTDOWN (Kanth Ghatraju) [Orabug: 27445637]
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 6 (x86_64) | dtrace-modules-4.1.12-94.8.2.el6uek-0.6.0-4.el6.src.rpm | a88aa606d0ec631242a47ee281efb3ca2afd3e6387dca4abdaaec88131b15032 | - | ol6_x86_64_UEKR4_archive |
| kernel-uek-4.1.12-94.8.2.el6uek.src.rpm | 865809b40d1aa7397bfab1ea785dd6a05f570a6970a6b59bc4eb2dafd2e8bf9d | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| dtrace-modules-4.1.12-94.8.2.el6uek-0.6.0-4.el6.x86_64.rpm | 321a63f56487db53f11c424974820f0e000fc571c6d9e151591b2e692a5074af | - | ol6_x86_64_UEKR4_archive | |
| kernel-uek-4.1.12-94.8.2.el6uek.x86_64.rpm | dcb709720663877ed5692aa2b3b309997457bf573d0c53e25c43f2a8e578a1f4 | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| kernel-uek-debug-4.1.12-94.8.2.el6uek.x86_64.rpm | 1f9c88b6086c99d38c05a6e37e348b475e6a49ca00289872c278eb5aeb72a875 | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| kernel-uek-debug-devel-4.1.12-94.8.2.el6uek.x86_64.rpm | 00a1beb3a9cbac3b82cd26f17433df31661e2f49e21eaa2b7e11f99dbcf89f43 | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| kernel-uek-devel-4.1.12-94.8.2.el6uek.x86_64.rpm | 510bfa18bf7fba9470a63eba94ab85635a1e98c7c9ce7128d145d3b00d4914ae | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| kernel-uek-doc-4.1.12-94.8.2.el6uek.noarch.rpm | 0f59d0b127293fcd82fad58300e224425727f98cbe57f68f8c151b71da7accdd | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| kernel-uek-firmware-4.1.12-94.8.2.el6uek.noarch.rpm | 3488bf189c10cae11cb202bde9e29bede169c60ebca0132f3ab32f2a2493c88e | ELSA-2025-20007 | ol6_x86_64_UEKR4_archive | |
| Oracle Linux 7 (x86_64) | dtrace-modules-4.1.12-94.8.2.el7uek-0.6.0-4.el7.src.rpm | 7e66ed8454c095e3e5a298ab92e6e262074f7a985f897a94f48823ca34f59a24 | - | ol7_x86_64_UEKR4_archive |
| kernel-uek-4.1.12-94.8.2.el7uek.src.rpm | 6780a97408b2dac22764ed9ea2ace9a597c3753d45931879885c35d85ecc5428 | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive | |
| dtrace-modules-4.1.12-94.8.2.el7uek-0.6.0-4.el7.x86_64.rpm | 9b4e1067733eeb4ab74a554e1ab612f8a8ae7eb5984f1da7d19068aa71baeeb3 | - | ol7_x86_64_UEKR4_archive | |
| kernel-uek-4.1.12-94.8.2.el7uek.x86_64.rpm | 1f5c283171dba033b85e87795874e50b4dd54846ff46df8c67f45c52333d2c77 | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive | |
| kernel-uek-debug-4.1.12-94.8.2.el7uek.x86_64.rpm | 46e64a3b494044f1370aef3c8fd326e0eda1f779c6b5179a4cb060dff73dfcdf | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive | |
| kernel-uek-debug-devel-4.1.12-94.8.2.el7uek.x86_64.rpm | a4392a85b32d9e9978a8d5367b394ac669ac0db440e720383045d743ab43c4aa | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive | |
| kernel-uek-devel-4.1.12-94.8.2.el7uek.x86_64.rpm | f7ae3fcf459cfeef5bba34ae392b9e67598ac1dbb94c1a34bb3061951175e326 | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive | |
| kernel-uek-doc-4.1.12-94.8.2.el7uek.noarch.rpm | e579203d73f6953a567e352e3d5380ad4061962704fdec56983d1bba57f76b80 | ELSA-2025-20190 | ol7_x86_64_UEKR4_archive | |
| kernel-uek-firmware-4.1.12-94.8.2.el7uek.noarch.rpm | e12cc6cfb7944bab96dc1734a782e860b2ef5a7722efc9e5edefbbaa78d822b1 | ELSA-2025-20007 | ol7_x86_64_UEKR4_archive | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
