More security fixes including the latest public vuln about data leak in intel gpu driver on gen9 (~Skylake to pre-Icelake). Gen7 (Ivy, Haswell,, vlv, ...) fixes are still pending review/validation upstream.... and some other security fixes. And fix for some systems failing to boot, by reverting some tpm stuff And a bunch of other upstream fixes SRPMS: kernel-5.4.12-1.mga7.src.rpm kmod-virtualbox-6.0.14-20.mga7.src.rpm kmod-xtables-addons-3.7-10.mga7.src.rpm i586: bpftool-5.4.12-1.mga7.i586.rpm cpupower-5.4.12-1.mga7.i586.rpm cpupower-devel-5.4.12-1.mga7.i586.rpm kernel-desktop-5.4.12-1.mga7-1-1.mga7.i586.rpm kernel-desktop586-5.4.12-1.mga7-1-1.mga7.i586.rpm kernel-desktop586-devel-5.4.12-1.mga7-1-1.mga7.i586.rpm kernel-desktop586-devel-latest-5.4.12-1.mga7.i586.rpm kernel-desktop586-latest-5.4.12-1.mga7.i586.rpm kernel-desktop-devel-5.4.12-1.mga7-1-1.mga7.i586.rpm kernel-desktop-devel-latest-5.4.12-1.mga7.i586.rpm kernel-desktop-latest-5.4.12-1.mga7.i586.rpm kernel-doc-5.4.12-1.mga7.noarch.rpm kernel-server-5.4.12-1.mga7-1-1.mga7.i586.rpm kernel-server-devel-5.4.12-1.mga7-1-1.mga7.i586.rpm kernel-server-devel-latest-5.4.12-1.mga7.i586.rpm kernel-server-latest-5.4.12-1.mga7.i586.rpm kernel-source-5.4.12-1.mga7-1-1.mga7.noarch.rpm kernel-source-latest-5.4.12-1.mga7.noarch.rpm kernel-userspace-headers-5.4.12-1.mga7.i586.rpm libbpf0-5.4.12-1.mga7.i586.rpm libbpf-devel-5.4.12-1.mga7.i586.rpm perf-5.4.12-1.mga7.i586.rpm virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.14-20.mga7.i586.rpm virtualbox-kernel-5.4.12-desktop586-1.mga7-6.0.14-20.mga7.i586.rpm virtualbox-kernel-5.4.12-server-1.mga7-6.0.14-20.mga7.i586.rpm virtualbox-kernel-desktop586-latest-6.0.14-20.mga7.i586.rpm virtualbox-kernel-desktop-latest-6.0.14-20.mga7.i586.rpm virtualbox-kernel-server-latest-6.0.14-20.mga7.i586.rpm xtables-addons-kernel-5.4.12-desktop-1.mga7-3.7-10.mga7.i586.rpm xtables-addons-kernel-5.4.12-desktop586-1.mga7-3.7-10.mga7.i586.rpm xtables-addons-kernel-5.4.12-server-1.mga7-3.7-10.mga7.i586.rpm xtables-addons-kernel-desktop586-latest-3.7-10.mga7.i586.rpm xtables-addons-kernel-desktop-latest-3.7-10.mga7.i586.rpm xtables-addons-kernel-server-latest-3.7-10.mga7.i586.rpm x86_64: bpftool-5.4.12-1.mga7.x86_64.rpm cpupower-5.4.12-1.mga7.x86_64.rpm cpupower-devel-5.4.12-1.mga7.x86_64.rpm kernel-desktop-5.4.12-1.mga7-1-1.mga7.x86_64.rpm kernel-desktop-devel-5.4.12-1.mga7-1-1.mga7.x86_64.rpm kernel-desktop-devel-latest-5.4.12-1.mga7.x86_64.rpm kernel-desktop-latest-5.4.12-1.mga7.x86_64.rpm kernel-doc-5.4.12-1.mga7.noarch.rpm kernel-server-5.4.12-1.mga7-1-1.mga7.x86_64.rpm kernel-server-devel-5.4.12-1.mga7-1-1.mga7.x86_64.rpm kernel-server-devel-latest-5.4.12-1.mga7.x86_64.rpm kernel-server-latest-5.4.12-1.mga7.x86_64.rpm kernel-source-5.4.12-1.mga7-1-1.mga7.noarch.rpm kernel-source-latest-5.4.12-1.mga7.noarch.rpm kernel-userspace-headers-5.4.12-1.mga7.x86_64.rpm lib64bpf0-5.4.12-1.mga7.x86_64.rpm lib64bpf-devel-5.4.12-1.mga7.x86_64.rpm perf-5.4.12-1.mga7.x86_64.rpm virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.14-20.mga7.x86_64.rpm virtualbox-kernel-5.4.12-server-1.mga7-6.0.14-20.mga7.x86_64.rpm virtualbox-kernel-desktop-latest-6.0.14-20.mga7.x86_64.rpm virtualbox-kernel-server-latest-6.0.14-20.mga7.x86_64.rpm xtables-addons-kernel-5.4.12-desktop-1.mga7-3.7-10.mga7.x86_64.rpm xtables-addons-kernel-5.4.12-server-1.mga7-3.7-10.mga7.x86_64.rpm xtables-addons-kernel-desktop-latest-3.7-10.mga7.x86_64.rpm xtables-addons-kernel-server-latest-3.7-10.mga7.x86_64.rpm
Advisory, added to svn: type: security subject: Updated kernel packages fix security vulnerabilities CVE: - CVE-2019-14615 - CVE-2019-14895 src: 7: core: - kernel-5.4.12-1.mga7 - kmod-virtualbox-6.0.14-20.mga7 - kmod-xtables-addons-3.7-10.mga7 description: | This update is based on upstream 5.4.12 and fixes atleast the following security vulnerabilities: Intel GPU Hardware prior to Gen11 does not clear EU state during a context switch. This can result in information leakage between contexts (CVE-2019-14615). A heap-based buffer overflow was discovered in the Marvell WiFi chip driver. The flaw could occur when the station attempts a connection negotiation during the handling of the remote devices country settings. This could allow the remote device to cause a denial of service (system crash) or possibly execute arbitrary code (CVE-2019-14895). For other fixes in this update, see the referenced changelogs. references: - https://bugs.mageia.org/show_bug.cgi?id=26078 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.11 - https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.12
Keywords: (none) => advisory
Hi! I've installed the new kernel version on Mageia 7.1 Virtualbox x64. No issues, no problems, boot fine. Greetings.
CC: (none) => joselp
System: Host: canopus Kernel: 5.4.12-desktop-1.mga7 x86_64 CPU: 10-Core: Intel Core i9-7900X type: MT MCP speed: 1201 MHz Machine: Type: Desktop Mobo: ASUSTeK model: TUF X299 MARK 2 v: Rev 1.xx Graphics Device-1: NVIDIA GP102 [GeForce GTX 1080 Ti] driver: nvidia v: 430.64 RAM: 31.05 GB Updates went smoothly. Reboot hung as usual on this machine. Powered down and restarted OK. stress tests OK. glmark2 runs - at last. Virtualbox launches Mageia clients OK. $ sudo mount -a brings up NFS shares. All good here for this machine. Shall try to avoid rebooting.
CC: (none) => tarazed25
On second thoughts tried a warm reboot on the comment 3 machine - it failed. There is some kind of BIOS error reported at the beginning and there is some mechanical activity in the box; sounds like a repeated disk seek. Unmounting the data disk and trying again.
No, that was a red herring. The initial error is ACPI BIOS error: bug: failure to create object or something like that. Reinstated the data disk in fstab and mounted it. The mechanical activity still occurred without the data disk being mounted. No idea what to do about this problem - not possible to get diagnostics when the system freezes.
