diff options
| -rw-r--r-- | .SRCINFO | 24 | ||||
| -rw-r--r-- | 0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch | 74 | ||||
| -rw-r--r-- | 0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch (renamed from 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch) | 0 | ||||
| -rw-r--r-- | 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch | 49 | ||||
| -rw-r--r-- | 0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch | 42 | ||||
| -rw-r--r-- | PKGBUILD | 23 |
6 files changed, 14 insertions, 198 deletions
@@ -1,7 +1,7 @@ # Generated by mksrcinfo v8 -# Fri Jan 5 20:17:22 UTC 2018 +# Fri Jan 5 20:32:20 UTC 2018 pkgbase = linux-ck - pkgver = 4.14.11 + pkgver = 4.14.12 pkgrel = 1 url = https://wiki.archlinux.org/index.php/Linux-ck arch = x86_64 @@ -13,8 +13,8 @@ pkgbase = linux-ck options = !strip source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.xz source = https://www.kernel.org/pub/linux/kernel/v4.x/linux-4.14.tar.sign - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.11.xz - source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.11.sign + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.12.xz + source = https://www.kernel.org/pub/linux/kernel/v4.x/patch-4.14.12.sign source = config source = 60-linux.hook source = 90-linux.hook @@ -29,13 +29,10 @@ pkgbase = linux-ck source = 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch source = 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch source = 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - source = 0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch - source = 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - source = 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch - source = 0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch + source = 0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch sha256sums = f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 sha256sums = SKIP - sha256sums = f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9 + sha256sums = da5d8db44b0988e4c45346899d3f5a51f8bd6c25f14e729615ca9ff9f17bdefd sha256sums = SKIP sha256sums = 67030bc59cfe1c2d57a1284905e61a03b9aaa1516e1831dd3b74528ff7999ca3 sha256sums = ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21 @@ -51,10 +48,7 @@ pkgbase = linux-ck sha256sums = 06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2 sha256sums = b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b sha256sums = f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25 - sha256sums = 705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb - sha256sums = 0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f sha256sums = 8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711 - sha256sums = 914a0a019545ad7d14ed8d5c58d417eb0a8ec12a756beec79a545aabda343b31 pkgname = linux-ck pkgdesc = The Linux-ck kernel and modules with the ck1 patchset featuring MuQSS CPU scheduler v0.162 @@ -64,12 +58,12 @@ pkgname = linux-ck depends = kmod depends = mkinitcpio>=0.7 optdepends = crda: to set the correct wireless channels of your country - provides = linux-ck=4.14.11 + provides = linux-ck=4.14.12 backup = etc/mkinitcpio.d/linux-ck.preset pkgname = linux-ck-headers pkgdesc = Header files and scripts for building modules for Linux-ck kernel depends = linux-ck - provides = linux-ck-headers=4.14.11 - provides = linux-headers=4.14.11 + provides = linux-ck-headers=4.14.12 + provides = linux-headers=4.14.12 diff --git a/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch b/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch deleted file mode 100644 index 4dca618a8c03..000000000000 --- a/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch +++ /dev/null @@ -1,74 +0,0 @@ -From d03c0ef520f40c6de691c37e0f168c87b3423015 Mon Sep 17 00:00:00 2001 -Message-Id: <d03c0ef520f40c6de691c37e0f168c87b3423015.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -From: Steffen Klassert <steffen.klassert@secunet.com> -Date: Wed, 15 Nov 2017 06:40:57 +0100 -Subject: [PATCH 4/7] Revert "xfrm: Fix stack-out-of-bounds read in - xfrm_state_find." - -This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e. - -This commit breaks transport mode when the policy template -has widlcard addresses configured, so revert it. - -Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> ---- - net/xfrm/xfrm_policy.c | 29 ++++++++++++++++++----------- - 1 file changed, 18 insertions(+), 11 deletions(-) - -diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 2a6093840e7e856e..6bc16bb61b5533ef 100644 ---- a/net/xfrm/xfrm_policy.c -+++ b/net/xfrm/xfrm_policy.c -@@ -1362,29 +1362,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl, - struct net *net = xp_net(policy); - int nx; - int i, error; -+ xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family); -+ xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family); - xfrm_address_t tmp; - - for (nx = 0, i = 0; i < policy->xfrm_nr; i++) { - struct xfrm_state *x; -- xfrm_address_t *local; -- xfrm_address_t *remote; -+ xfrm_address_t *remote = daddr; -+ xfrm_address_t *local = saddr; - struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i]; - -- remote = &tmpl->id.daddr; -- local = &tmpl->saddr; -- if (xfrm_addr_any(local, tmpl->encap_family)) { -- error = xfrm_get_saddr(net, fl->flowi_oif, -- &tmp, remote, -- tmpl->encap_family, 0); -- if (error) -- goto fail; -- local = &tmp; -+ if (tmpl->mode == XFRM_MODE_TUNNEL || -+ tmpl->mode == XFRM_MODE_BEET) { -+ remote = &tmpl->id.daddr; -+ local = &tmpl->saddr; -+ if (xfrm_addr_any(local, tmpl->encap_family)) { -+ error = xfrm_get_saddr(net, fl->flowi_oif, -+ &tmp, remote, -+ tmpl->encap_family, 0); -+ if (error) -+ goto fail; -+ local = &tmp; -+ } - } - - x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family); - - if (x && x->km.state == XFRM_STATE_VALID) { - xfrm[nx++] = x; -+ daddr = remote; -+ saddr = local; - continue; - } - if (x) { --- -2.15.1 - diff --git a/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch b/0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch index 0a54ce129b3b..0a54ce129b3b 100644 --- a/0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch +++ b/0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch diff --git a/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch b/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch deleted file mode 100644 index edd7b24a32d6..000000000000 --- a/0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 3721d64246982f91a5bf863fc17ac60ff722e0c4 Mon Sep 17 00:00:00 2001 -Message-Id: <3721d64246982f91a5bf863fc17ac60ff722e0c4.