Browse code

Merge branch 'master' of https://github.com/vmware/photon

archive authored on 2018/07/13 23:30:22
Showing 22 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,50 @@
0
+Summary:       unit testing framework for C
1
+Name:          cmocka
2
+Version:       1.1.1
3
+Release:       1%{?dist}
4
+Group:         Development/Libraries
5
+Vendor:        VMware, Inc.
6
+License:       Apache 2.0
7
+URL:           https://cmocka.org/
8
+Source0:       https://cmocka.org/files/1.1/%{name}-%{version}.tar.xz
9
+%define sha1 cmocka=6e872df60804462c3ee1eeb7e9a15538874bca49
10
+Distribution:  Photon
11
+BuildRequires: cmake
12
+
13
+%description
14
+an elegant unit testing framework for C with support for mock objects. It only requires the standard C library, works on a range of computing platforms (including embedded) and with different compilers.
15
+
16
+%prep
17
+%setup
18
+
19
+%build
20
+mkdir build
21
+cd build
22
+cmake \
23
+    -DCMAKE_INSTALL_PREFIX=%{_prefix} \
24
+    ..
25
+make
26
+
27
+%install
28
+cd build
29
+make DESTDIR=%{buildroot} install
30
+
31
+%post
32
+
33
+    /sbin/ldconfig
34
+
35
+    # First argument is 1 => New Installation
36
+    # First argument is 2 => Upgrade
37
+
38
+%clean
39
+rm -rf %{buildroot}/*
40
+
41
+%files
42
+%exclude %{_libdir}/cmake
43
+%{_libdir}/libcmocka.*
44
+%{_libdir}/pkgconfig/cmocka.pc
45
+%{_includedir}/*
46
+
47
+%changelog
48
+*  Fri Jun 29 2018 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 1.1.1-1
49
+-  Initial
... ...
@@ -1,6 +1,6 @@
1 1
 Summary:	Linux API header files
2 2
 Name:		linux-api-headers
3
-Version:	4.14.8
3
+Version:	4.14.54
4 4
 Release:	1%{?dist}
5 5
 License:	GPLv2
6 6
 URL:		http://www.kernel.org/
... ...
@@ -8,7 +8,7 @@ Group:		System Environment/Kernel
8 8
 Vendor:		VMware, Inc.
9 9
 Distribution: Photon
10 10
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
11
-%define sha1 linux=45f140e0eab08428d78d81d4169d531a3e65a297
11
+%define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d
12 12
 BuildArch:	noarch
13 13
 %description
14 14
 The Linux API Headers expose the kernel's API for use by Glibc.
... ...
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
25 25
 %defattr(-,root,root)
26 26
 %{_includedir}/*
27 27
 %changelog
28
+*   Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1
29
+-   Update to version 4.14.54
28 30
 *   Fri Dec 22 2017 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-1
29 31
 -   Version update
30 32
 *   Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1
... ...
@@ -3,106 +3,165 @@ From: Alexey Makhalov <amakhalov@vmware.com>
3 3
 Date: Sat, 4 Feb 2017 04:15:14 +0000
4 4
 Subject: [PATCH 2/3] Added PAX_RANDKSTACK
5 5
 
6
+   Reworked to randomize kernel stack at entry of each syscall instead of exit
7
+   
8
+   Documentation of the original patch
9
+
10
+   1. Design
11
+
12
+   The goal of RANDKSTACK is to introduce randomness into the kernel stack
13
+   addresses of a task.
14
+
15
+   Linux assigns two pages of kernel stack to every task. This stack is used
16
+   whenever the task enters the kernel (system call, device interrupt, CPU
17
+   exception, etc). Note that once the task is executing in kernel land,
18
+   further kernel (re)entry events (device interrupts or CPU exceptions can
19
+   occur at almost any time) will not cause a stack switch.
20
+
21
+   By the time the task returns to userland, the kernel land stack pointer
22
+   will be at the point of the initial entry to the kernel (this also means
23
+   that signals are not delivered to the task until it is ready to return to
24
+   userland, that is signals are asynchronous notifications from the userland
25
+   point of view, not from the kernel's).
26
+
27
+   This behaviour means that a userland originating attack against a kernel
28
+   bug would find itself always at the same place on the task's kernel stack
29
+   therefore we will introduce randomization into the initial value of the
30
+   task's kernel stack pointer. There is another interesting consequence in
31
+   that we can not only introduce but also change the randomization at each
32
+   userland/kernel transition (compare this to RANDUSTACK where the userland
33
+   stack pointer is randomized only once at the very beginning of the task's
34
+   life therefore it is vulnerable to information leaking attacks). In the
35
+   current implementation we opted for changing the randomization at every
36
+   system call since that is the most likely method of kernel entry during
37
+   an attack. Note that while per system call randomization prevents making
38
+   use of leaked information about the randomization in a given task, it does
39
+   not help with attacks where more than one task is involved (where one task
40
+   may be able to learn the randomization of another and then communicate it
41
+   to the other without having to enter the kernel).
42
+
43
+   2. Implementation
44
+
45
+   RANDKSTACK randomizes every task's kernel stack pointer before returning
46
+   from a system call to userland. The i386 specific system call entry point
47
+   is in arch/i386/kernel/entry.S and this is where PaX adds a call to the
48
+   kernel stack pointer randomization function pax_randomize_kstack() found
49
+   in arch/i386/kernel/process.c. The code in entry.S needs to duplicate some
50
+   code found at the ret_from_sys_call label because this code can be reached
51
+   from different paths (e.g., exception handlers) where we do not want to
52
+   apply randomization. Note also that if the task is being debugged (via
53
+   the ptrace() interface) then new randomization is not applied.
54
+
55
+   pax_randomize_kstack() gathers entropy from the rdtsc instruction (read
56
+   time stamp counter) and applies it to bits 2-6 of the kernel stack pointer.
57
+   This means that 5 bits are randomized providing a maximum shift of 128
58
+   bytes - this was deemed safe enough to not cause kernel stack overflows
59
+   yet give enough randomness to deter guessing/brute forcing attempts.
60
+
61
+   The use of rdtsc is justified by the facts that we need a quick entropy
62
+   source and that by the time a remote attacker would get to execute his
63
+   code to exploit a kernel bug, enough system calls would have been issued
64
+   by the attacked process to accumulate more than 5 bits of 'real' entropy
65
+   in the randomized bits (this is why xor is used to apply the rdtsc output).
66
+   Note that most likely due to its microarchitecture, the Intel P4 CPU seems
67
+   to always return the same value in the least significant bit of the time
68
+   stamp counter therefore we ignore it in kernels compiled for the P4.
69
+
70
+   The kernel stack pointer has to be modified at two places: tss->esp0 which
71
+   is the ring-0 stack pointer in the Task State Segment of the current CPU
72
+   (and is used to load esp on a ring transition, such as a system call), and
73
+   second, current->thread.esp0 which is used to reload tss->esp0 on a context
74
+   switch. There is one last subtlety: since the randomization is applied via
75
+   xor and the initial kernel stack pointer of a new task points just above
76
+   its assigned stack (and hence is a page aligned address), we would produce
77
+   esp values pointing above the assigned stack, therefore in copy_thread() we
78
+   initialize thread.esp0 to 4 bytes less than usual so that the randomization
79
+   will shift it within the assigned stack and not above. Since this solution
80
+   'wastes' a mere 4 bytes on the kernel stack, we saw no need to apply it
81
+   selectively to specific tasks only.
82
+
83
+Signed-off-by: Him Kalyan Bordoloi<bordoloih@vmware.com>
84
+
6 85
 ---
7
- arch/x86/entry/entry_64.S    | 16 ++++++++++++++++
8
- arch/x86/kernel/process_64.c | 21 +++++++++++++++++++++
86
+ arch/x86/entry/entry_64.S    | 17 +++++++++++++++--
87
+ arch/x86/kernel/process_64.c | 17 +++++++++++++++++
9 88
  security/Kconfig             | 16 ++++++++++++++++
10
- 3 files changed, 53 insertions(+)
89
+ 3 files changed, 48 insertions(+), 2 deletions(-)
11 90
 
12 91
 diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S
13
-index 2e956af..53d4110 100644
92
+index f7bfa70..dedcbe2 100644
14 93
 --- a/arch/x86/entry/entry_64.S
15 94
 +++ b/arch/x86/entry/entry_64.S
16
-@@ -51,6 +51,16 @@ ENTRY(native_usergs_sysret64)
95
+@@ -53,6 +53,14 @@ ENTRY(native_usergs_sysret64)
17 96
  END(native_usergs_sysret64)
18 97
  #endif /* CONFIG_PARAVIRT */
19 98
  
20 99
 +.macro pax_rand_kstack
21 100
 +#ifdef CONFIG_PAX_RANDKSTACK
22
-+	pushq	%rax
23
-+	pushq	%r11
24 101
 +	call	pax_randomize_kstack
25
-+	popq	%r11
26
-+	popq	%rax
102
++	movq    %rsp, %rdi
103
++	movq    %rax, %rsp
27 104
 +#endif
28 105
 +.endm
29 106
 +
30 107
  .macro TRACE_IRQS_IRETQ
31 108
  #ifdef CONFIG_TRACE_IRQFLAGS
32 109
  	bt	$9, EFLAGS(%rsp)		/* interrupts off? */
33
-@@ -217,6 +227,8 @@ entry_SYSCALL_64_fastpath:
34
- 	testl	$_TIF_ALLWORK_MASK, TASK_TI_flags(%r11)
35
- 	jnz	1f
110
+@@ -229,8 +237,10 @@ GLOBAL(entry_SYSCALL_64_after_hwframe)
111
+ 	TRACE_IRQS_OFF
36 112
  
113
+ 	/* IRQs are off. */
114
+-	movq	%rsp, %rdi
37 115
 +	pax_rand_kstack
38
-+
39
- 	LOCKDEP_SYS_EXIT
40
- 	TRACE_IRQS_ON		/* user mode is traced as IRQs on */
41
- 	movq	RIP(%rsp), %rcx
42
-@@ -246,6 +258,8 @@ entry_SYSCALL64_slow_path:
116
++	pushq	%rdi
43 117
  	call	do_syscall_64		/* returns with IRQs disabled */
118
++	popq	%rsp
44 119
  
45
- return_from_SYSCALL_64:
46
-+	pax_rand_kstack
47
-+
48
- 	RESTORE_EXTRA_REGS
49 120
  	TRACE_IRQS_IRETQ		/* we're about to change IF */
50 121
  