After update: $ uname -a Linux mach5.hviaene.thuis 5.4.12-desktop-1.mga7 #1 SMP Tue Jan 14 21:14:55 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux Tried usual document types, sound, video, NFS access to remote shares, remote scanner, internet access. All OK
CC: (none) => herman.viaene
System: Host: belexeuli Kernel: 5.4.12-desktop-1.mga7 x86_64 bits: 64 CPU: Quad Core: Intel Core i7-2600 type: MT MCP speed: 1597 MHz Machine: Type: Desktop System: Alienware product: Alienware X51 v: 00 Graphics Device-1: Intel 2nd Generation Core Processor Family Integrated Graphics Device-2: NVIDIA GF114 [GeForce GTX 555] driver: nvidia v: 390.132 Problems with the new kernel. Unable to reboot. Experimented for a couple of hours and got nowhere. The trouble seems to lie in the area of nvidia graphics. The boot process hangs just after the Plymouth boot screen is terminated. Seemed likely that there was trouble with the dm or grahics driver so after reverting to 5.4.10 switched from gdm to sddm and tried again. Still nothing but virtual consoles were available. Logged in and saved the journal. dmesg repeated 3 times: nvidia-modeset: version mismatch nvidia-modeset.ko (390.132) nvidia-modeset.ko (430.64). 390 should be chosen. Re-installed nvidia graphics and tried again. No-go. dmesg showed the same mismatch as before. Gave up on nvidia and switched to Xorg nouveau (drakx11). Rebooted smoothly to the desktop. This is a workstation, running fine on wifi. stress tests completed. glmark2 and teapot run. Read a vcard in LibreOffice and exported it as a PDF. Stellarium launches, slowly, but the sky comes up in an ominous red (climate change perhaps ;-) ). Looks like the kernel is OK on this hardware as long as nvidia is avoided. Not a problem on this machine - used only for testing where advanced graphical capabilities are not normally needed.
(In reply to Len Lawrence from comment #7) > Logged in and > saved the journal. dmesg repeated 3 times: nvidia-modeset: version mismatch > nvidia-modeset.ko (390.132) nvidia-modeset.ko (430.64). > > 390 should be chosen. Re-installed nvidia graphics and tried again. No-go. Please configure that system for nouveau or vesa, then remove any nvidia packages, recreate the initrd with "dracut -f" to get rid of all the nvidia modules. then reboot and reconfigure your system to use nvidia again, does it install nvidia390 or nvidia-current ?
Thanks Thomas. On it. For the record this is what the system holds just now: nvidia390-doc-html-390.132-1.mga7.nonfree x11-driver-video-nvidia390-390.132-1.mga7.nonfree dkms-nvidia390-390.132-1.mga7.nonfree dkms-nvidia-current-430.64-2.mga7.nonfree
Thanks for the quick diagnosis Thomas. That did the trick. $ rpm -qa | grep nvidia nvidia390-doc-html-390.132-1.mga7.nonfree dkms-nvidia390-390.132-1.mga7.nonfree x11-driver-video-nvidia390-390.132-1.mga7.nonfree NFS shares mounted automatically. glmark2 runs with an average framerate about 40 times higher than with nouveau. Launched a 32-bit Mageia client in virtualbox. Played video in vlc. stellarium functions normally. Kernel is OK on this hardware.
on mga7-64 kernel-desktop plasma Packages installed cleanly: - cpupower-5.4.12-1.mga7.x86_64 - kernel-desktop-5.4.12-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-5.4.12-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.4.12-1.mga7.x86_64 - kernel-desktop-latest-5.4.12-1.mga7.x86_64 - kernel-userspace-headers-5.4.12-1.mga7.x86_64 - virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.14-20.mga7.x86_64 - virtualbox-kernel-desktop-latest-6.0.14-20.mga7.x86_64 system re-booted normally: $ uname -r 5.4.12-desktop-1.mga7 # dkms status virtualbox, 6.0.14-2.mga7, 5.4.12-desktop-1.mga7, x86_64: installed virtualbox, 6.0.14-2.mga7, 5.4.12-desktop-1.mga7, x86_64: installed-binary from 5.4.12-desktop-1.mga7 vbox and client launched normally no regressions observed looks OK for mga7-64 on this system: Mobo: Dell model: 09WH54 v: UEFI [Legacy]: Dell v: 2.13.1 CPU: Intel Core i7-6700 Graphics: Intel HD Graphics 530 (Skylake GT2)
CC: (none) => jim
on mga7-32 in a vbox VM kernel-desktop586 plasma packages installed cleanly: - cpupower-5.4.12-1.mga7.i586 - kernel-desktop586-5.4.12-1.mga7-1-1.mga7.i586 - kernel-desktop586-devel-5.4.12-1.mga7-1-1.mga7.i586 - kernel-desktop586-devel-latest-5.4.12-1.mga7.i586 - kernel-desktop586-latest-5.4.12-1.mga7.i586 - kernel-userspace-headers-5.4.12-1.mga7.i586 VM started normally: $ uname -r 5.4.12-desktop586-1.mga7 # dkms status vboxadditions, 6.0.14-2.mga7, 5.4.12-desktop586-1.mga7, i586: installed No regressions noted OK for mga7-32 in a vbox VM
32-bit mate installed in vbox and did some high video and cpu items Worked fine.
