Bump to 4.14.12-1

4 files changed, 16 insertions, 145 deletions

diff --git a/.SRCINFO b/.SRCINFO
index 3e5f57a392af..63f01a68c1c6 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,5 +1,5 @@
 pkgbase = linux-bfq-mq
-	pkgver = 4.14.11
+	pkgver = 4.14.12
 	pkgrel = 1
 	url = https://github.com/Algodev-github/bfq-mq/
 	arch = x86_64
@@ -12,8 +12,8 @@ pkgbase = linux-bfq-mq
 	options = !strip
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz
 	source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.11.xz
-	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.11.sign
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.12.xz
+	source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.12.sign
 	source = https://raw.githubusercontent.com/sirlucjan/kernel_gcc_patch/master/enable_additional_cpu_optimizations_for_gcc_v4.9+_kernel_v4.13+.patch
 	source = https://gitlab.com/sirlucjan/kernel-patches/raw/master/4.14/4.14-bfq-sq-mq-git-20171228.patch
 	source = https://gitlab.com/tom81094/custom-patches/raw/master/bfq-mq/tentative/T0001-Check-presence-on-tree-of-every-entity-after-every-a.patch
@@ -32,15 +32,13 @@ pkgbase = linux-bfq-mq
 	source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
 	source = 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
 	source = 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
-	source = 0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
 	source = 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
 	source = 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
-	source = 0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
 	validpgpkeys = ABAF11C65A2970B130ABE3C479BE3E4300411886
 	validpgpkeys = 647F28654894E3BD457199BE38DBBDC86092693E
 	sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7
 	sha256sums = SKIP
-	sha256sums = f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9
+	sha256sums = da5d8db44b0988e4c45346899d3f5a51f8bd6c25f14e729615ca9ff9f17bdefd
 	sha256sums = SKIP
 	sha256sums = 8b00041911e67654b0bd9602125853a1a94f6155c5cac4f886507554c8324ee8
 	sha256sums = e04958faa40e3a20f7e7e2bd9580b4c4c45d4d576ea3c6537d2e19de25ae5160
@@ -60,10 +58,8 @@ pkgbase = linux-bfq-mq
 	sha256sums = 06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2
 	sha256sums = b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b
 	sha256sums = f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25
-	sha256sums = 705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb
 	sha256sums = 0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f
 	sha256sums = 8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711
-	sha256sums = 914a0a019545ad7d14ed8d5c58d417eb0a8ec12a756beec79a545aabda343b31
 
 pkgname = linux-bfq-mq
 	pkgdesc = The Linux-bfq-mq kernel and modules with the BFQ-MQ scheduler
@@ -74,19 +70,19 @@ pkgname = linux-bfq-mq
 	depends = mkinitcpio>=0.7
 	optdepends = crda: to set the correct wireless channels of your country
 	optdepends = modprobed-db: Keeps track of EVERY kernel module that has ever been probed - useful for those of us who make localmodconfig
-	provides = linux-bfq-mq=4.14.11
-	provides = linux=4.14.11
+	provides = linux-bfq-mq=4.14.12
+	provides = linux=4.14.12
 	backup = etc/mkinitcpio.d/linux-bfq-mq.preset
 
 pkgname = linux-bfq-mq-headers
 	pkgdesc = Header files and scripts for building modules for Linux-bfq-mq kernel
-	depends = linux-bfq-mq=4.14.11
-	provides = linux-bfq-mq-headers=4.14.11
-	provides = linux-headers=4.14.11
+	depends = linux-bfq-mq=4.14.12
+	provides = linux-bfq-mq-headers=4.14.12
+	provides = linux-headers=4.14.12
 
 pkgname = linux-bfq-mq-docs
 	pkgdesc = Kernel hackers manual - HTML documentation that comes with the Linux-bfq-mq kernel
-	depends = linux-bfq-mq=4.14.11
-	provides = linux-bfq-mq-docs=4.14.11
-	provides = linux-docs=4.14.11
+	depends = linux-bfq-mq=4.14.12
+	provides = linux-bfq-mq-docs=4.14.12
+	provides = linux-docs=4.14.12
 
