Browse code
kernels: Fix CVE-2017-12188 by updating to 4.9.60
The following commits (included in 4.9.57) fix the CVE:
commit 28955b03fac36829831e185e3ec2793f8eb18689 (KVM: nVMX: update
last_nonleaf_level when initializing nested EPT).
commit 3610c4a7838df867d1b9d83a38c87042859ff896 (KVM: MMU: always
terminate page walks at level 1).
So update to the latest stable kernel [4.9.60] to get these fixes.
Also, remove our local Hyper-V patch titled "vmbus: fix the missed
signaling in hv_signal_on_read()", since it has been included in
4.9.60.
Change-Id: Icfc445eeed76bef1e42425e1599df84357279240
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4224
Reviewed-by: Anish Swaminathan <anishs@vmware.com>
Tested-by: Anish Swaminathan <anishs@vmware.com>
Srivatsa S. Bhat authored on 2017/11/07 11:00:03Showing 5 changed files
- SPECS/linux-api-headers/linux-api-headers.spec
- SPECS/linux/0013-vmbus-fix-the-missed-signaling-in-hv_signal_on_read.patch
- SPECS/linux/linux-esx.spec
- SPECS/linux/linux-secure.spec
- SPECS/linux/linux.spec
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
Summary: Linux API header files |
| 2 | 2 |
Name: linux-api-headers |
| 3 |
-Version: 4.9.53 |
|
| 3 |
+Version: 4.9.60 |
|
| 4 | 4 |
Release: 1%{?dist}
|
| 5 | 5 |
License: GPLv2 |
| 6 | 6 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 11 |
-%define sha1 linux=b3e6e5608b6684d103fea702cd08b498162a4c96 |
|
| 11 |
+%define sha1 linux=1f30f2da710d5dcb63f15f69fdb2c90e96064179 |
|
| 12 | 12 |
BuildArch: noarch |
| 13 | 13 |
%description |
| 14 | 14 |
The Linux API Headers expose the kernel's API for use by Glibc. |
| ... | ... |
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
|
| 25 | 25 |
%defattr(-,root,root) |
| 26 | 26 |
%{_includedir}/*
|
| 27 | 27 |
%changelog |
| 28 |
+* Mon Nov 06 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.60-1 |
|
| 29 |
+- Version update |
|
| 28 | 30 |
* Thu Oct 05 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.53-1 |
| 29 | 31 |
- Version update |
| 30 | 32 |
* Mon Oct 02 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.52-1 |
| 31 | 33 |
deleted file mode 100644 |
| ... | ... |
@@ -1,47 +0,0 @@ |
| 1 |
-From 34b5cdf37eacf3a82a9f47d8728c13acc11baed7 Mon Sep 17 00:00:00 2001 |
|
| 2 |
-From: Dexuan Cui <decui@microsoft.com> |
|
| 3 |
-Date: Thu, 6 Jul 2017 21:37:11 +0000 |
|
| 4 |
-Subject: [PATCH 13/13] vmbus: fix the missed signaling in hv_signal_on_read() |
|
| 5 |
- |
|
| 6 |
-There is an off-by-one bug here, which can cause host-to-guest write to stall. |
|
| 7 |
- |
|
| 8 |
-When cur_write_sz == pending_sz, we shouldn't signal the host because it's |
|
| 9 |
-meaningless: the ring mustn't be 100% full. |
|
| 10 |
- |
|
| 11 |
-But when cached_write_sz == pending_sz, we must signal the host. |
|
| 12 |
- |
|
| 13 |
-Fixes: 433e19cf33d3 ("Drivers: hv: vmbus: finally fix
|
|
| 14 |
-hv_need_to_signal_on_read()") |
|
| 15 |
- |
|