51
-@@ -422,6 +436,7 @@ ENTRY(ret_from_fork)
122
+@@ -391,8 +401,11 @@ ENTRY(ret_from_fork)
123
+ 
124
+ 2:
52 125
  	UNWIND_HINT_REGS
53
- 	movq	%rsp, %rdi
54
- 	call	syscall_return_slowpath	/* returns with IRQs disabled */
126
+-	movq	%rsp, %rdi
55 127
 +	pax_rand_kstack
128
++	pushq	%rdi
129
+ 	call	syscall_return_slowpath	/* returns with IRQs disabled */
130
++	popq	%rsp
131
++
56 132
  	TRACE_IRQS_ON			/* user mode is traced as IRQS on */
57
- 	SWAPGS
58
- 	jmp	restore_regs_and_iret
59
-@@ -611,6 +626,7 @@ ret_from_intr:
60
- GLOBAL(retint_user)
61
- 	mov	%rsp,%rdi
62
- 	call	prepare_exit_to_usermode
63
-+	pax_rand_kstack
64
- 	TRACE_IRQS_IRETQ
65
- 	SWAPGS
66
- 	jmp	restore_regs_and_iret
133
+ 	jmp	swapgs_restore_regs_and_return_to_usermode
134
+ 
67 135
 diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c
68
-index 302e7b2..bc45b66 100644
136
+index 9eb448c..a6fe370 100644
69 137
 --- a/arch/x86/kernel/process_64.c
70 138
 +++ b/arch/x86/kernel/process_64.c
71
-@@ -274,7 +274,13 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp,
72
- 	struct inactive_task_frame *frame;
73
- 	struct task_struct *me = current;
139
+@@ -61,6 +61,23 @@
140
+ 
141
+ __visible DEFINE_PER_CPU(unsigned long, rsp_scratch);
74 142
  
75 143
 +#ifdef CONFIG_PAX_RANDKSTACK
76
-+	/* -16 to start from prev page (c000 -> bff0)
77
-+           to avoid stack overflow after randomizarion */
78
-+	p->thread.sp0 = (unsigned long)task_stack_page(p) + THREAD_SIZE - 16;
79
-+#else
80
- 	p->thread.sp0 = (unsigned long)task_stack_page(p) + THREAD_SIZE;
81
-+#endif
82
- 	childregs = task_pt_regs(p);
83
- 	fork_frame = container_of(childregs, struct fork_frame, regs);
84
- 	frame = &fork_frame->frame;
85
-@@ -699,3 +705,18 @@ unsigned long KSTK_ESP(struct task_struct *task)
86
- {
87
- 	return task_pt_regs(task)->sp;
88
- }
89
-+
90
-+#ifdef CONFIG_PAX_RANDKSTACK
91
-+void pax_randomize_kstack(void)
144
++unsigned long pax_randomize_kstack(void)
92 145
 +{
93
-+	struct thread_struct *thread = &current->thread;
94
-+	unsigned long time;
146
++        struct task_struct *task = current;
147
++        unsigned long time;
148
++        unsigned long sp1;
149
++
95 150
 +
96
-+	if (!randomize_va_space)
97
-+		return;
151
++        if (!randomize_va_space)
152
++                return (unsigned long)task_pt_regs(task);
98 153
 +
99
-+	time = rdtsc() & 0xFUL;
100
-+	thread->sp0 ^= (time << 4);
101
-+	load_sp0(&per_cpu(cpu_tss, smp_processor_id()), thread);
154
++        time = rdtsc() & 0xFUL;
155
++        sp1 = (unsigned long)task_pt_regs(task) - (time << 4);
156
++	return sp1;
102 157
 +}
103 158
 +#endif
159
++
160
+ /* Prints also some state that isn't saved in the pt_regs */
161
+ void __show_regs(struct pt_regs *regs, int all)
162
+ {
104 163
 diff --git a/security/Kconfig b/security/Kconfig
105
-index 3cef193..edb7fcd 100644
164
+index f506b6b..a94f2f1 100644
106 165
 --- a/security/Kconfig
107 166
 +++ b/security/Kconfig
108 167
 @@ -80,6 +80,22 @@ config PAX_MPROTECT
... ...
@@ -128,6 +187,3 @@ index 3cef193..edb7fcd 100644
128 128
  endif
129 129
  
130 130
  source security/keys/Kconfig
131
-2.8.1
132
-
... ...
@@ -161,11 +161,12 @@ Functions signature fixing is probably still required.
161 161
  create mode 100644 scripts/gcc-plugins/rap_plugin/rap_plugin.c
162 162
  create mode 100644 scripts/gcc-plugins/rap_plugin/sip.c
163 163
 
164
+
164 165
 diff --git a/arch/x86/crypto/aesni-intel_asm.S b/arch/x86/crypto/aesni-intel_asm.S
165
-index 16627fe..b941202 100644
166
+index 12e8484..dea170b 100644
166 167
 --- a/arch/x86/crypto/aesni-intel_asm.S
167 168
 +++ b/arch/x86/crypto/aesni-intel_asm.S
168
-@@ -1396,7 +1396,7 @@ _esb_loop_\@:
169
+@@ -1332,7 +1332,7 @@ _esb_loop_\@:
169 170
  * poly = x^128 + x^127 + x^126 + x^121 + 1
170 171
  *
171 172
  *****************************************************************************/
... ...
@@ -174,7 +175,7 @@ index 16627fe..b941202 100644
174 174
  	push	%r12
175 175
  	push	%r13
176 176
  	push	%r14
177
-@@ -1673,7 +1673,7 @@ ENDPROC(aesni_gcm_dec)
177
+@@ -1595,7 +1595,7 @@ ENDPROC(aesni_gcm_dec)
178 178
  *
179 179
  * poly = x^128 + x^127 + x^126 + x^121 + 1
180 180
  ***************************************************************************/
... ...
@@ -183,7 +184,7 @@ index 16627fe..b941202 100644
183 183
  	push	%r12
184 184
  	push	%r13
185 185
  	push	%r14
186
-@@ -2064,7 +2064,7 @@ ENDPROC(aesni_set_key)
186
+@@ -1980,7 +1980,7 @@ ENDPROC(aesni_set_key)
187 187
  /*
188 188
   * void aesni_enc(struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src)
189 189
   */
... ...
@@ -192,7 +193,7 @@ index 16627fe..b941202 100644
192 192
  	FRAME_BEGIN
193 193
  #ifndef __x86_64__
194 194
  	pushl KEYP
195
-@@ -2255,7 +2255,7 @@ ENDPROC(_aesni_enc4)
195
+@@ -2171,7 +2171,7 @@ ENDPROC(_aesni_enc4)
196 196
  /*
197 197
   * void aesni_dec (struct crypto_aes_ctx *ctx, u8 *dst, const u8 *src)
198 198
   */
... ...
@@ -201,7 +202,7 @@ index 16627fe..b941202 100644
201 201
  	FRAME_BEGIN
202 202
  #ifndef __x86_64__
203 203
  	pushl KEYP
204
-@@ -2764,7 +2764,7 @@ ENDPROC(_aesni_inc)
204
+@@ -2680,7 +2680,7 @@ ENDPROC(_aesni_inc)
205 205
   * void aesni_ctr_enc(struct crypto_aes_ctx *ctx, const u8 *dst, u8 *src,
206 206
   *		      size_t len, u8 *iv)
207 207
   */
... ...
@@ -211,10 +212,10 @@ index 16627fe..b941202 100644
211 211
  	cmp $16, LEN
212 212
  	jb .Lctr_enc_just_ret
213 213
 diff --git a/arch/x86/crypto/aesni-intel_glue.c b/arch/x86/crypto/aesni-intel_glue.c
214
-index 5c15d6b..51d6a65 100644
214
+index c690ddc..ca0084c 100644
215 215
 --- a/arch/x86/crypto/aesni-intel_glue.c
216 216
 +++ b/arch/x86/crypto/aesni-intel_glue.c
217
-@@ -73,9 +73,9 @@ struct aesni_xts_ctx {
217
+@@ -74,9 +74,9 @@ struct aesni_xts_ctx {
218 218
  
219 219
  asmlinkage int aesni_set_key(struct crypto_aes_ctx *ctx, const u8 *in_key,
220 220
  			     unsigned int key_len);
... ...
@@ -227,7 +228,7 @@ index 5c15d6b..51d6a65 100644
227 227
  asmlinkage void aesni_ecb_enc(struct crypto_aes_ctx *ctx, u8 *out,
228 228
  			      const u8 *in, unsigned int len);
229 229
 diff --git a/arch/x86/crypto/blowfish-x86_64-asm_64.S b/arch/x86/crypto/blowfish-x86_64-asm_64.S
230
-index 8c1fcb6..9c229bd 100644
230
+index 8c1fcb6..9c229bdd8 100644
231 231
 --- a/arch/x86/crypto/blowfish-x86_64-asm_64.S
232 232
 +++ b/arch/x86/crypto/blowfish-x86_64-asm_64.S
233 233
 @@ -156,7 +156,7 @@ ENTRY(__blowfish_enc_blk)
... ...
@@ -249,10 +250,10 @@ index 8c1fcb6..9c229bd 100644
249 249
  	 *	%rdi: ctx
250 250
  	 *	%rsi: dst
251 251
 diff --git a/arch/x86/crypto/camellia-aesni-avx-asm_64.S b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
252
-index f7c495e..bc8523d 100644
252
+index a14af6e..f24f291 100644
253 253
 --- a/arch/x86/crypto/camellia-aesni-avx-asm_64.S
254 254
 +++ b/arch/x86/crypto/camellia-aesni-avx-asm_64.S
255
-@@ -892,7 +892,7 @@ __camellia_dec_blk16:
255
+@@ -893,7 +893,7 @@ __camellia_dec_blk16:
256 256
  	jmp .Ldec_max24;
257 257
  ENDPROC(__camellia_dec_blk16)
258 258
  
... ...
@@ -261,7 +262,7 @@ index f7c495e..bc8523d 100644
261 261
  	/* input:
262 262
  	 *	%rdi: ctx, CTX
263 263
  	 *	%rsi: dst (16 blocks)
264
-@@ -917,7 +917,7 @@ ENTRY(camellia_ecb_enc_16way)
264
+@@ -918,7 +918,7 @@ ENTRY(camellia_ecb_enc_16way)
265 265
  	ret;
266 266
  ENDPROC(camellia_ecb_enc_16way)
267 267
  
... ...
@@ -270,7 +271,7 @@ index f7c495e..bc8523d 100644
270 270
  	/* input:
271 271
  	 *	%rdi: ctx, CTX
272 272
  	 *	%rsi: dst (16 blocks)
273
-@@ -947,7 +947,7 @@ ENTRY(camellia_ecb_dec_16way)
273
+@@ -948,7 +948,7 @@ ENTRY(camellia_ecb_dec_16way)
274 274
  	ret;
275 275
  ENDPROC(camellia_ecb_dec_16way)
276 276
  
... ...
@@ -279,7 +280,7 @@ index f7c495e..bc8523d 100644
279 279
  	/* input:
280 280
  	 *	%rdi: ctx, CTX
281 281
  	 *	%rsi: dst (16 blocks)
282
-@@ -1004,7 +1004,7 @@ ENDPROC(camellia_cbc_dec_16way)
282
+@@ -1005,7 +1005,7 @@ ENDPROC(camellia_cbc_dec_16way)
283 283
  	vpslldq $8, tmp, tmp; \
284 284
  	vpsubq tmp, x, x;
285 285
  
... ...
@@ -288,7 +289,7 @@ index f7c495e..bc8523d 100644
288 288
  	/* input:
289 289
  	 *	%rdi: ctx, CTX
290 290
  	 *	%rsi: dst (16 blocks)
291
-@@ -1255,7 +1255,7 @@ camellia_xts_crypt_16way:
291
+@@ -1256,7 +1256,7 @@ camellia_xts_crypt_16way:
292 292
  	ret;
293 293
  ENDPROC(camellia_xts_crypt_16way)
294 294
  
