@@ -11,7 +11,7 @@ diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c

 index 70b8c4614e22..987ac571d16c 100644

 --- a/arch/x86/kernel/cpu/vmware.c

 +++ b/arch/x86/kernel/cpu/vmware.c

-@@ -155,6 +155,26 @@ static void __init vmware_cyc2ns_setup(void)

+@@ -155,6 +155,27 @@ static void __init vmware_cyc2ns_setup(void)

  	pr_info("using clock offset of %llu ns\n", d->cyc2ns_offset);

  }

@@ -26,6 +26,7 @@ index 70b8c4614e22..987ac571d16c 100644

 +	.rating = 400,

 +	.mask = CLOCKSOURCE_MASK(64),

 +	.flags = CLOCK_SOURCE_IS_CONTINUOUS,

++	.archdata = { .vclock_mode = VCLOCK_TSC },

 +};

 +

 +/* We want to use clocksource_vmware from the beginning to avoid drifting in

@@ -4501,8 +4501,8 @@ CONFIG_CRYPTO_GLUE_HELPER_X86=m

 #

 # Authenticated Encryption with Associated Data

 #

-# CONFIG_CRYPTO_CCM is not set

-# CONFIG_CRYPTO_GCM is not set

+CONFIG_CRYPTO_CCM=m

+CONFIG_CRYPTO_GCM=m

 # CONFIG_CRYPTO_CHACHA20POLY1305 is not set

 CONFIG_CRYPTO_SEQIV=m

 CONFIG_CRYPTO_ECHAINIV=m

@@ -4536,7 +4536,7 @@ CONFIG_CRYPTO_CRC32C_INTEL=m

 # CONFIG_CRYPTO_CRC32_PCLMUL is not set

 CONFIG_CRYPTO_CRCT10DIF=y

 # CONFIG_CRYPTO_CRCT10DIF_PCLMUL is not set

-# CONFIG_CRYPTO_GHASH is not set

+CONFIG_CRYPTO_GHASH=m

 # CONFIG_CRYPTO_POLY1305 is not set

 # CONFIG_CRYPTO_POLY1305_X86_64 is not set

 CONFIG_CRYPTO_MD4=m

@@ -4601,7 +4601,7 @@ CONFIG_CRYPTO_DES=m

 # Compression

 #

 CONFIG_CRYPTO_DEFLATE=m

-# CONFIG_CRYPTO_LZO is not set

+CONFIG_CRYPTO_LZO=m

 # CONFIG_CRYPTO_842 is not set

 # CONFIG_CRYPTO_LZ4 is not set

 # CONFIG_CRYPTO_LZ4HC is not set

@@ -4437,8 +4437,8 @@ CONFIG_CRYPTO_GLUE_HELPER_X86=m

 #

 # Authenticated Encryption with Associated Data

 #

-# CONFIG_CRYPTO_CCM is not set

-# CONFIG_CRYPTO_GCM is not set

+CONFIG_CRYPTO_CCM=m

+CONFIG_CRYPTO_GCM=m

 # CONFIG_CRYPTO_CHACHA20POLY1305 is not set

 CONFIG_CRYPTO_SEQIV=m

 CONFIG_CRYPTO_ECHAINIV=m

@@ -4472,7 +4472,7 @@ CONFIG_CRYPTO_CRC32C_INTEL=m

 # CONFIG_CRYPTO_CRC32_PCLMUL is not set

 CONFIG_CRYPTO_CRCT10DIF=y

 # CONFIG_CRYPTO_CRCT10DIF_PCLMUL is not set

-# CONFIG_CRYPTO_GHASH is not set

+CONFIG_CRYPTO_GHASH=m

 # CONFIG_CRYPTO_POLY1305 is not set

 # CONFIG_CRYPTO_POLY1305_X86_64 is not set

 CONFIG_CRYPTO_MD4=m

@@ -4537,7 +4537,7 @@ CONFIG_CRYPTO_DES=m

 # Compression

 #

 CONFIG_CRYPTO_DEFLATE=m

-# CONFIG_CRYPTO_LZO is not set

+CONFIG_CRYPTO_LZO=m

 # CONFIG_CRYPTO_842 is not set

 # CONFIG_CRYPTO_LZ4 is not set

 # CONFIG_CRYPTO_LZ4HC is not set

new file mode 100644

@@ -0,0 +1,51 @@

+From 6399f1fae4ec29fab5ec76070435555e256ca3a6 Mon Sep 17 00:00:00 2001

+From: Sabrina Dubroca <sd@queasysnail.net>

+Date: Wed, 19 Jul 2017 22:28:55 +0200

+Subject: [PATCH] ipv6: avoid overflow of offset in ip6_find_1stfragopt

+

+In some cases, offset can overflow and can cause an infinite loop in

+ip6_find_1stfragopt(). Make it unsigned int to prevent the overflow, and

+cap it at IPV6_MAXPLEN, since packets larger than that should be invalid.

+

+This problem has been here since before the beginning of git history.