diff --git a/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch b/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
deleted file mode 100644
index 4dca618a8c03..000000000000
--- a/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From d03c0ef520f40c6de691c37e0f168c87b3423015 Mon Sep 17 00:00:00 2001
-Message-Id: <d03c0ef520f40c6de691c37e0f168c87b3423015.1514959852.git.jan.steffens@gmail.com>
-In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-From: Steffen Klassert <steffen.klassert@secunet.com>
-Date: Wed, 15 Nov 2017 06:40:57 +0100
-Subject: [PATCH 4/7] Revert "xfrm: Fix stack-out-of-bounds read in
- xfrm_state_find."
-
-This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e.
-
-This commit breaks transport mode when the policy template
-has widlcard addresses configured, so revert it.
-
-Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
----
- net/xfrm/xfrm_policy.c | 29 ++++++++++++++++++-----------
- 1 file changed, 18 insertions(+), 11 deletions(-)
-
-diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index 2a6093840e7e856e..6bc16bb61b5533ef 100644
---- a/net/xfrm/xfrm_policy.c
-+++ b/net/xfrm/xfrm_policy.c
-@@ -1362,29 +1362,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl,
- 	struct net *net = xp_net(policy);
- 	int nx;
- 	int i, error;
-+	xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family);
-+	xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family);
- 	xfrm_address_t tmp;
- 
- 	for (nx = 0, i = 0; i < policy->xfrm_nr; i++) {
- 		struct xfrm_state *x;
--		xfrm_address_t *local;
--		xfrm_address_t *remote;
-+		xfrm_address_t *remote = daddr;
-+		xfrm_address_t *local  = saddr;
- 		struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];
- 
--		remote = &tmpl->id.daddr;
--		local = &tmpl->saddr;
--		if (xfrm_addr_any(local, tmpl->encap_family)) {
--			error = xfrm_get_saddr(net, fl->flowi_oif,
--					       &tmp, remote,
--					       tmpl->encap_family, 0);
--			if (error)
--				goto fail;
--			local = &tmp;
-+		if (tmpl->mode == XFRM_MODE_TUNNEL ||
-+		    tmpl->mode == XFRM_MODE_BEET) {
-+			remote = &tmpl->id.daddr;
-+			local = &tmpl->saddr;
-+			if (xfrm_addr_any(local, tmpl->encap_family)) {
-+				error = xfrm_get_saddr(net, fl->flowi_oif,
-+						       &tmp, remote,
-+						       tmpl->encap_family, 0);
-+				if (error)
-+					goto fail;
-+				local = &tmp;
-+			}
- 		}
- 
- 		x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);
- 
- 		if (x && x->km.state == XFRM_STATE_VALID) {
- 			xfrm[nx++] = x;
-+			daddr = remote;
-+			saddr = local;
- 			continue;
- 		}
- 		if (x) {
--- 
-2.15.1
-
diff --git a/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch b/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
deleted file mode 100644
index f3af870c7889..000000000000
--- a/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From 51786b65797aed683ca72293a3cb86a2cab987c0 Mon Sep 17 00:00:00 2001
-Message-Id: <51786b65797aed683ca72293a3cb86a2cab987c0.1514959852.git.jan.steffens@gmail.com>
-In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-From: Tom Lendacky <thomas.lendacky@amd.com>
-Date: Tue, 26 Dec 2017 23:43:54 -0600
-Subject: [PATCH 7/7] x86/cpu, x86/pti: Do not enable PTI on AMD processors
-
-AMD processors are not subject to the types of attacks that the kernel
-page table isolation feature protects against.  The AMD microarchitecture
-does not allow memory references, including speculative references, that
-access higher privileged data when running in a lesser privileged mode
-when that access would result in a page fault.
-
-Disable page table isolation by default on AMD processors by not setting
-the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
-is set.
-
-Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
-Reviewed-by: Borislav Petkov <bp@suse.de>
----
- arch/x86/kernel/cpu/common.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index f2a94dfb434e9a7c..b1be494ab4e8badf 100644
---- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
- 
- 	setup_force_cpu_cap(X86_FEATURE_ALWAYS);
- 
--	/* Assume for now that ALL x86 CPUs are insecure */
--	setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
-+	if (c->x86_vendor != X86_VENDOR_AMD)
-+		setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
- 
- 	fpu__init_system(c);
- 
--- 
-2.15.1
-
diff --git a/PKGBUILD b/PKGBUILD
index 43b87cf20d3f..5f4fd9d63ec4 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -66,7 +66,7 @@ _mq_enable=
 
 pkgbase=linux-bfq-mq
 #pkgbase=linux-custom       # Build kernel with a different name
-pkgver=4.14.11
+pkgver=4.14.12
 _srcpatch="${pkgver##*\.*\.}"
 _srcname="linux-${pkgver%%\.${_srcpatch}}"
 pkgrel=1
@@ -132,14 +132,12 @@ source=(# mainline kernel patches
         '0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch'
         '0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch'
         '0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch'
-        '0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch'
         '0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch'
-        '0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch'
-        '0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch')
+        '0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch')
 
 sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
             'SKIP'
-            'f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9'
+            'da5d8db44b0988e4c45346899d3f5a51f8bd6c25f14e729615ca9ff9f17bdefd'
             'SKIP'
             '8b00041911e67654b0bd9602125853a1a94f6155c5cac4f886507554c8324ee8'
             'e04958faa40e3a20f7e7e2bd9580b4c4c45d4d576ea3c6537d2e19de25ae5160'
@@ -159,10 +157,8 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
             '06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2'
             'b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b'
             'f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25'
-            '705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb'
             '0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f'
-            '8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711'
-            '914a0a019545ad7d14ed8d5c58d417eb0a8ec12a756beec79a545aabda343b31')
+            '8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711')
 validpgpkeys=(
               'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds
               '647F28654894E3BD457199BE38DBBDC86092693E' # Greg Kroah-Hartman
@@ -191,17 +187,12 @@ prepare() {
   
   ### Fix https://bugs.archlinux.org/task/56605
       msg "Fix #56605"
-      patch -Np1 -i ../0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
       patch -Np1 -i ../0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
   
   ### Fix https://bugs.archlinux.org/task/56846
       msg "Fix #56846"
       patch -Np1 -i ../0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
   
-  ### For AMD processors, keep PTI off by default
-      msg "For AMD processors, keep PTI off by default"
-      patch -Np1 -i ../0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
-  
   ### Patch source with BFQ-SQ-MQ
         msg "Fix naming schema in BFQ-SQ-MQ patch"
         sed -i -e "s|SUBLEVEL = 0|SUBLEVEL = ${_srcpatch}|g" \