... ...
@@ -297,7 +298,7 @@ index f7c495e..bc8523d 100644
297 297
  	/* input:
298 298
  	 *	%rdi: ctx, CTX
299 299
  	 *	%rsi: dst (16 blocks)
300
-@@ -1269,7 +1269,7 @@ ENTRY(camellia_xts_enc_16way)
300
+@@ -1270,7 +1270,7 @@ ENTRY(camellia_xts_enc_16way)
301 301
  	jmp camellia_xts_crypt_16way;
302 302
  ENDPROC(camellia_xts_enc_16way)
303 303
  
... ...
@@ -307,10 +308,10 @@ index f7c495e..bc8523d 100644
307 307
  	 *	%rdi: ctx, CTX
308 308
  	 *	%rsi: dst (16 blocks)
309 309
 diff --git a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
310
-index eee5b39..4aa502c 100644
310
+index b66bbfa..10093da 100644
311 311
 --- a/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
312 312
 +++ b/arch/x86/crypto/camellia-aesni-avx2-asm_64.S
313
-@@ -935,7 +935,7 @@ __camellia_dec_blk32:
313
+@@ -936,7 +936,7 @@ __camellia_dec_blk32:
314 314
  	jmp .Ldec_max24;
315 315
  ENDPROC(__camellia_dec_blk32)
316 316
  
... ...
@@ -319,7 +320,7 @@ index eee5b39..4aa502c 100644
319 319
  	/* input:
320 320
  	 *	%rdi: ctx, CTX
321 321
  	 *	%rsi: dst (32 blocks)
322
-@@ -964,7 +964,7 @@ ENTRY(camellia_ecb_enc_32way)
322
+@@ -965,7 +965,7 @@ ENTRY(camellia_ecb_enc_32way)
323 323
  	ret;
324 324
  ENDPROC(camellia_ecb_enc_32way)
325 325
  
... ...
@@ -328,7 +329,7 @@ index eee5b39..4aa502c 100644
328 328
  	/* input:
329 329
  	 *	%rdi: ctx, CTX
330 330
  	 *	%rsi: dst (32 blocks)
331
-@@ -998,7 +998,7 @@ ENTRY(camellia_ecb_dec_32way)
331
+@@ -999,7 +999,7 @@ ENTRY(camellia_ecb_dec_32way)
332 332
  	ret;
333 333
  ENDPROC(camellia_ecb_dec_32way)
334 334
  
... ...
@@ -337,7 +338,7 @@ index eee5b39..4aa502c 100644
337 337
  	/* input:
338 338
  	 *	%rdi: ctx, CTX
339 339
  	 *	%rsi: dst (32 blocks)
340
-@@ -1080,7 +1080,7 @@ ENDPROC(camellia_cbc_dec_32way)
340
+@@ -1081,7 +1081,7 @@ ENDPROC(camellia_cbc_dec_32way)
341 341
  	vpslldq $8, tmp1, tmp1; \
342 342
  	vpsubq tmp1, x, x;
343 343
  
... ...
@@ -346,7 +347,7 @@ index eee5b39..4aa502c 100644
346 346
  	/* input:
347 347
  	 *	%rdi: ctx, CTX
348 348
  	 *	%rsi: dst (32 blocks)
349
-@@ -1373,7 +1373,7 @@ camellia_xts_crypt_32way:
349
+@@ -1374,7 +1374,7 @@ camellia_xts_crypt_32way:
350 350
  	ret;
351 351
  ENDPROC(camellia_xts_crypt_32way)
352 352
  
... ...
@@ -355,7 +356,7 @@ index eee5b39..4aa502c 100644
355 355
  	/* input:
356 356
  	 *	%rdi: ctx, CTX
357 357
  	 *	%rsi: dst (32 blocks)
358
-@@ -1388,7 +1388,7 @@ ENTRY(camellia_xts_enc_32way)
358
+@@ -1389,7 +1389,7 @@ ENTRY(camellia_xts_enc_32way)
359 359
  	jmp camellia_xts_crypt_32way;
360 360
  ENDPROC(camellia_xts_enc_32way)
361 361
  
... ...
@@ -858,7 +859,7 @@ index fb58f58..cf67f33 100644
858 858
  	shl		$6, NUM_BLKS		/*  convert to bytes */
859 859
  	jz		.Ldone_hash
860 860
 diff --git a/arch/x86/crypto/sha256_ssse3_glue.c b/arch/x86/crypto/sha256_ssse3_glue.c
861
-index 9e79baf..c5186c7 100644
861
+index 9e79baf..c5186c74 100644
862 862
 --- a/arch/x86/crypto/sha256_ssse3_glue.c
863 863
 +++ b/arch/x86/crypto/sha256_ssse3_glue.c
864 864
 @@ -40,9 +40,9 @@
... ...
@@ -1084,10 +1085,10 @@ index 694ea45..f2c1418 100644
1084 1084
  	push    %ebx
1085 1085
  	push    %esi
1086 1086
 diff --git a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
1087
-index 1c3b7ce..edf12ec 100644
1087
+index e7273a6..dd44bac 100644
1088 1088
 --- a/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
1089 1089
 +++ b/arch/x86/crypto/twofish-x86_64-asm_64-3way.S
1090
-@@ -272,7 +272,7 @@ ENTRY(__twofish_enc_blk_3way)
1090
+@@ -284,7 +284,7 @@ ENTRY(__twofish_enc_blk_3way)
1091 1091
  	ret;
1092 1092
  ENDPROC(__twofish_enc_blk_3way)
1093 1093
  
... ...
@@ -1129,40 +1130,41 @@ index 06fc70c..03f4755 100644
1129 1129
 +CFLAGS_REMOVE_syscall_32.o = $(RAP_PLUGIN_ABS_CFLAGS)
1130 1130
 +CFLAGS_REMOVE_syscall_64.o = $(RAP_PLUGIN_ABS_CFLAGS)
1131 1131
 diff --git a/arch/x86/entry/common.c b/arch/x86/entry/common.c
1132
-index 03505ff..0caf70b 100644
1132
+index 60e21cc..0d2d08f 100644
1133 1133
 --- a/arch/x86/entry/common.c
1134 1134
 +++ b/arch/x86/entry/common.c
1135
-@@ -284,9 +284,29 @@ __visible void do_syscall_64(struct pt_regs *regs)
1135
+@@ -285,10 +285,30 @@ __visible void do_syscall_64(struct pt_regs *regs)
1136 1136
  	 * regs->orig_ax, which changes the behavior of some syscalls.
1137 1137
  	 */
1138 1138
  	if (likely((nr & __SYSCALL_MASK) < NR_syscalls)) {
1139 1139
 +#ifdef CONFIG_PAX_RAP
1140 1140
 +		asm volatile("movq %[param1],%%rdi\n\t"
1141
-+			     "movq %[param2],%%rsi\n\t"
1142
-+			     "movq %[param3],%%rdx\n\t"
1143
-+			     "movq %[param4],%%rcx\n\t"
1144
-+			     "movq %[param5],%%r8\n\t"
1145
-+			     "movq %[param6],%%r9\n\t"
1146
-+			     "call *%P[syscall]\n\t"
1147
-+			     "mov %%rax,%[result]\n\t"
1141
++			"movq %[param2],%%rsi\n\t"
1142
++			"movq %[param3],%%rdx\n\t"
1143
++			"movq %[param4],%%rcx\n\t"
1144
++			"movq %[param5],%%r8\n\t"
1145
++			"movq %[param6],%%r9\n\t"
1146
++			"call *%P[syscall]\n\t"
1147
++			"mov %%rax,%[result]\n\t"
1148 1148
 +			: [result] "=m" (regs->ax)
1149 1149
 +			: [syscall] "m" (sys_call_table[nr & __SYSCALL_MASK]),
1150
-+			  [param1] "m" (regs->di),
1151
-+			  [param2] "m" (regs->si),
1152
-+			  [param3] "m" (regs->dx),
1153
-+			  [param4] "m" (regs->r10),
1154
-+			  [param5] "m" (regs->r8),
1155
-+			  [param6] "m" (regs->r9)
1150
++			[param1] "m" (regs->di),
1151
++			[param2] "m" (regs->si),
1152
++			[param3] "m" (regs->dx),
1153
++			[param4] "m" (regs->r10),
1154
++			[param5] "m" (regs->r8),
1155
++			[param6] "m" (regs->r9)
1156 1156
 +			: "ax", "di", "si", "dx", "cx", "r8", "r9", "r10", "r11", "memory");
1157 1157
 +#else
1158
- 		regs->ax = sys_call_table[nr & __SYSCALL_MASK](
1158
+ 		nr = array_index_nospec(nr & __SYSCALL_MASK, NR_syscalls);
1159
+ 		regs->ax = sys_call_table[nr](
1159 1160
  			regs->di, regs->si, regs->dx,
1160 1161
  			regs->r10, regs->r8, regs->r9);
1161 1162
 +#endif
1162 1163
  	}
1163 1164
  
1164 1165
  	syscall_return_slowpath(regs);
1165
-@@ -326,10 +346,51 @@ static __always_inline void do_syscall_32_irqs_on(struct pt_regs *regs)
1166
+@@ -329,10 +349,51 @@ static __always_inline void do_syscall_32_irqs_on(struct pt_regs *regs)
1166 1167
  		 * the high bits are zero.  Make sure we zero-extend all
1167 1168
  		 * of the args.
1168 1169
  		 */
... ...
@@ -1240,10 +1242,10 @@ index 62be73b..4133797 100644
1240 1240
  extern void e820__range_add   (u64 start, u64 size, enum e820_type type);
1241 1241
  extern u64  e820__range_update(u64 start, u64 size, enum e820_type old_type, enum e820_type new_type);
1242 1242
 diff --git a/arch/x86/include/asm/fixmap.h b/arch/x86/include/asm/fixmap.h
1243
-index dcd9fb5..59f1e2a 100644
1243
+index e203169..0ef405e 100644
1244 1244
 --- a/arch/x86/include/asm/fixmap.h
1245 1245
 +++ b/arch/x86/include/asm/fixmap.h
1246
-@@ -146,7 +146,7 @@ extern pte_t *kmap_pte;
1246
+@@ -149,7 +149,7 @@ extern pte_t *kmap_pte;
1247 1247
  extern pte_t *pkmap_page_table;
1248 1248
  
1249 1249
  void __native_set_fixmap(enum fixed_addresses idx, pte_t pte);
... ...
@@ -1253,7 +1255,7 @@ index dcd9fb5..59f1e2a 100644
1253 1253
  
