4.14.12-1

This commit is contained in:
Jan Alexander Steffens 2018-01-05 22:24:00 +00:00
parent 540a56c51a
commit ed8f0b123d
9 changed files with 80 additions and 157 deletions

View file

@ -1,8 +1,8 @@
From fb89d912d5f7289d3a922c77b671e36e1c740f5e Mon Sep 17 00:00:00 2001 From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001
Message-Id: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
From: Serge Hallyn <serge.hallyn@canonical.com> From: Serge Hallyn <serge.hallyn@canonical.com>
Date: Fri, 31 May 2013 19:12:12 +0100 Date: Fri, 31 May 2013 19:12:12 +0100
Subject: [PATCH 1/7] add sysctl to disallow unprivileged CLONE_NEWUSER by Subject: [PATCH 1/6] add sysctl to disallow unprivileged CLONE_NEWUSER by
default default
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

View file

@ -1,10 +1,10 @@
From 8c6956686606b9c3661e74a410c8cb2fc276c5ee Mon Sep 17 00:00:00 2001 From e6a5e05524563626d14c1745619e37e79cb5a3a7 Mon Sep 17 00:00:00 2001
Message-Id: <8c6956686606b9c3661e74a410c8cb2fc276c5ee.1514959852.git.jan.steffens@gmail.com> Message-Id: <e6a5e05524563626d14c1745619e37e79cb5a3a7.1515173964.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
From: Benjamin Poirier <bpoirier@suse.com> From: Benjamin Poirier <bpoirier@suse.com>
Date: Mon, 11 Dec 2017 16:26:40 +0900 Date: Mon, 11 Dec 2017 16:26:40 +0900
Subject: [PATCH 2/7] e1000e: Fix e1000_check_for_copper_link_ich8lan return Subject: [PATCH 2/6] e1000e: Fix e1000_check_for_copper_link_ich8lan return
value. value.
e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan() e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan()

View file

@ -1,10 +1,10 @@
From b81e273fb227373a2951c7256ab11a87d5333a9d Mon Sep 17 00:00:00 2001 From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001
Message-Id: <b81e273fb227373a2951c7256ab11a87d5333a9d.1514959852.git.jan.steffens@gmail.com> Message-Id: <e3fff011db7dd80d53b6bda48bcf2313918aa7a8.1515173964.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
From: Mohamed Ghannam <simo.ghannam@gmail.com> From: Mohamed Ghannam <simo.ghannam@gmail.com>
Date: Tue, 5 Dec 2017 20:58:35 +0000 Date: Tue, 5 Dec 2017 20:58:35 +0000
Subject: [PATCH 3/7] dccp: CVE-2017-8824: use-after-free in DCCP code Subject: [PATCH 3/6] dccp: CVE-2017-8824: use-after-free in DCCP code
Whenever the sock object is in DCCP_CLOSED state, Whenever the sock object is in DCCP_CLOSED state,
dccp_disconnect() must free dccps_hc_tx_ccid and dccp_disconnect() must free dccps_hc_tx_ccid and

View file

@ -1,74 +0,0 @@
From d03c0ef520f40c6de691c37e0f168c87b3423015 Mon Sep 17 00:00:00 2001
Message-Id: <d03c0ef520f40c6de691c37e0f168c87b3423015.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Wed, 15 Nov 2017 06:40:57 +0100
Subject: [PATCH 4/7] Revert "xfrm: Fix stack-out-of-bounds read in
xfrm_state_find."
This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e.
This commit breaks transport mode when the policy template
has widlcard addresses configured, so revert it.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
net/xfrm/xfrm_policy.c | 29 ++++++++++++++++++-----------
1 file changed, 18 insertions(+), 11 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 2a6093840e7e856e..6bc16bb61b5533ef 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -1362,29 +1362,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl,
struct net *net = xp_net(policy);
int nx;
int i, error;
+ xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family);
+ xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family);
xfrm_address_t tmp;
for (nx = 0, i = 0; i < policy->xfrm_nr; i++) {
struct xfrm_state *x;
- xfrm_address_t *local;
- xfrm_address_t *remote;
+ xfrm_address_t *remote = daddr;
+ xfrm_address_t *local = saddr;
struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];
- remote = &tmpl->id.daddr;
- local = &tmpl->saddr;
- if (xfrm_addr_any(local, tmpl->encap_family)) {
- error = xfrm_get_saddr(net, fl->flowi_oif,
- &tmp, remote,
- tmpl->encap_family, 0);
- if (error)
- goto fail;
- local = &tmp;
+ if (tmpl->mode == XFRM_MODE_TUNNEL ||
+ tmpl->mode == XFRM_MODE_BEET) {
+ remote = &tmpl->id.daddr;
+ local = &tmpl->saddr;
+ if (xfrm_addr_any(local, tmpl->encap_family)) {
+ error = xfrm_get_saddr(net, fl->flowi_oif,
+ &tmp, remote,
+ tmpl->encap_family, 0);
+ if (error)
+ goto fail;
+ local = &tmp;
+ }
}
x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);
if (x && x->km.state == XFRM_STATE_VALID) {
xfrm[nx++] = x;
+ daddr = remote;
+ saddr = local;
continue;
}
if (x) {
--
2.15.1