CC: (none) => brtians1
Host: difda Kernel: 5.4.12-desktop-1.mga7 x86_64 Quad Core: Intel Core i7-4790 type: MT MCP Device-1: NVIDIA GM204 [GeForce GTX 970] driver: nvidia v: 430.64 Updated 24 packages. stress tests OK, glmark2 failed, stellarium runs, virtualbox works. No problems with the desktop. OK.
64 bit OK My machine "svarten": Mainboard: Sabertooth P67, CPU: i7-3770, RAM 16G, Nvidia GTX760 (GK104) using proprietary driver GeForce 420 and later Disk&Filesystem: SSD with EFI and ext 4 /boot, then an encrypted partition for LVM, containing swap and ext4 /home & / Thunderbird, LibreOffice, FreeCad, Ktorrent, Syncthing, Nextcloud client... Video with sound in Firefox VirtualBox 6.0.14 running MSW7 incl host folder sharing, USB2 flash stick, firefox video with sound. CUDA and OpenCL working, my Nvidia GPU is being used by BOINC. Stress test: BOINC use all cores to 100%, then running virtualbox with MSW7 chewing windows update, and other programs in host i can use without problems. Enabling BOINC to use GPU too desktop is occasionally a bit unresponsive as expected, but no other probl Will continue using much as it is my workstation.
CC: (none) => fri
32 bit, physical server - cpupower-5.4.12-1.mga7.i586 - kernel-server-5.4.12-1.mga7-1-1.mga7.i586 - kernel-server-latest-5.4.12-1.mga7.i586 rebooted $ uname -a Linux localhost 5.4.12-server-1.mga7 #1 SMP Tue Jan 14 22:48:47 UTC 2020 i686 i686 i386 GNU/Linux Samba Server working NextCloud/Apache working
In a Vbox client, M7.1, Gnome, 32-bit Testing: kernel-desktop-latest cpupower [root@localhost wilcal]# uname -a Linux localhost 5.4.10-desktop586-1.mga7 #1 SMP Thu Jan 9 20:01:43 UTC 2020 i686 i686 i386 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop586-latest Package kernel-desktop586-latest-5.4.10-1.mga7.i586 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.4.10-1.mga7.i586 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work. Install kernel-desktop586-latest cpupower from updates testing The following 6 packages are going to be installed: - cpupower-5.4.12-1.mga7.i586 - kernel-desktop586-5.4.12-1.mga7-1-1.mga7.i586 - kernel-desktop586-latest-5.4.12-1.mga7.i586 - perl-5.28.2-2.mga7.i586 - perl-base-5.28.2-2.mga7.i586 - perl-doc-5.28.2-2.mga7.noarch Reboot system. [root@localhost wilcal]# uname -a Linux localhost 5.4.12-desktop586-1.mga7 #1 SMP Tue Jan 14 21:09:02 UTC 2020 i686 i686 i386 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop586-latest Package kernel-desktop586-latest-5.4.12-1.mga7.i586 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.4.12-1.mga7.i586 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
CC: (none) => wilcal.int
In a Vbox client, M7.1, Plasma, 64-bit Testing: kernel-desktop-latest cpupower [root@localhost wilcal]# uname -a Linux localhost 5.4.10-desktop-1.mga7 #1 SMP Thu Jan 9 20:02:07 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.4.10-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.4.10-1.mga7.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work. Install kernel-desktop-latest cpupower from updates testing The following 6 packages are going to be installed: - cpupower-5.4.12-1.mga7.x86_64 - kernel-desktop-5.4.12-1.mga7-1-1.mga7.x86_64 - kernel-desktop-latest-5.4.12-1.mga7.x86_64 - perl-5.28.2-2.mga7.x86_64 - perl-base-5.28.2-2.mga7.x86_64 - perl-doc-5.28.2-2.mga7.noarch Reboot system. [root@localhost wilcal]# uname -a Linux localhost 5.4.12-desktop-1.mga7 #1 SMP Tue Jan 14 21:14:55 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.4.12-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.4.12-1.mga7.x86_64 is already installed Boots to a working desktop. Screen resolution is correct. Common apps work.