1254 1254
  #ifndef CONFIG_PARAVIRT
1255 1255
 diff --git a/arch/x86/include/asm/module.h b/arch/x86/include/asm/module.h
1256
-index 8546faf..157cf48 100644
1256
+index 7948a17..bc2b010 100644
1257 1257
 --- a/arch/x86/include/asm/module.h
1258 1258
 +++ b/arch/x86/include/asm/module.h
1259 1259
 @@ -15,6 +15,7 @@ struct mod_arch_specific {
... ...
@@ -1280,7 +1282,7 @@ index 8546faf..157cf48 100644
1280 1280
 +
1281 1281
  #endif /* _ASM_X86_MODULE_H */
1282 1282
 diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c
1283
-index fa6ea7d..5fa4efe 100644
1283
+index e05babd..da8005e 100644
1284 1284
 --- a/arch/x86/kernel/cpu/vmware.c
1285 1285
 +++ b/arch/x86/kernel/cpu/vmware.c
1286 1286
 @@ -262,11 +262,17 @@ static __init int activate_jump_labels(void)
... ...
@@ -1316,7 +1318,7 @@ index 71c11ad..35d8c4d 100644
1316 1316
  	return __e820__mapped_all(start, end, type);
1317 1317
  }
1318 1318
 diff --git a/arch/x86/kernel/ftrace_64.S b/arch/x86/kernel/ftrace_64.S
1319
-index c832291..77d90bc 100644
1319
+index 7cb8ba0..fd9df42 100644
1320 1320
 --- a/arch/x86/kernel/ftrace_64.S
1321 1321
 +++ b/arch/x86/kernel/ftrace_64.S
1322 1322
 @@ -182,7 +182,7 @@ GLOBAL(ftrace_graph_call)
... ...
@@ -1329,10 +1331,10 @@ index c832291..77d90bc 100644
1329 1329
  END(ftrace_caller)
1330 1330
  
1331 1331
 diff --git a/arch/x86/kernel/traps.c b/arch/x86/kernel/traps.c
1332
-index 5a6b8f8..f1e53dd 100644
1332
+index a66428dc..bed821f 100644
1333 1333
 --- a/arch/x86/kernel/traps.c
1334 1334
 +++ b/arch/x86/kernel/traps.c
1335
-@@ -211,6 +211,10 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
1335
+@@ -210,6 +210,10 @@ do_trap_no_signal(struct task_struct *tsk, int trapnr, char *str,
1336 1336
  
1337 1337
  		tsk->thread.error_code = error_code;
1338 1338
  		tsk->thread.trap_nr = trapnr;
... ...
@@ -1344,10 +1346,10 @@ index 5a6b8f8..f1e53dd 100644
1344 1344
  	}
1345 1345
  
1346 1346
 diff --git a/arch/x86/mm/pgtable.c b/arch/x86/mm/pgtable.c
1347
-index 17ebc5a..c9c5b2d 100644
1347
+index 004abf9..9db5ce3 100644
1348 1348
 --- a/arch/x86/mm/pgtable.c
1349 1349
 +++ b/arch/x86/mm/pgtable.c
1350
-@@ -579,7 +579,7 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte)
1350
+@@ -580,7 +580,7 @@ void __native_set_fixmap(enum fixed_addresses idx, pte_t pte)
1351 1351
  	fixmaps_set++;
1352 1352
  }
1353 1353
  
... ...
@@ -1357,7 +1359,7 @@ index 17ebc5a..c9c5b2d 100644
1357 1357
  {
1358 1358
  	__native_set_fixmap(idx, pfn_pte(phys >> PAGE_SHIFT, flags));
1359 1359
 diff --git a/arch/x86/oprofile/nmi_int.c b/arch/x86/oprofile/nmi_int.c
1360
-index ffdbc48..174c597 100644
1360
+index abff76b..a7a7677 100644
1361 1361
 --- a/arch/x86/oprofile/nmi_int.c
1362 1362
 +++ b/arch/x86/oprofile/nmi_int.c
1363 1363
 @@ -592,7 +592,7 @@ enum __force_cpu_type {
... ...
@@ -1498,7 +1500,7 @@ index 9f2e3be..676c910 100644
1498 1498
  	int rv = param_set_int(val, kp);
1499 1499
  	if (rv)
1500 1500
 diff --git a/drivers/char/ipmi/ipmi_si_intf.c b/drivers/char/ipmi/ipmi_si_intf.c
1501
-index e1cbb78..cd98978 100644
1501
+index c04aa11..9abc067 100644
1502 1502
 --- a/drivers/char/ipmi/ipmi_si_intf.c
1503 1503
 +++ b/drivers/char/ipmi/ipmi_si_intf.c
1504 1504
 @@ -1345,7 +1345,7 @@ static unsigned int num_slave_addrs;
... ...
@@ -1523,7 +1525,7 @@ diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
1523 1523
 index 0eca20c..32a2682 100644
1524 1524
 --- a/drivers/char/tpm/tpm-chip.c
1525 1525
 +++ b/drivers/char/tpm/tpm-chip.c
1526
-@@ -267,6 +267,11 @@ out:
1526
+@@ -267,6 +267,11 @@ struct tpm_chip *tpm_chip_alloc(struct device *pdev,
1527 1527
  }
1528 1528
  EXPORT_SYMBOL_GPL(tpm_chip_alloc);
1529 1529
  
... ...
@@ -1681,7 +1683,7 @@ index d127ace..6ee866f 100644
1681 1681
  	int i, j = 1;
1682 1682
  
1683 1683
 diff --git a/drivers/md/md.c b/drivers/md/md.c
1684
-index 98ea863..3b810cc 100644
1684
+index e058c20..7671b14 100644
1685 1685
 --- a/drivers/md/md.c
1686 1686
 +++ b/drivers/md/md.c
1687 1687
 @@ -5357,7 +5357,7 @@ static struct kobject *md_probe(dev_t dev, int *part, void *data)
... ...
@@ -1693,7 +1695,7 @@ index 98ea863..3b810cc 100644
1693 1693
  {
1694 1694
  	/*
1695 1695
  	 * val must be "md_*" or "mdNNN".
1696
-@@ -9274,11 +9274,11 @@ static __exit void md_exit(void)
1696
+@@ -9278,11 +9278,11 @@ static __exit void md_exit(void)
1697 1697
  subsys_initcall(md_init);
1698 1698
  module_exit(md_exit)
1699 1699
  
... ...
@@ -2699,10 +2701,10 @@ index 6e13c93..839dd12 100644
2699 2699
  	/*
2700 2700
  	 * Init NAPI, so that state is set to NAPI_STATE_SCHED,
2701 2701
 diff --git a/drivers/pci/pcie/aspm.c b/drivers/pci/pcie/aspm.c
2702
-index cae54f8..5155386 100644
2702
+index 633e55c..b9ad02a 100644
2703 2703
 --- a/drivers/pci/pcie/aspm.c
2704 2704
 +++ b/drivers/pci/pcie/aspm.c
2705
-@@ -1061,7 +1061,7 @@ void pci_disable_link_state(struct pci_dev *pdev, int state)
2705
+@@ -1065,7 +1065,7 @@ void pci_disable_link_state(struct pci_dev *pdev, int state)
2706 2706
  }
2707 2707
  EXPORT_SYMBOL(pci_disable_link_state);
2708 2708
  
... ...
@@ -2711,7 +2713,7 @@ index cae54f8..5155386 100644
2711 2711
  {
2712 2712
  	int i;
2713 2713
  	struct pcie_link_state *link;
2714
-@@ -1088,7 +1088,7 @@ static int pcie_aspm_set_policy(const char *val, struct kernel_param *kp)
2714
+@@ -1092,7 +1092,7 @@ static int pcie_aspm_set_policy(const char *val, struct kernel_param *kp)
2715 2715
  	return 0;
2716 2716
  }
2717 2717
  
... ...
@@ -2747,7 +2749,7 @@ index 3f38907..95540ea 100644
2747 2747
  			    const u32 len)
2748 2748
  {
2749 2749
 diff --git a/drivers/scsi/aacraid/aachba.c b/drivers/scsi/aacraid/aachba.c
2750
-index af3e4d3..c028cdc 100644
2750
+index 7173ae5..039ba66 100644
2751 2751
 --- a/drivers/scsi/aacraid/aachba.c
2752 2752
 +++ b/drivers/scsi/aacraid/aachba.c
2753 2753
 @@ -812,6 +812,11 @@ static int aac_probe_container_callback1(struct scsi_cmnd * scsicmd)
... ...
@@ -3522,7 +3524,7 @@ index 5caf5f3..fcff931 100644
3522 3522
  	struct bfad_s *bfad = pci_get_drvdata(pdev);
3523 3523
  	unsigned long	flags;
3524 3524
 diff --git a/drivers/scsi/bfa/bfad_bsg.c b/drivers/scsi/bfa/bfad_bsg.c
3525
-index b2e8c0d..e1bd5ea 100644
3525
+index 1aa46d0..5e4fa77 100644
3526 3526
 --- a/drivers/scsi/bfa/bfad_bsg.c
3527 3527
 +++ b/drivers/scsi/bfa/bfad_bsg.c
3528 3528
 @@ -2145,7 +2145,7 @@ bfad_iocmd_fcport_get_stats(struct bfad_s *bfad, void *cmd)
... ...
@@ -4127,7 +4129,7 @@ index 375c536..618843b 100644
4127 4127
  {
4128 4128
  	int rc = -ENODEV;
4129 4129
  	struct net_device *netdev = NULL;
4130
-@@ -930,7 +930,7 @@ out_nodev:
4130
+@@ -930,7 +930,7 @@ static int fcoe_transport_create(const char *buffer, struct kernel_param *kp)
4131 4131
   *
4132 4132
   * Returns: 0 for success
4133 4133
   */
... ...
@@ -4136,7 +4138,7 @@ index 375c536..618843b 100644
4136 4136
  {
4137 4137
  	int rc = -ENODEV;
4138 4138
  	struct net_device *netdev = NULL;
4139
-@@ -974,7 +974,7 @@ out_nodev:
4139
+@@ -974,7 +974,7 @@ static int fcoe_transport_destroy(const char *buffer, struct kernel_param *kp)
4140 4140
   *
4141 4141
   * Returns: 0 for success
4142 4142
   */
... ...
@@ -4145,7 +4147,7 @@ index 375c536..618843b 100644
4145 4145
  {
4146 4146
  	int rc = -ENODEV;
4147 4147
  	struct net_device *netdev = NULL;
4148
-@@ -1008,7 +1008,7 @@ out_nodev:
4148
+@@ -1008,7 +1008,7 @@ static int fcoe_transport_disable(const char *buffer, struct kernel_param *kp)
4149 4149
   *
4150 4150
   * Returns: 0 for success
4151 4151
   */
... ...
@@ -4279,7 +4281,7 @@ index 8799990..3d36dee 100644
4279 4279
  	int ret = param_set_int(val, kp);
4280 4280
  	struct MPT3SAS_ADAPTER *ioc;
4281 4281
 diff --git a/drivers/scsi/mpt3sas/mpt3sas_scsih.c b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
4282
-index 22998cb..07719da 100644
4282
+index 33ff691..483fe89 100644
4283 4283
 --- a/drivers/scsi/mpt3sas/mpt3sas_scsih.c
4284 4284
 +++ b/drivers/scsi/mpt3sas/mpt3sas_scsih.c
4285 4285
 @@ -281,7 +281,7 @@ struct _scsi_io_transfer {
... ...
@@ -4408,7 +4410,7 @@ index a260cde..1b99d3b 100644
4408 4408
  	int len = strlen(kmessage);
4409 4409
  