View file

@ -1,10 +1,10 @@
From 3721d64246982f91a5bf863fc17ac60ff722e0c4 Mon Sep 17 00:00:00 2001 From 5a11be3bab2dcd6fe061206662969c4cea46988f Mon Sep 17 00:00:00 2001
Message-Id: <3721d64246982f91a5bf863fc17ac60ff722e0c4.1514959852.git.jan.steffens@gmail.com> Message-Id: <5a11be3bab2dcd6fe061206662969c4cea46988f.1515173964.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
From: Steffen Klassert <steffen.klassert@secunet.com> From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Fri, 22 Dec 2017 10:44:57 +0100 Date: Fri, 22 Dec 2017 10:44:57 +0100
Subject: [PATCH 5/7] xfrm: Fix stack-out-of-bounds read on socket policy Subject: [PATCH 4/6] xfrm: Fix stack-out-of-bounds read on socket policy
lookup. lookup.
When we do tunnel or beet mode, we pass saddr and daddr from the When we do tunnel or beet mode, we pass saddr and daddr from the

View file

@ -1,10 +1,10 @@
From a79cb4d4e540c72a601ca0494e914565c16e2893 Mon Sep 17 00:00:00 2001 From eadda028a73a567edd8462ccd0e8c28e023cde28 Mon Sep 17 00:00:00 2001
Message-Id: <a79cb4d4e540c72a601ca0494e914565c16e2893.1514959852.git.jan.steffens@gmail.com> Message-Id: <eadda028a73a567edd8462ccd0e8c28e023cde28.1515173964.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
From: Tejun Heo <tj@kernel.org> From: Tejun Heo <tj@kernel.org>
Date: Wed, 20 Dec 2017 07:09:19 -0800 Date: Wed, 20 Dec 2017 07:09:19 -0800
Subject: [PATCH 6/7] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC Subject: [PATCH 5/6] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
While teaching css_task_iter to handle skipping over tasks which While teaching css_task_iter to handle skipping over tasks which
aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to

View file

@ -0,0 +1,42 @@
From cf45be4971bdd769c09e2a11db483510cd0bcc5f Mon Sep 17 00:00:00 2001
Message-Id: <cf45be4971bdd769c09e2a11db483510cd0bcc5f.1515173964.git.jan.steffens@gmail.com>
In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
From: Jim Bride <jim.bride@linux.intel.com>
Date: Mon, 6 Nov 2017 13:38:57 -0800
Subject: [PATCH 6/6] drm/i915/edp: Only use the alternate fixed mode if it's
asked for
In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for
eDP if available."), the patch allows for the use of an alternate fixed
mode if it is available, but the patch was not ensuring that the only
time the alternate mode is used is when it is specifically requested.
This patch adds an additional comparison to intel_edp_compare_alt_mode
to ensure that we only use the alternate mode if it is directly
requested.
Fixes: dc911f5bd8aac ("Allow alternate fixed mode for eDP if available.")
Cc: David Weinehall <david.weinehall@linux.intel.com>
Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
Signed-off-by: Jim Bride <jim.bride@linux.intel.com>
---
drivers/gpu/drm/i915/intel_dp.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
index 09f274419eea1c74..838cee312e8e6978 100644
--- a/drivers/gpu/drm/i915/intel_dp.c
+++ b/drivers/gpu/drm/i915/intel_dp.c
@@ -1632,7 +1632,8 @@ static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1,
m1->vdisplay == m2->vdisplay &&
m1->vsync_start == m2->vsync_start &&
m1->vsync_end == m2->vsync_end &&
- m1->vtotal == m2->vtotal);
+ m1->vtotal == m2->vtotal &&
+ m1->vrefresh == m2->vrefresh);
return bres;
}
--
2.15.1