| 16 |
-Signed-off-by: John Starks <John.Starks@microsoft.com> |
|
| 17 |
-Signed-off-by: Dexuan Cui <decui@microsoft.com> |
|
| 18 |
-Cc: Haiyang Zhang <haiyangz@microsoft.com> |
|
| 19 |
-Cc: Stephen Hemminger <sthemmin@microsoft.com> |
|
| 20 |
-Cc: "K. Y. Srinivasan" <kys@microsoft.com> |
|
| 21 |
-Cc: <stable@vger.kernel.org> |
|
| 22 |
-Origin: https://patchwork.kernel.org/patch/9829039/ |
|
| 23 |
- include/linux/hyperv.h | 4 ++-- |
|
| 24 |
- 1 file changed, 2 insertions(+), 2 deletions(-) |
|
| 25 |
- |
|
| 26 |
-diff --git a/include/linux/hyperv.h b/include/linux/hyperv.h |
|
| 27 |
-index 9ee292b28e41..a87757cf277b 100644 |
|
| 28 |
-+++ b/include/linux/hyperv.h |
|
| 29 |
-@@ -1525,11 +1525,11 @@ static inline void hv_signal_on_read(struct vmbus_channel *channel) |
|
| 30 |
- |
|
| 31 |
- cur_write_sz = hv_get_bytes_to_write(rbi); |
|
| 32 |
- |
|
| 33 |
-- if (cur_write_sz < pending_sz) |
|
| 34 |
-+ if (cur_write_sz <= pending_sz) |
|
| 35 |
- return; |
|
| 36 |
- |
|
| 37 |
- cached_write_sz = hv_get_cached_bytes_to_write(rbi); |
|
| 38 |
-- if (cached_write_sz < pending_sz) |
|
| 39 |
-+ if (cached_write_sz <= pending_sz) |
|
| 40 |
- vmbus_setevent(channel); |
|
| 41 |
- |
|
| 42 |
- return; |
|
| 43 |
-2.13.0 |
|
| 44 |
- |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-esx |
| 4 |
-Version: 4.9.53 |
|
| 5 |
-Release: 5%{?dist}
|
|
| 4 |
+Version: 4.9.60 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=b3e6e5608b6684d103fea702cd08b498162a4c96 |
|
| 12 |
+%define sha1 linux=1f30f2da710d5dcb63f15f69fdb2c90e96064179 |
|
| 13 | 13 |
Source1: config-esx |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
# common |
| ... | ... |
@@ -198,6 +198,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 198 | 198 |
/usr/src/linux-headers-%{uname_r}
|
| 199 | 199 |
|
| 200 | 200 |
%changelog |
| 201 |
+* Mon Nov 06 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.60-1 |
|
| 202 |
+- Version update |
|
| 201 | 203 |
* Wed Oct 25 2017 Anish Swaminathan <anishs@vmware.com> 4.9.53-5 |
| 202 | 204 |
- Enable x86 vsyscall emulation |
| 203 | 205 |
* Tue Oct 17 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.53-4 |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-secure |
| 4 |
-Version: 4.9.53 |
|
| 5 |
-Release: 3%{?dist}
|
|
| 4 |
+Version: 4.9.60 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=b3e6e5608b6684d103fea702cd08b498162a4c96 |
|
| 12 |
+%define sha1 linux=1f30f2da710d5dcb63f15f69fdb2c90e96064179 |
|
| 13 | 13 |
Source1: config-secure |
| 14 | 14 |
Source2: aufs4.9.tar.gz |
| 15 | 15 |
%define sha1 aufs=ebe716ce4b638a3772c7cd3161abbfe11d584906 |
| ... | ... |
@@ -41,7 +41,6 @@ Patch21: 0009-Drivers-hv-Log-the-negotiated-IC-versions.patch |
| 41 | 41 |
Patch22: 0010-vmbus-fix-missed-ring-events-on-boot.patch |
| 42 | 42 |
Patch23: 0011-vmbus-remove-goto-error_clean_msglist-in-vmbus_open.patch |
| 43 | 43 |