4410 4410
 diff --git a/drivers/video/console/dummycon.c b/drivers/video/console/dummycon.c
4411
-index 9269d56..219a68b 100644
4411
+index b90ef96..48c94ba 100644
4412 4412
 --- a/drivers/video/console/dummycon.c
4413 4413
 +++ b/drivers/video/console/dummycon.c
4414 4414
 @@ -41,12 +41,61 @@ static void dummycon_init(struct vc_data *vc, int init)
... ...
@@ -4475,7 +4477,7 @@ index 9269d56..219a68b 100644
4475 4475
  
4476 4476
  /*
4477 4477
   *  The console `switch' structure for the dummy console
4478
-@@ -58,17 +107,17 @@ const struct consw dummy_con = {
4478
+@@ -58,16 +107,16 @@ const struct consw dummy_con = {
4479 4479
      .owner =		THIS_MODULE,
4480 4480
      .con_startup =	dummycon_startup,
4481 4481
      .con_init =		dummycon_init,
... ...
@@ -4488,7 +4490,6 @@ index 9269d56..219a68b 100644
4488 4488
 -    .con_switch =	DUMMY,
4489 4489
 -    .con_blank =	DUMMY,
4490 4490
 -    .con_font_set =	DUMMY,
4491
--    .con_font_get =	DUMMY,
4492 4491
 -    .con_font_default =	DUMMY,
4493 4492
 -    .con_font_copy =	DUMMY,
4494 4493
 +    .con_deinit =	dummycon_deinit,
... ...
@@ -4500,7 +4501,6 @@ index 9269d56..219a68b 100644
4500 4500
 +    .con_switch =	dummycon_switch,
4501 4501
 +    .con_blank =	dummycon_blank,
4502 4502
 +    .con_font_set =	dummycon_font_set,
4503
-+    .con_font_get =	dummycon_font_get,
4504 4503
 +    .con_font_default =	dummycon_font_default,
4505 4504
 +    .con_font_copy =	dummycon_font_copy,
4506 4505
  };
... ...
@@ -4558,7 +4558,7 @@ diff --git a/fs/exofs/inode.c b/fs/exofs/inode.c
4558 4558
 index 0ac6281..cec5adf 100644
4559 4559
 --- a/fs/exofs/inode.c
4560 4560
 +++ b/fs/exofs/inode.c
4561
-@@ -470,6 +470,11 @@ fail:
4561
+@@ -470,6 +470,11 @@ static int readpage_strip(void *data, struct page *page)
4562 4562
  	return ret;
4563 4563
  }
4564 4564
  
... ...
@@ -4618,10 +4618,10 @@ index 94a745a..a79e320 100644
4618 4618
  	int rv;
4619 4619
  
4620 4620
 diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
4621
-index 45e9654..076d7bb 100644
4621
+index 809cbcc..6525c05 100644
4622 4622
 --- a/fs/lockd/svc.c
4623 4623
 +++ b/fs/lockd/svc.c
4624
-@@ -602,7 +602,7 @@ static struct ctl_table nlm_sysctl_root[] = {
4624
+@@ -614,7 +614,7 @@ static struct ctl_table nlm_sysctl_root[] = {
4625 4625
   */
4626 4626
  
4627 4627
  #define param_set_min_max(name, type, which_strtol, min, max)		\
... ...
@@ -4634,7 +4634,7 @@ diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
4634 4634
 index bf2c436..d04d41b 100644
4635 4635
 --- a/fs/nfs/dir.c
4636 4636
 +++ b/fs/nfs/dir.c
4637
-@@ -671,8 +671,9 @@ out:
4637
+@@ -671,8 +671,9 @@ int nfs_readdir_xdr_to_array(nfs_readdir_descriptor_t *desc, struct page *page,
4638 4638
   * We only need to convert from xdr once so future lookups are much simpler
4639 4639
   */
4640 4640
  static
... ...
@@ -4858,7 +4858,7 @@ index 2c61c6b..43a01c7 100644
4858 4858
  	DECODE_HEAD;
4859 4859
  
4860 4860
  	READ_BUF(4);
4861
-@@ -896,8 +913,9 @@ xdr_error:
4861
+@@ -896,8 +913,9 @@ static __be32 nfsd4_decode_opaque(struct nfsd4_compoundargs *argp, struct xdr_ne
4862 4862
  }
4863 4863
  
4864 4864
  static __be32
... ...
@@ -5109,7 +5109,7 @@ index 2c61c6b..43a01c7 100644
5109 5109
  	int i;
5110 5110
  	__be32 *p, status;
5111 5111
  	struct nfsd4_test_stateid_id *stateid;
5112
-@@ -1554,8 +1593,9 @@ xdr_error:
5112
+@@ -1554,8 +1593,9 @@ nfsd4_decode_test_stateid(struct nfsd4_compoundargs *argp, struct nfsd4_test_sta
5113 5113
  	goto out;
5114 5114
  }
5115 5115
  
... ...
@@ -5459,7 +5459,7 @@ index 2c61c6b..43a01c7 100644
5459 5459
  	struct xdr_stream *xdr = &resp->xdr;
5460 5460
  	struct svc_fh *fhp = *fhpp;
5461 5461
  	unsigned int len;
5462
-@@ -3250,8 +3307,10 @@ again:
5462
+@@ -3250,8 +3307,10 @@ nfsd4_encode_lock_denied(struct xdr_stream *xdr, struct nfsd4_lock_denied *ld)
5463 5463
  }
5464 5464
  
5465 5465
  static __be32
... ...
@@ -5572,7 +5572,7 @@ index 2c61c6b..43a01c7 100644
5572 5572
  	int maxcount;
5573 5573
  	int bytes_left;
5574 5574
  	loff_t offset;
5575
-@@ -3707,8 +3776,9 @@ err_no_verf:
5575
+@@ -3707,8 +3776,9 @@ nfsd4_encode_readdir(struct nfsd4_compoundres *resp, __be32 nfserr, struct nfsd4
5576 5576
  }
5577 5577
  
5578 5578
  static __be32
... ...
@@ -5716,7 +5716,7 @@ index 2c61c6b..43a01c7 100644
5716 5716
  	struct xdr_stream *xdr = &resp->xdr;
5717 5717
  	const struct nfsd4_layout_ops *ops;
5718 5718
  	u32 starting_len = xdr->buf->len, needed_len;
5719
-@@ -4118,9 +4199,9 @@ toosmall:
5719
+@@ -4118,9 +4199,9 @@ nfsd4_encode_getdeviceinfo(struct nfsd4_compoundres *resp, __be32 nfserr,
5720 5720
  }
5721 5721
  
5722 5722
  static __be32
... ...
@@ -5938,10 +5938,10 @@ index 2c61c6b..43a01c7 100644
5938 5938
  
5939 5939
  /*
5940 5940
 diff --git a/include/linux/compiler.h b/include/linux/compiler.h
5941
-index 2027104..4a9913a 100644
5941
+index e8c9cd1..247e6d0 100644
5942 5942
 --- a/include/linux/compiler.h
5943 5943
 +++ b/include/linux/compiler.h
5944
-@@ -257,27 +257,18 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
5944
+@@ -158,27 +158,18 @@ void ftrace_likely_update(struct ftrace_likely_data *f, int val,
5945 5945
  
5946 5946
  #include <uapi/linux/types.h>
5947 5947
  
... ...
@@ -5979,7 +5979,7 @@ index 2027104..4a9913a 100644
5979 5979
  /*
5980 5980
   * This function is not 'inline' because __no_sanitize_address confilcts
5981 5981
   * with inlining. Attempt to inline it may cause a build failure.
5982
-@@ -287,29 +278,20 @@ void __read_once_size(const volatile void *p, void *res, int size)
5982
+@@ -188,29 +179,20 @@ void __read_once_size(const volatile void *p, void *res, int size)
5983 5983
  static __no_sanitize_address __maybe_unused
5984 5984
  void __read_once_size_nocheck(const volatile void *p, void *res, int size)
5985 5985
  {
... ...
@@ -6017,9 +6017,9 @@ index 2027104..4a9913a 100644
6017 6017
  
6018 6018
  /*
6019 6019
   * Prevent the compiler from merging or refetching reads or writes. The
6020
-@@ -334,29 +316,15 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
6021
-  * required ordering.
6020
+@@ -236,30 +218,15 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
6022 6021
   */
6022
+ #include <asm/barrier.h>
6023 6023
  
6024 6024
 -#define __READ_ONCE(x, check)						\
6025 6025
 -({									\
... ...
@@ -6028,10 +6028,11 @@ index 2027104..4a9913a 100644
6028 6028
 -		__read_once_size(&(x), __u.__c, sizeof(x));		\
6029 6029
 -	else								\
6030 6030
 -		__read_once_size_nocheck(&(x), __u.__c, sizeof(x));	\
6031
+-	smp_read_barrier_depends(); /* Enforce dependency ordering from x */ \
6031 6032
 -	__u.__val;							\
6032
-+#define READ_ONCE(x) ({					\
6033
-+	typeof(x) __val = *(volatile typeof(x) *)&(x);	\
6034
-+	__val;						\
6033
++#define READ_ONCE(x) ({                                        \
6034
++	typeof(x) __val = *(volatile typeof(x) *)&(x);  	\
6035
++	__val;							\
6035 6036
  })
6036 6037
 -#define READ_ONCE(x) __READ_ONCE(x, 1)
6037 6038
  
... ...
@@ -6047,14 +6048,18 @@ index 2027104..4a9913a 100644
6047 6047
 -		{ .__val = (__force typeof(x)) (val) }; \
6048 6048
 -	__write_once_size(&(x), __u.__c, sizeof(x));	\
6049 6049
 -	__u.__val;					\
6050
-+#define WRITE_ONCE(x, val) ({				\
6051
-+	typeof(x) __val = (val);			\
6052
-+	(x) = *(volatile typeof(x) *)&__val;		\
6053
-+	__val;						\
6050
++#define WRITE_ONCE(x, val) ({                          \
6051
++	typeof(x) __val = (val);                        \
6052
++	(x) = *(volatile typeof(x) *)&__val;            \
6053
++	__val;                                          \
6054 6054
  })
6055 6055
  
6056 6056
  #endif /* __KERNEL__ */
6057
-@@ -519,6 +487,8 @@ static __always_inline void __write_once_size(volatile void *p, void *res, int s
6057
+diff --git a/include/linux/compiler_types.h b/include/linux/compiler_types.h
6058
+index 6b79a9b..5ddfac5 100644
6059
+--- a/include/linux/compiler_types.h
6060
+@@ -266,6 +266,8 @@ struct ftrace_likely_data {
6058 6061
  # define __same_type(a, b) __builtin_types_compatible_p(typeof(a), typeof(b))
6059 6062
  #endif
6060 6063
  