On real hardware, M7.1, Plasma, 64-bit initial status: kernel-desktop-latest virtualbox virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo kernel-desktop-devel-latest cpupower [root@localhost wilcal]# uname -a Linux localhost 5.4.10-desktop-1.mga7 #1 SMP Thu Jan 9 20:02:07 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.4.10-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox Package virtualbox-6.0.14-2.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-5.4.10-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.4.10-1.mga7.x86_64 is already installed [root@localhost wilcal]# lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia390 Mageia-7-Live-Xfce-i586.iso Create a Vbox client. Works just fine. Boots to a working desktop. install from update_testing: kernel-desktop-latest virtualbox-guest-additions virtualbox-kernel-desktop-latest x11-driver-video-vboxvideo kernel-desktop-devel-latest cpupower The following 11 packages are going to be installed: - cpupower-5.4.12-1.mga7.x86_64 - kernel-desktop-5.4.12-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-5.4.12-1.mga7-1-1.mga7.x86_64 - kernel-desktop-devel-latest-5.4.12-1.mga7.x86_64 - kernel-desktop-latest-5.4.12-1.mga7.x86_64 - perl-5.28.2-2.mga7.x86_64 - perl-base-5.28.2-2.mga7.x86_64 - perl-doc-5.28.2-2.mga7.noarch - virtualbox-guest-additions-6.0.16-1.mga7.x86_64 - virtualbox-kernel-5.4.12-desktop-1.mga7-6.0.14-20.mga7.x86_64 - virtualbox-kernel-desktop-latest-6.0.14-20.mga7.x86_64 [root@localhost wilcal]# uname -a Linux localhost 5.4.12-desktop-1.mga7 #1 SMP Tue Jan 14 21:14:55 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux [root@localhost wilcal]# urpmi kernel-desktop-latest Package kernel-desktop-latest-5.4.12-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-guest-additions Package virtualbox-guest-additions-6.0.16-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi virtualbox-kernel-desktop-latest Package virtualbox-kernel-desktop-latest-6.0.14-20.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi x11-driver-video-vboxvideo Package x11-driver-video-vboxvideo-1.0.0-5.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi kernel-desktop-devel-latest Package kernel-desktop-devel-latest-5.4.12-1.mga7.x86_64 is already installed [root@localhost wilcal]# urpmi cpupower Package cpupower-5.4.12-1.mga7.x86_64 is already installed [wilcal@localhost ~]$ lspci -k 01:00.0 VGA compatible controller: NVIDIA Corporation GF108 [GeForce GT 440] (rev a1) Subsystem: Gigabyte Technology Co., Ltd Device 3518 Kernel driver in use: nvidia Kernel modules: nvidiafb, nouveau, nvidia_drm, nvidia390 Mageia-7-Live-Xfce-i586.iso Still works as a Vbox client. Boots to a working desktop. Mageia-7-Live-GNOME-x86_64.iso Create a Vbox client. Works just fine. Boots to a working desktop. Mageia-7-x86_64.iso Boots to a working desktop. Updates then reboots back to a working desktop.
Enough tests, flushing out
Keywords: (none) => validated_updateWhiteboard: (none) => MGA7-64-OK, MGA7-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0041.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
All OK on 64 bit Plasma resume from suspend: OK incl wifi resume from hibernate: OK incl wifi SSD, LVM, no encryption (wifi have some other issue; switching bewtween access points, need manual disconnect a few seconds but no regression regarding kernel afaik) Thinkpad T400 type 6474-1EG updated; RAM 6G, CPU core2duo T9800, intel GPU