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -From: Steffen Klassert <steffen.klassert@secunet.com> -Date: Fri, 22 Dec 2017 10:44:57 +0100 -Subject: [PATCH 5/7] xfrm: Fix stack-out-of-bounds read on socket policy - lookup. - -When we do tunnel or beet mode, we pass saddr and daddr from the -template to xfrm_state_find(), this is ok. On transport mode, -we pass the addresses from the flowi, assuming that the IP -addresses (and address family) don't change during transformation. -This assumption is wrong in the IPv4 mapped IPv6 case, packet -is IPv4 and template is IPv6. - -Fix this by catching address family missmatches of the policy -and the flow already before we do the lookup. - -Reported-by: syzbot <syzkaller@googlegroups.com> -Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com> ---- - net/xfrm/xfrm_policy.c | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) - -diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c -index 6bc16bb61b5533ef..50c5f46b5cca942e 100644 ---- a/net/xfrm/xfrm_policy.c -+++ b/net/xfrm/xfrm_policy.c -@@ -1169,9 +1169,15 @@ static struct xfrm_policy *xfrm_sk_policy_lookup(const struct sock *sk, int dir, - again: - pol = rcu_dereference(sk->sk_policy[dir]); - if (pol != NULL) { -- bool match = xfrm_selector_match(&pol->selector, fl, family); -+ bool match; - int err = 0; - -+ if (pol->family != family) { -+ pol = NULL; -+ goto out; -+ } -+ -+ match = xfrm_selector_match(&pol->selector, fl, family); - if (match) { - if ((sk->sk_mark & pol->mark.m) != pol->mark.v) { - pol = NULL; --- -2.15.1 - diff --git a/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch b/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch deleted file mode 100644 index f3af870c7889..000000000000 --- a/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 51786b65797aed683ca72293a3cb86a2cab987c0 Mon Sep 17 00:00:00 2001 -Message-Id: <51786b65797aed683ca72293a3cb86a2cab987c0.1514959852.git.jan.steffens@gmail.com> -In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com> -From: Tom Lendacky <thomas.lendacky@amd.com> -Date: Tue, 26 Dec 2017 23:43:54 -0600 -Subject: [PATCH 7/7] x86/cpu, x86/pti: Do not enable PTI on AMD processors - -AMD processors are not subject to the types of attacks that the kernel -page table isolation feature protects against. The AMD microarchitecture -does not allow memory references, including speculative references, that -access higher privileged data when running in a lesser privileged mode -when that access would result in a page fault. - -Disable page table isolation by default on AMD processors by not setting -the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI -is set. - -Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com> -Reviewed-by: Borislav Petkov <bp@suse.de> ---- - arch/x86/kernel/cpu/common.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c -index f2a94dfb434e9a7c..b1be494ab4e8badf 100644 ---- a/arch/x86/kernel/cpu/common.c -+++ b/arch/x86/kernel/cpu/common.c -@@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c) - - setup_force_cpu_cap(X86_FEATURE_ALWAYS); - -- /* Assume for now that ALL x86 CPUs are insecure */ -- setup_force_cpu_bug(X86_BUG_CPU_INSECURE); -+ if (c->x86_vendor != X86_VENDOR_AMD) -+ setup_force_cpu_bug(X86_BUG_CPU_INSECURE); - - fpu__init_system(c); - --- -2.15.1 - @@ -62,7 +62,7 @@ _use_current= pkgbase=linux-ck _srcname=linux-4.14 -pkgver=4.14.11 +pkgver=4.14.12 pkgrel=1 _ckpatchversion=1 arch=('x86_64') @@ -93,10 +93,7 @@ source=( 0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch 0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch 0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - 0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch - 0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - 0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch - 0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch + 0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch ) validpgpkeys=( 'ABAF11C65A2970B130ABE3C479BE3E4300411886' # Linus Torvalds @@ -104,7 +101,7 @@ validpgpkeys=( ) sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' 'SKIP' - 'f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9' + 'da5d8db44b0988e4c45346899d3f5a51f8bd6c25f14e729615ca9ff9f17bdefd' 'SKIP' '67030bc59cfe1c2d57a1284905e61a03b9aaa1516e1831dd3b74528ff7999ca3' 'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21' @@ -120,10 +117,7 @@ sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7' '06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2' 'b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b' 'f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25' - '705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb' - '0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f' - '8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711' - '914a0a019545ad7d14ed8d5c58d417eb0a8ec12a756beec79a545aabda343b31') + '8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711') _kernelname=${pkgbase#linux} @@ -143,15 +137,8 @@ prepare() { # https://nvd.nist.gov/vuln/detail/CVE-2017-8824 patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch - # https://bugs.archlinux.org/task/56605 - patch -Np1 -i ../0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch - patch -Np1 -i ../0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch - # https://bugs.archlinux.org/task/56846 - patch -Np1 -i ../0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch - - # For AMD processors, keep PTI off by default - patch -Np1 -i ../0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch + patch -Np1 -i ../0004-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch # fix naming schema in EXTRAVERSION of ck patch set sed -i -re "s/^(.EXTRAVERSION).*$/\1 = /" "../${_ckpatchname}" |