... ...
@@ -6064,7 +6069,7 @@ index 2027104..4a9913a 100644
6064 6064
  #ifndef __native_word
6065 6065
  # define __native_word(t) (sizeof(t) == sizeof(char) || sizeof(t) == sizeof(short) || sizeof(t) == sizeof(int) || sizeof(t) == sizeof(long))
6066 6066
 diff --git a/include/linux/linkage.h b/include/linux/linkage.h
6067
-index 2e6f90b..1f221eb 100644
6067
+index f68db9e..30ed811 100644
6068 6068
 --- a/include/linux/linkage.h
6069 6069
 +++ b/include/linux/linkage.h
6070 6070
 @@ -6,6 +6,7 @@
... ...
@@ -6237,7 +6242,7 @@ index a78186d..ef7fd29 100644
6237 6237
  
6238 6238
  /*
6239 6239
 diff --git a/include/linux/timer.h b/include/linux/timer.h
6240
-index ac66f29..fb350b0 100644
6240
+index e0ea1fe..f5d5636 100644
6241 6241
 --- a/include/linux/timer.h
6242 6242
 +++ b/include/linux/timer.h
6243 6243
 @@ -173,7 +173,7 @@ static inline void init_timer_on_stack_key(struct timer_list *timer,
... ...
@@ -6263,10 +6268,10 @@ index 792c3f6..f5223bf 100644
6263 6263
  
6264 6264
  extern struct hlist_nulls_head *nf_conntrack_hash;
6265 6265
 diff --git a/kernel/bpf/core.c b/kernel/bpf/core.c
6266
-index 7b62df8..3e261db 100644
6266
+index d203a5d6..6d32f69 100644
6267 6267
 --- a/kernel/bpf/core.c
6268 6268
 +++ b/kernel/bpf/core.c
6269
-@@ -489,6 +489,8 @@ int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
6269
+@@ -485,6 +485,8 @@ int bpf_get_kallsym(unsigned int symnum, unsigned long *value, char *type,
6270 6270
  	return ret;
6271 6271
  }
6272 6272
  
... ...
@@ -6275,7 +6280,7 @@ index 7b62df8..3e261db 100644
6275 6275
  struct bpf_binary_header *
6276 6276
  bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
6277 6277
  		     unsigned int alignment,
6278
-@@ -512,11 +514,24 @@ bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
6278
+@@ -508,11 +510,24 @@ bpf_jit_binary_alloc(unsigned int proglen, u8 **image_ptr,
6279 6279
  	hdr->pages = size / PAGE_SIZE;
6280 6280
  	hole = min_t(unsigned int, size - (proglen + sizeof(*hdr)),
6281 6281
  		     PAGE_SIZE - sizeof(*hdr));
... ...
@@ -6301,7 +6306,7 @@ index 7b62df8..3e261db 100644
6301 6301
  }
6302 6302
  
6303 6303
 diff --git a/kernel/events/core.c b/kernel/events/core.c
6304
-index 4f1d4bf..cf63e11 100644
6304
+index f42f7c7..444b7b9 100644
6305 6305
 --- a/kernel/events/core.c
6306 6306
 +++ b/kernel/events/core.c
6307 6307
 @@ -1046,8 +1046,9 @@ static void __perf_mux_hrtimer_init(struct perf_cpu_context *cpuctx, int cpu)
... ...
@@ -6315,7 +6320,7 @@ index 4f1d4bf..cf63e11 100644
6315 6315
  	struct hrtimer *timer = &cpuctx->hrtimer;
6316 6316
  	struct pmu *pmu = cpuctx->ctx.pmu;
6317 6317
  	unsigned long flags;
6318
-@@ -9035,8 +9036,7 @@ perf_event_mux_interval_ms_store(struct device *dev,
6318
+@@ -9039,8 +9040,7 @@ perf_event_mux_interval_ms_store(struct device *dev,
6319 6319
  		cpuctx = per_cpu_ptr(pmu->pmu_cpu_context, cpu);
6320 6320
  		cpuctx->hrtimer_interval = ns_to_ktime(NSEC_PER_MSEC * timer);
6321 6321
  
... ...
@@ -6326,10 +6331,10 @@ index 4f1d4bf..cf63e11 100644
6326 6326
  	cpus_read_unlock();
6327 6327
  	mutex_unlock(&mux_interval_mutex);
6328 6328
 diff --git a/kernel/module.c b/kernel/module.c
6329
-index de66ec8..9812431 100644
6329
+index 690c065..550cb81 100644
6330 6330
 --- a/kernel/module.c
6331 6331
 +++ b/kernel/module.c
6332
-@@ -2998,8 +2998,15 @@ static struct module *setup_load_info(struct load_info *info, int flags)
6332
+@@ -3007,8 +3007,15 @@ static struct module *setup_load_info(struct load_info *info, int flags)
6333 6333
  static int check_modinfo(struct module *mod, struct load_info *info, int flags)
6334 6334
  {
6335 6335
  	const char *modmagic = get_modinfo(info, "vermagic");
... ...
@@ -6345,7 +6350,7 @@ index de66ec8..9812431 100644
6345 6345
  	if (flags & MODULE_INIT_IGNORE_VERMAGIC)
6346 6346
  		modmagic = NULL;
6347 6347
  
6348
-@@ -3032,7 +3039,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
6348
+@@ -3043,7 +3050,7 @@ static int check_modinfo(struct module *mod, struct load_info *info, int flags)
6349 6349
  		return err;
6350 6350
  
6351 6351
  	/* Set up license info based on the info section */
... ...
@@ -6355,7 +6360,7 @@ index de66ec8..9812431 100644
6355 6355
  	return 0;
6356 6356
  }
6357 6357
 diff --git a/kernel/sched/core.c b/kernel/sched/core.c
6358
-index 8fa7b6f..b2b63c2 100644
6358
+index 5506246..91811a7 100644
6359 6359
 --- a/kernel/sched/core.c
6360 6360
 +++ b/kernel/sched/core.c
6361 6361
 @@ -2684,7 +2684,7 @@ static struct rq *finish_task_switch(struct task_struct *prev)
... ...
@@ -6392,7 +6397,7 @@ index 4ae5c1e..04c05f8 100644
6392 6392
  static void push_dl_tasks(struct rq *);
6393 6393
  static void pull_dl_task(struct rq *);
6394 6394
 diff --git a/kernel/sched/rt.c b/kernel/sched/rt.c
6395
-index 7464c5c..02a938d 100644
6395
+index 298f62b..6f2e85f 100644
6396 6396
 --- a/kernel/sched/rt.c
6397 6397
 +++ b/kernel/sched/rt.c
6398 6398
 @@ -353,8 +353,8 @@ static inline int has_pushable_tasks(struct rq *rq)
... ...
@@ -6407,10 +6412,10 @@ index 7464c5c..02a938d 100644
6407 6407
  static void push_rt_tasks(struct rq *);
6408 6408
  static void pull_rt_task(struct rq *);
6409 6409
 diff --git a/kernel/sched/sched.h b/kernel/sched/sched.h
6410
-index b732e77..fbd3c0c 100644
6410
+index 307c35d..555b429 100644
6411 6411
 --- a/kernel/sched/sched.h
6412 6412
 +++ b/kernel/sched/sched.h
6413
-@@ -738,7 +738,10 @@ struct rq {
6413
+@@ -740,7 +740,10 @@ struct rq {
6414 6414
  	unsigned long cpu_capacity;
6415 6415
  	unsigned long cpu_capacity_orig;
6416 6416
  
... ...
@@ -6422,7 +6427,7 @@ index b732e77..fbd3c0c 100644
6422 6422
  
6423 6423
  	unsigned char idle_balance;
6424 6424
  	/* For active balancing */
6425
-@@ -993,7 +996,7 @@ extern int migrate_swap(struct task_struct *, struct task_struct *);
6425
+@@ -995,7 +998,7 @@ extern int migrate_swap(struct task_struct *, struct task_struct *);
6426 6426
  
6427 6427
  static inline void
6428 6428
  queue_balance_callback(struct rq *rq,
... ...
@@ -6431,7 +6436,7 @@ index b732e77..fbd3c0c 100644
6431 6431
  		       void (*func)(struct rq *rq))
6432 6432
  {
6433 6433
  	lockdep_assert_held(&rq->lock);
6434
-@@ -1001,7 +1004,7 @@ queue_balance_callback(struct rq *rq,
6434
+@@ -1003,7 +1006,7 @@ queue_balance_callback(struct rq *rq,
6435 6435
  	if (unlikely(head->next))
6436 6436
  		return;
6437 6437
  
... ...
@@ -6453,7 +6458,7 @@ index 594d73f..fc9d65f 100644
6453 6453
  				void *data,
6454 6454
  				gfp_t gfp)
6455 6455
  {
6456
-@@ -2773,7 +2773,7 @@ out:
6456
+@@ -2773,7 +2773,7 @@ static struct page *do_read_cache_page(struct address_space *mapping,
6457 6457
   */
6458 6458
  struct page *read_cache_page(struct address_space *mapping,
6459 6459
  				pgoff_t index,
... ...
@@ -6571,7 +6576,7 @@ index aa04666..e5e4e18 100644
6571 6571
  {
6572 6572
  	int *ip = (int *)kp->arg;
6573 6573
  	struct svc_pool_map *m = &svc_pool_map;
6574
-@@ -80,7 +80,7 @@ out:
6574
+@@ -80,7 +80,7 @@ param_set_pool_mode(const char *val, struct kernel_param *kp)
6575 6575
  }
6576 6576
  
6577 6577
  static int
... ...
@@ -7926,7 +7931,7 @@ index 0000000..65bc1cd
7926 7926
 +	U64TO8_LE(out, b);
7927 7927
 +}
7928 7928
 diff --git a/security/Kconfig b/security/Kconfig
7929
-index edb7fcd..7a98e4c 100644
7929
+index 08d4882..bbb8aad 100644
7930 7930
 --- a/security/Kconfig
7931 7931
 +++ b/security/Kconfig
7932 7932
 @@ -81,6 +81,24 @@ config PAX_MPROTECT
... ...
@@ -8010,6 +8015,3 @@ index 1346ee5..17893fd 100644
8010 8010
  {
8011 8011
  	int i;
8012 8012
  