+

+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>

+Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>

+Signed-off-by: David S. Miller <davem@davemloft.net>

+---

+ net/ipv6/output_core.c | 8 ++++++--

+ 1 file changed, 6 insertions(+), 2 deletions(-)

+

+diff --git a/net/ipv6/output_core.c b/net/ipv6/output_core.c

+index e9065b8d3af85..abb2c307fbe83 100644

+--- a/net/ipv6/output_core.c

+@@ -78,7 +78,7 @@ EXPORT_SYMBOL(ipv6_select_ident);

+ 

+ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)

+ {

+-	u16 offset = sizeof(struct ipv6hdr);

++	unsigned int offset = sizeof(struct ipv6hdr);

+ 	unsigned int packet_len = skb_tail_pointer(skb) -

+ 		skb_network_header(skb);

+ 	int found_rhdr = 0;

+@@ -86,6 +86,7 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)

+ 

+ 	while (offset <= packet_len) {

+ 		struct ipv6_opt_hdr *exthdr;

++		unsigned int len;

+ 

+ 		switch (**nexthdr) {

+ 

+@@ -111,7 +112,10 @@ int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr)

+ 

+ 		exthdr = (struct ipv6_opt_hdr *)(skb_network_header(skb) +

+ 						 offset);

+-		offset += ipv6_optlen(exthdr);

++		len = ipv6_optlen(exthdr);

++		if (len + offset >= IPV6_MAXPLEN)

++			return -EINVAL;

++		offset += len;

+ 		*nexthdr = &exthdr->nexthdr;

+ 	}

+ 

@@ -2,7 +2,7 @@

 Summary:        Kernel

 Name:           linux-esx

 Version:        4.9.41

-Release:        1%{?dist}

+Release:        2%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

@@ -35,6 +35,8 @@ Patch18:        05-pv-ops-clocksource.patch

 Patch19:        06-pv-ops-boot_clock.patch

 Patch20:        07-vmware-only.patch

 Patch21:        vmware-balloon-late-initcall.patch

+# Fix CVE-2017-7542

+Patch22:        ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch

 BuildRequires: bc

 BuildRequires: kbd

 BuildRequires: kmod-devel

@@ -91,6 +93,7 @@ The Linux package contains the Linux kernel doc files

 %patch19 -p1

 %patch20 -p1

 %patch21 -p1

+%patch22 -p1

 %build

 # patch vmw_balloon driver

@@ -187,6 +190,9 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Wed Aug 09 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.41-2

+-   [bugfix] Do not fallback to syscall from VDSO on clock_gettime(MONOTONIC)

+-   Fix CVE-2017-7542

 *   Mon Aug 07 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.41-1

 -   Version update

 *   Wed Jul 26 2017 Bo Gan <ganb@vmware.com> 4.9.38-3

@@ -2,7 +2,7 @@

 Summary:        Kernel

 Name:           linux-secure

 Version:        4.9.41

-Release:        1%{?dist}

+Release:        2%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

@@ -46,6 +46,8 @@ Patch26:        0014-hv_sock-introduce-Hyper-V-Sockets.patch

 #FIPS patches - allow some algorithms

 Patch27:        0001-Revert-crypto-testmgr-Disable-fips-allowed-for-authe.patch

 Patch28:        0002-allow-also-ecb-cipher_null.patch

+# Fix CVE-2017-7542

+Patch29:        ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch

 # NSX requirements (should be removed)

 Patch99:        LKCM.patch

 BuildRequires:  bc

@@ -140,6 +142,7 @@ EOF

 %patch26 -p1

 %patch27 -p1

 %patch28 -p1

+%patch29 -p1

 pushd ..

 %patch99 -p0

@@ -255,6 +258,10 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Wed Aug 09 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.41-2

+-   Fix CVE-2017-7542

+-   [bugfix] Added ccm,gcm,ghash,lzo crypto modules to avoid

+    panic on modprobe tcrypt

 *   Mon Aug 07 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.41-1

 -   Version update

 *   Fri Aug 04 2017 Bo Gan <ganb@vmware.com> 4.9.38-6

@@ -2,7 +2,7 @@

 Summary:        Kernel

 Name:           linux

 Version:        4.9.41

-Release:        1%{?dist}

+Release:        2%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

@@ -43,6 +43,8 @@ Patch23:        0014-hv_sock-introduce-Hyper-V-Sockets.patch

 #FIPS patches - allow some algorithms

 Patch24:        0001-Revert-crypto-testmgr-Disable-fips-allowed-for-authe.patch

 Patch25:        0002-allow-also-ecb-cipher_null.patch

+# Fix CVE-2017-7542

+Patch26:        ipv6-avoid-overflow-of-offset-in-ip6_find_1stfragopt.patch

 BuildRequires:  bc

 BuildRequires:  kbd

@@ -136,6 +138,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch23 -p1

 %patch24 -p1

 %patch25 -p1

+%patch26 -p1

 %build

 make mrproper

@@ -295,6 +298,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 /usr/share/doc/*

 %changelog

+*   Wed Aug 09 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.41-2

+-   Fix CVE-2017-7542

+-   [bugfix] Added ccm,gcm,ghash,lzo crypto modules to avoid

+    panic on modprobe tcrypt

 *   Mon Aug 07 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.41-1

 -   Version update

 *   Fri Aug 04 2017 Bo Gan <ganb@vmware.com> 4.9.38-6