View file

@ -1,42 +0,0 @@
From 51786b65797aed683ca72293a3cb86a2cab987c0 Mon Sep 17 00:00:00 2001
Message-Id: <51786b65797aed683ca72293a3cb86a2cab987c0.1514959852.git.jan.steffens@gmail.com>
In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
From: Tom Lendacky <thomas.lendacky@amd.com>
Date: Tue, 26 Dec 2017 23:43:54 -0600
Subject: [PATCH 7/7] x86/cpu, x86/pti: Do not enable PTI on AMD processors
AMD processors are not subject to the types of attacks that the kernel
page table isolation feature protects against. The AMD microarchitecture
does not allow memory references, including speculative references, that
access higher privileged data when running in a lesser privileged mode
when that access would result in a page fault.
Disable page table isolation by default on AMD processors by not setting
the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
is set.
Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
Reviewed-by: Borislav Petkov <bp@suse.de>
---
arch/x86/kernel/cpu/common.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
index f2a94dfb434e9a7c..b1be494ab4e8badf 100644
--- a/arch/x86/kernel/cpu/common.c
+++ b/arch/x86/kernel/cpu/common.c
@@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
setup_force_cpu_cap(X86_FEATURE_ALWAYS);
- /* Assume for now that ALL x86 CPUs are insecure */
- setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
+ if (c->x86_vendor != X86_VENDOR_AMD)
+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
fpu__init_system(c);
--
2.15.1

View file

@ -4,7 +4,7 @@
pkgbase=linux # Build stock -ARCH kernel pkgbase=linux # Build stock -ARCH kernel
#pkgbase=linux-custom # Build kernel with a different name #pkgbase=linux-custom # Build kernel with a different name
_srcname=linux-4.14 _srcname=linux-4.14
pkgver=4.14.11 pkgver=4.14.12
pkgrel=1 pkgrel=1
arch=('x86_64') arch=('x86_64')
url="https://www.kernel.org/" url="https://www.kernel.org/"
@ -23,10 +23,9 @@ source=(
0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch 0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch 0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch 0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
) )
validpgpkeys=( validpgpkeys=(
'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
@ -34,19 +33,18 @@ validpgpkeys=(
) )
sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
'SKIP' 'SKIP'
'f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9' 'da5d8db44b0988e4c45346899d3f5a51f8bd6c25f14e729615ca9ff9f17bdefd'
'SKIP' 'SKIP'
'24b8cf6829dafcb2b5c76cffaae6438ad2d432f13d6551fa1c8f25e66b751ed4' '24b8cf6829dafcb2b5c76cffaae6438ad2d432f13d6551fa1c8f25e66b751ed4'
'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
'75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919' '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65' 'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
'06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2' 'd8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f'
'b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b' '9251c03da9d4b64591d77f490ff144d4ba514e66e74294ada541bf827306c9c4'
'f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25' '6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8'
'705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb' '1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d'
'0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f' 'c3d743a0e193294bc5fbae65e7ba69fd997cd8b2ded9c9a45c5151d71d9cfb95'
'8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711' 'ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d')
'914a0a019545ad7d14ed8d5c58d417eb0a8ec12a756beec79a545aabda343b31')
_kernelname=${pkgbase#linux} _kernelname=${pkgbase#linux}
@ -72,14 +70,13 @@ prepare() {
patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
# https://bugs.archlinux.org/task/56605 # https://bugs.archlinux.org/task/56605
patch -Np1 -i ../0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch patch -Np1 -i ../0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
patch -Np1 -i ../0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
# https://bugs.archlinux.org/task/56846 # https://bugs.archlinux.org/task/56846
patch -Np1 -i ../0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch patch -Np1 -i ../0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
# For AMD processors, keep PTI off by default # https://bugs.archlinux.org/task/56711
patch -Np1 -i ../0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch patch -Np1 -i ../0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
cp -Tf ../config .config cp -Tf ../config .config