8013
-2.8.1
8014
-
... ...
@@ -1,6 +1,6 @@
1 1
 #
2 2
 # Automatically generated file; DO NOT EDIT.
3
-# Linux/x86 4.14.8 Kernel Configuration
3
+# Linux/x86 4.14.54 Kernel Configuration
4 4
 #
5 5
 CONFIG_64BIT=y
6 6
 CONFIG_X86_64=y
... ...
@@ -453,6 +453,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y
453 453
 CONFIG_X86_X2APIC=y
454 454
 # CONFIG_X86_MPPARSE is not set
455 455
 # CONFIG_GOLDFISH is not set
456
+CONFIG_RETPOLINE=y
456 457
 # CONFIG_INTEL_RDT is not set
457 458
 # CONFIG_X86_EXTENDED_PLATFORM is not set
458 459
 # CONFIG_X86_INTEL_LPSS is not set
... ...
@@ -1269,6 +1270,9 @@ CONFIG_NF_CONNTRACK_IPV6=m
1269 1269
 # CONFIG_NF_SOCKET_IPV6 is not set
1270 1270
 CONFIG_NF_TABLES_IPV6=m
1271 1271
 CONFIG_NFT_CHAIN_ROUTE_IPV6=m
1272
+CONFIG_NFT_CHAIN_NAT_IPV6=m
1273
+CONFIG_NFT_MASQ_IPV6=m
1274
+CONFIG_NFT_REDIR_IPV6=m
1272 1275
 CONFIG_NFT_REJECT_IPV6=m
1273 1276
 CONFIG_NFT_DUP_IPV6=m
1274 1277
 # CONFIG_NFT_FIB_IPV6 is not set
... ...
@@ -1276,10 +1280,7 @@ CONFIG_NF_DUP_IPV6=m
1276 1276
 CONFIG_NF_REJECT_IPV6=m
1277 1277
 CONFIG_NF_LOG_IPV6=m
1278 1278
 CONFIG_NF_NAT_IPV6=m
1279
-CONFIG_NFT_CHAIN_NAT_IPV6=m
1280 1279
 CONFIG_NF_NAT_MASQUERADE_IPV6=m
1281
-CONFIG_NFT_MASQ_IPV6=m
1282
-CONFIG_NFT_REDIR_IPV6=m
1283 1280
 CONFIG_IP6_NF_IPTABLES=m
1284 1281
 CONFIG_IP6_NF_MATCH_AH=m
1285 1282
 CONFIG_IP6_NF_MATCH_EUI64=m
... ...
@@ -1541,6 +1542,7 @@ CONFIG_ALLOW_DEV_COREDUMP=y
1541 1541
 CONFIG_SYS_HYPERVISOR=y
1542 1542
 # CONFIG_GENERIC_CPU_DEVICES is not set
1543 1543
 CONFIG_GENERIC_CPU_AUTOPROBE=y
1544
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
1544 1545
 CONFIG_REGMAP=y
1545 1546
 CONFIG_REGMAP_I2C=y
1546 1547
 CONFIG_DMA_SHARED_BUFFER=y
... ...
@@ -4469,8 +4471,6 @@ CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
4469 4469
 # CONFIG_DEBUG_PER_CPU_MAPS is not set
4470 4470
 CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
4471 4471
 # CONFIG_DEBUG_STACKOVERFLOW is not set
4472
-CONFIG_HAVE_ARCH_KMEMCHECK=y
4473
-# CONFIG_KMEMCHECK is not set
4474 4472
 CONFIG_HAVE_ARCH_KASAN=y
4475 4473
 # CONFIG_KASAN is not set
4476 4474
 CONFIG_ARCH_HAS_KCOV=y
... ...
@@ -4570,7 +4570,6 @@ CONFIG_FTRACE_SYSCALLS=y
4570 4570
 # CONFIG_TRACER_SNAPSHOT is not set
4571 4571
 CONFIG_BRANCH_PROFILE_NONE=y
4572 4572
 # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
4573
-# CONFIG_PROFILE_ALL_BRANCHES is not set
4574 4573
 # CONFIG_STACK_TRACER is not set
4575 4574
 CONFIG_BLK_DEV_IO_TRACE=y
4576 4575
 CONFIG_KPROBE_EVENTS=y
... ...
@@ -4657,9 +4656,9 @@ CONFIG_OPTIMIZE_INLINING=y
4657 4657
 # CONFIG_DEBUG_NMI_SELFTEST is not set
4658 4658
 # CONFIG_X86_DEBUG_FPU is not set
4659 4659
 # CONFIG_PUNIT_ATOM_DEBUG is not set
4660
-CONFIG_FRAME_POINTER_UNWINDER=y
4661
-# CONFIG_ORC_UNWINDER is not set
4662
-# CONFIG_GUESS_UNWINDER is not set
4660
+# CONFIG_UNWINDER_ORC is not set
4661
+CONFIG_UNWINDER_FRAME_POINTER=y
4662
+# CONFIG_UNWINDER_GUESS is not set
4663 4663
 
4664 4664
 #
4665 4665
 # Security options
... ...
@@ -4676,6 +4675,7 @@ CONFIG_SECURITY=y
4676 4676
 # CONFIG_SECURITY_WRITABLE_HOOKS is not set
4677 4677
 CONFIG_SECURITYFS=y
4678 4678
 CONFIG_SECURITY_NETWORK=y
4679
+CONFIG_PAGE_TABLE_ISOLATION=y
4679 4680
 # CONFIG_SECURITY_NETWORK_XFRM is not set
4680 4681
 CONFIG_SECURITY_PATH=y
4681 4682
 CONFIG_INTEL_TXT=y
... ...
@@ -1,6 +1,6 @@
1 1
 #
2 2
 # Automatically generated file; DO NOT EDIT.
3
-# Linux/x86 4.14.8 Kernel Configuration
3
+# Linux/x86 4.14.54 Kernel Configuration
4 4
 #
5 5
 CONFIG_64BIT=y
6 6
 CONFIG_X86_64=y
... ...
@@ -453,6 +453,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y
453 453
 CONFIG_X86_X2APIC=y
454 454
 # CONFIG_X86_MPPARSE is not set
455 455
 # CONFIG_GOLDFISH is not set
456
+CONFIG_RETPOLINE=y
456 457
 # CONFIG_INTEL_RDT is not set
457 458
 # CONFIG_X86_EXTENDED_PLATFORM is not set
458 459
 # CONFIG_X86_INTEL_LPSS is not set
... ...
@@ -1269,6 +1270,9 @@ CONFIG_NF_CONNTRACK_IPV6=m
1269 1269
 # CONFIG_NF_SOCKET_IPV6 is not set
1270 1270
 CONFIG_NF_TABLES_IPV6=m
1271 1271
 CONFIG_NFT_CHAIN_ROUTE_IPV6=m
1272
+CONFIG_NFT_CHAIN_NAT_IPV6=m
1273
+CONFIG_NFT_MASQ_IPV6=m
1274
+CONFIG_NFT_REDIR_IPV6=m
1272 1275
 CONFIG_NFT_REJECT_IPV6=m
1273 1276
 CONFIG_NFT_DUP_IPV6=m
1274 1277
 # CONFIG_NFT_FIB_IPV6 is not set
... ...
@@ -1276,10 +1280,7 @@ CONFIG_NF_DUP_IPV6=m
1276 1276
 CONFIG_NF_REJECT_IPV6=m
1277 1277
 CONFIG_NF_LOG_IPV6=m
1278 1278
 CONFIG_NF_NAT_IPV6=m
1279
-CONFIG_NFT_CHAIN_NAT_IPV6=m
1280 1279
 CONFIG_NF_NAT_MASQUERADE_IPV6=m
1281
-CONFIG_NFT_MASQ_IPV6=m
1282
-CONFIG_NFT_REDIR_IPV6=m
1283 1280
 CONFIG_IP6_NF_IPTABLES=m
1284 1281
 CONFIG_IP6_NF_MATCH_AH=m
1285 1282
 CONFIG_IP6_NF_MATCH_EUI64=m
... ...
@@ -1541,6 +1542,7 @@ CONFIG_ALLOW_DEV_COREDUMP=y
1541 1541
 CONFIG_SYS_HYPERVISOR=y
1542 1542
 # CONFIG_GENERIC_CPU_DEVICES is not set
1543 1543
 CONFIG_GENERIC_CPU_AUTOPROBE=y
1544
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
1544 1545
 CONFIG_REGMAP=y
1545 1546
 CONFIG_REGMAP_I2C=y
1546 1547
 CONFIG_DMA_SHARED_BUFFER=y
... ...
@@ -4469,8 +4471,6 @@ CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
4469 4469
 # CONFIG_DEBUG_PER_CPU_MAPS is not set
4470 4470
 CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
4471 4471
 # CONFIG_DEBUG_STACKOVERFLOW is not set
4472
-CONFIG_HAVE_ARCH_KMEMCHECK=y
4473
-# CONFIG_KMEMCHECK is not set
4474 4472
 CONFIG_HAVE_ARCH_KASAN=y
4475 4473
 # CONFIG_KASAN is not set
4476 4474
 CONFIG_ARCH_HAS_KCOV=y
... ...
@@ -4570,7 +4570,6 @@ CONFIG_FTRACE_SYSCALLS=y
4570 4570
 # CONFIG_TRACER_SNAPSHOT is not set
4571 4571
 CONFIG_BRANCH_PROFILE_NONE=y
4572 4572
 # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
4573
-# CONFIG_PROFILE_ALL_BRANCHES is not set
4574 4573
 # CONFIG_STACK_TRACER is not set
4575 4574
 CONFIG_BLK_DEV_IO_TRACE=y
4576 4575
 CONFIG_KPROBE_EVENTS=y
... ...
@@ -4657,9 +4656,9 @@ CONFIG_OPTIMIZE_INLINING=y
4657 4657
 # CONFIG_DEBUG_NMI_SELFTEST is not set
4658 4658
 # CONFIG_X86_DEBUG_FPU is not set
4659 4659
 # CONFIG_PUNIT_ATOM_DEBUG is not set
4660
-CONFIG_FRAME_POINTER_UNWINDER=y
4661
-# CONFIG_ORC_UNWINDER is not set
4662
-# CONFIG_GUESS_UNWINDER is not set
4660
+# CONFIG_UNWINDER_ORC is not set
4661
+CONFIG_UNWINDER_FRAME_POINTER=y
4662
+# CONFIG_UNWINDER_GUESS is not set
4663 4663
 