Patch24: 0012-vmbus-dynamically-enqueue-dequeue-the-channel-on-vmb.patch |
| 44 |
-Patch25: 0013-vmbus-fix-the-missed-signaling-in-hv_signal_on_read.patch |
|
| 45 | 44 |
Patch26: 0014-hv_sock-introduce-Hyper-V-Sockets.patch |
| 46 | 45 |
#FIPS patches - allow some algorithms |
| 47 | 46 |
Patch27: 0001-Revert-crypto-testmgr-Disable-fips-allowed-for-authe.patch |
| ... | ... |
@@ -142,7 +141,6 @@ EOF |
| 142 | 142 |
%patch22 -p1 |
| 143 | 143 |
%patch23 -p1 |
| 144 | 144 |
%patch24 -p1 |
| 145 |
-%patch25 -p1 |
|
| 146 | 145 |
%patch26 -p1 |
| 147 | 146 |
%patch27 -p1 |
| 148 | 147 |
%patch28 -p1 |
| ... | ... |
@@ -264,6 +262,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 264 | 264 |
/usr/src/linux-headers-%{uname_r}
|
| 265 | 265 |
|
| 266 | 266 |
%changelog |
| 267 |
+* Mon Nov 06 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.60-1 |
|
| 268 |
+- Version update |
|
| 267 | 269 |
* Wed Oct 11 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.53-3 |
| 268 | 270 |
- Add patch "KVM: Don't accept obviously wrong gsi values via |
| 269 | 271 |
KVM_IRQFD" to fix CVE-2017-1000252. |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 |
-Version: 4.9.53 |
|
| 5 |
-Release: 3%{?dist}
|
|
| 4 |
+Version: 4.9.60 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=b3e6e5608b6684d103fea702cd08b498162a4c96 |
|
| 12 |
+%define sha1 linux=1f30f2da710d5dcb63f15f69fdb2c90e96064179 |
|
| 13 | 13 |
Source1: config |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
%define ena_version 1.1.3 |
| ... | ... |
@@ -38,7 +38,6 @@ Patch18: 0009-Drivers-hv-Log-the-negotiated-IC-versions.patch |
| 38 | 38 |
Patch19: 0010-vmbus-fix-missed-ring-events-on-boot.patch |
| 39 | 39 |
Patch20: 0011-vmbus-remove-goto-error_clean_msglist-in-vmbus_open.patch |
| 40 | 40 |
Patch21: 0012-vmbus-dynamically-enqueue-dequeue-the-channel-on-vmb.patch |
| 41 |
-Patch22: 0013-vmbus-fix-the-missed-signaling-in-hv_signal_on_read.patch |
|
| 42 | 41 |
Patch23: 0014-hv_sock-introduce-Hyper-V-Sockets.patch |
| 43 | 42 |
#FIPS patches - allow some algorithms |
| 44 | 43 |
Patch24: 0001-Revert-crypto-testmgr-Disable-fips-allowed-for-authe.patch |
| ... | ... |
@@ -138,7 +137,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
| 138 | 138 |
%patch19 -p1 |
| 139 | 139 |
%patch20 -p1 |
| 140 | 140 |
%patch21 -p1 |
| 141 |
-%patch22 -p1 |
|
| 142 | 141 |
%patch23 -p1 |
| 143 | 142 |
%patch24 -p1 |
| 144 | 143 |
%patch25 -p1 |
| ... | ... |
@@ -304,6 +302,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 304 | 304 |
/usr/share/doc/* |
| 305 | 305 |
|
| 306 | 306 |
%changelog |
| 307 |
+* Mon Nov 06 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.60-1 |
|
| 308 |
+- Version update |
|
| 307 | 309 |
* Wed Oct 11 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.53-3 |
| 308 | 310 |
- Add patch "KVM: Don't accept obviously wrong gsi values via |
| 309 | 311 |
KVM_IRQFD" to fix CVE-2017-1000252. |