4664 4664
 #
4665 4665
 # Security options
... ...
@@ -4676,6 +4675,7 @@ CONFIG_SECURITY=y
4676 4676
 # CONFIG_SECURITY_WRITABLE_HOOKS is not set
4677 4677
 CONFIG_SECURITYFS=y
4678 4678
 CONFIG_SECURITY_NETWORK=y
4679
+CONFIG_PAGE_TABLE_ISOLATION=y
4679 4680
 # CONFIG_SECURITY_NETWORK_XFRM is not set
4680 4681
 CONFIG_SECURITY_PATH=y
4681 4682
 CONFIG_INTEL_TXT=y
... ...
@@ -1,6 +1,6 @@
1 1
 #
2 2
 # Automatically generated file; DO NOT EDIT.
3
-# Linux/x86 4.14.8 Kernel Configuration
3
+# Linux/x86 4.14.54 Kernel Configuration
4 4
 #
5 5
 CONFIG_64BIT=y
6 6
 CONFIG_X86_64=y
... ...
@@ -313,6 +313,7 @@ CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8
313 313
 CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y
314 314
 CONFIG_HAVE_COPY_THREAD_TLS=y
315 315
 CONFIG_HAVE_STACK_VALIDATION=y
316
+CONFIG_HAVE_RELIABLE_STACKTRACE=y
316 317
 # CONFIG_HAVE_ARCH_HASH is not set
317 318
 # CONFIG_ISA_BUS_API is not set
318 319
 CONFIG_OLD_SIGSUSPEND3=y
... ...
@@ -402,7 +403,6 @@ CONFIG_IOSCHED_NOOP=y
402 402
 CONFIG_IOSCHED_DEADLINE=m
403 403
 CONFIG_IOSCHED_CFQ=m
404 404
 CONFIG_CFQ_GROUP_IOSCHED=y
405
-# CONFIG_DEFAULT_DEADLINE is not set
406 405
 CONFIG_DEFAULT_NOOP=y
407 406
 CONFIG_DEFAULT_IOSCHED="noop"
408 407
 # CONFIG_MQ_IOSCHED_DEADLINE is not set
... ...
@@ -435,6 +435,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y
435 435
 CONFIG_X86_X2APIC=y
436 436
 CONFIG_X86_MPPARSE=y
437 437
 # CONFIG_GOLDFISH is not set
438
+CONFIG_RETPOLINE=y
438 439
 # CONFIG_INTEL_RDT is not set
439 440
 # CONFIG_X86_EXTENDED_PLATFORM is not set
440 441
 # CONFIG_X86_INTEL_LPSS is not set
... ...
@@ -1331,6 +1332,7 @@ CONFIG_ALLOW_DEV_COREDUMP=y
1331 1331
 # CONFIG_SYS_HYPERVISOR is not set
1332 1332
 # CONFIG_GENERIC_CPU_DEVICES is not set
1333 1333
 CONFIG_GENERIC_CPU_AUTOPROBE=y
1334
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
1334 1335
 CONFIG_REGMAP=y
1335 1336
 CONFIG_REGMAP_I2C=m
1336 1337
 CONFIG_DMA_SHARED_BUFFER=y
... ...
@@ -3092,8 +3094,6 @@ CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
3092 3092
 # CONFIG_DEBUG_PER_CPU_MAPS is not set
3093 3093
 CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
3094 3094
 # CONFIG_DEBUG_STACKOVERFLOW is not set
3095
-CONFIG_HAVE_ARCH_KMEMCHECK=y
3096
-# CONFIG_KMEMCHECK is not set
3097 3095
 CONFIG_HAVE_ARCH_KASAN=y
3098 3096
 # CONFIG_KASAN is not set
3099 3097
 CONFIG_ARCH_HAS_KCOV=y
... ...
@@ -3236,9 +3236,9 @@ CONFIG_DEFAULT_IO_DELAY_TYPE=3
3236 3236
 # CONFIG_DEBUG_NMI_SELFTEST is not set
3237 3237
 # CONFIG_X86_DEBUG_FPU is not set
3238 3238
 # CONFIG_PUNIT_ATOM_DEBUG is not set
3239
-CONFIG_FRAME_POINTER_UNWINDER=y
3240
-# CONFIG_ORC_UNWINDER is not set
3241
-# CONFIG_GUESS_UNWINDER is not set
3239
+# CONFIG_UNWINDER_ORC is not set
3240
+CONFIG_UNWINDER_FRAME_POINTER=y
3241
+# CONFIG_UNWINDER_GUESS is not set
3242 3242
 
3243 3243
 #
3244 3244
 # Security options
... ...
@@ -3252,6 +3252,7 @@ CONFIG_KEYS_COMPAT=y
3252 3252
 # CONFIG_SECURITY_DMESG_RESTRICT is not set
3253 3253
 # CONFIG_SECURITY is not set
3254 3254
 # CONFIG_SECURITYFS is not set
3255
+CONFIG_PAGE_TABLE_ISOLATION=y
3255 3256
 CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y
3256 3257
 CONFIG_HARDENED_USERCOPY=y
3257 3258
 # CONFIG_HARDENED_USERCOPY_PAGESPAN is not set
... ...
@@ -1,6 +1,6 @@
1 1
 #
2 2
 # Automatically generated file; DO NOT EDIT.
3
-# Linux/x86 4.14.8 Kernel Configuration
3
+# Linux/x86 4.14.54 Kernel Configuration
4 4
 #
5 5
 CONFIG_64BIT=y
6 6
 CONFIG_X86_64=y
... ...
@@ -328,6 +328,7 @@ CONFIG_HAVE_EXIT_THREAD=y
328 328
 CONFIG_ARCH_MMAP_RND_BITS=32
329 329
 CONFIG_HAVE_COPY_THREAD_TLS=y
330 330
 CONFIG_HAVE_STACK_VALIDATION=y
331
+CONFIG_HAVE_RELIABLE_STACKTRACE=y
331 332
 # CONFIG_HAVE_ARCH_HASH is not set
332 333
 # CONFIG_ISA_BUS_API is not set
333 334
 # CONFIG_CPU_NO_EFFICIENT_FFS is not set
... ...
@@ -448,6 +449,7 @@ CONFIG_X86_FAST_FEATURE_TESTS=y
448 448
 CONFIG_X86_X2APIC=y
449 449
 # CONFIG_X86_MPPARSE is not set
450 450
 # CONFIG_GOLDFISH is not set
451
+CONFIG_RETPOLINE=y
451 452
 # CONFIG_INTEL_RDT is not set
452 453
 # CONFIG_X86_EXTENDED_PLATFORM is not set
453 454
 # CONFIG_X86_INTEL_LPSS is not set
... ...
@@ -542,7 +544,6 @@ CONFIG_ARCH_SPARSEMEM_ENABLE=y
542 542
 CONFIG_ARCH_SPARSEMEM_DEFAULT=y
543 543
 CONFIG_ARCH_SELECT_MEMORY_MODEL=y
544 544
 CONFIG_ARCH_MEMORY_PROBE=y
545
-CONFIG_ARCH_PROC_KCORE_TEXT=y
546 545
 CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000
547 546
 CONFIG_SELECT_MEMORY_MODEL=y
548 547
 CONFIG_SPARSEMEM_MANUAL=y
... ...
@@ -1244,6 +1245,9 @@ CONFIG_NF_CONNTRACK_IPV6=m
1244 1244
 CONFIG_NF_SOCKET_IPV6=m
1245 1245
 CONFIG_NF_TABLES_IPV6=m
1246 1246
 CONFIG_NFT_CHAIN_ROUTE_IPV6=m
1247
+CONFIG_NFT_CHAIN_NAT_IPV6=m
1248
+CONFIG_NFT_MASQ_IPV6=m
1249
+CONFIG_NFT_REDIR_IPV6=m
1247 1250
 CONFIG_NFT_REJECT_IPV6=m
1248 1251
 CONFIG_NFT_DUP_IPV6=m
1249 1252
 # CONFIG_NFT_FIB_IPV6 is not set
... ...
@@ -1251,10 +1255,7 @@ CONFIG_NF_DUP_IPV6=m
1251 1251
 CONFIG_NF_REJECT_IPV6=m
1252 1252
 CONFIG_NF_LOG_IPV6=m
1253 1253
 CONFIG_NF_NAT_IPV6=m
1254
-CONFIG_NFT_CHAIN_NAT_IPV6=m
1255 1254
 CONFIG_NF_NAT_MASQUERADE_IPV6=m
1256
-CONFIG_NFT_MASQ_IPV6=m
1257
-CONFIG_NFT_REDIR_IPV6=m
1258 1255
 CONFIG_IP6_NF_IPTABLES=m
1259 1256
 CONFIG_IP6_NF_MATCH_AH=m
1260 1257
 CONFIG_IP6_NF_MATCH_EUI64=m
... ...
@@ -1513,6 +1514,7 @@ CONFIG_ALLOW_DEV_COREDUMP=y
1513 1513
 # CONFIG_SYS_HYPERVISOR is not set
1514 1514
 # CONFIG_GENERIC_CPU_DEVICES is not set
1515 1515
 CONFIG_GENERIC_CPU_AUTOPROBE=y
1516
+CONFIG_GENERIC_CPU_VULNERABILITIES=y
1516 1517
 CONFIG_REGMAP=y
1517 1518
 CONFIG_REGMAP_I2C=y
1518 1519
 CONFIG_DMA_SHARED_BUFFER=y
... ...
@@ -4348,8 +4350,6 @@ CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y
4348 4348
 # CONFIG_DEBUG_PER_CPU_MAPS is not set
4349 4349
 CONFIG_HAVE_DEBUG_STACKOVERFLOW=y
4350 4350
 # CONFIG_DEBUG_STACKOVERFLOW is not set
4351
-CONFIG_HAVE_ARCH_KMEMCHECK=y
4352
-# CONFIG_KMEMCHECK is not set
4353 4351
 CONFIG_HAVE_ARCH_KASAN=y
4354 4352
 # CONFIG_KASAN is not set
4355 4353
 CONFIG_ARCH_HAS_KCOV=y
... ...
@@ -4449,7 +4449,6 @@ CONFIG_FTRACE=y
4449 4449
 # CONFIG_TRACER_SNAPSHOT is not set
4450 4450
 CONFIG_BRANCH_PROFILE_NONE=y
4451 4451
 # CONFIG_PROFILE_ANNOTATED_BRANCHES is not set
4452
-# CONFIG_PROFILE_ALL_BRANCHES is not set
4453 4452
 # CONFIG_STACK_TRACER is not set
4454 4453
 CONFIG_BLK_DEV_IO_TRACE=y
4455 4454
 CONFIG_KPROBE_EVENTS=y
... ...
@@ -4534,9 +4533,9 @@ CONFIG_OPTIMIZE_INLINING=y
4534 4534
 # CONFIG_DEBUG_NMI_SELFTEST is not set
4535 4535
 # CONFIG_X86_DEBUG_FPU is not set
4536 4536
 # CONFIG_PUNIT_ATOM_DEBUG is not set
4537
-CONFIG_FRAME_POINTER_UNWINDER=y
4538
-# CONFIG_ORC_UNWINDER is not set
4539
-# CONFIG_GUESS_UNWINDER is not set
4537
+# CONFIG_UNWINDER_ORC is not set
4538
+CONFIG_UNWINDER_FRAME_POINTER=y
4539
+# CONFIG_UNWINDER_GUESS is not set
4540 4540
 
4541 4541
 #
4542 4542
 # Security options
... ...
@@ -4559,6 +4558,7 @@ CONFIG_SECURITY=y
4559 4559
 # CONFIG_SECURITY_WRITABLE_HOOKS is not set
4560 4560
 CONFIG_SECURITYFS=y
4561 4561
 CONFIG_SECURITY_NETWORK=y
4562
+CONFIG_PAGE_TABLE_ISOLATION=y
4562 4563
 # CONFIG_SECURITY_NETWORK_XFRM is not set
4563 4564
 CONFIG_SECURITY_PATH=y
4564 4565
 CONFIG_INTEL_TXT=y
... ...
@@ -9,7 +9,7 @@ In case of panic kmsg will be dumped to vmware.log file
9 9
  1 file changed, 142 insertions(+), 3 deletions(-)
10 10
 
11 11
 diff --git a/arch/x86/kernel/cpu/vmware.c b/arch/x86/kernel/cpu/vmware.c
12
-index 40ed2685..50ed5769 100644
12
+index 8e005329648b..eb8515b5cad7 100644
13 13
 --- a/arch/x86/kernel/cpu/vmware.c
14 14
 +++ b/arch/x86/kernel/cpu/vmware.c
15 15
 @@ -30,19 +30,24 @@
... ...
@@ -63,10 +63,10 @@ index 40ed2685..50ed5769 100644
63 63
  }
64 64
  
65 65
  /*
66
-@@ -212,3 +226,128 @@ const __refconst struct hypervisor_x86 x86_hyper_vmware = {
67
- 	.x2apic_available	= vmware_legacy_x2apic_available,
66
+@@ -212,3 +226,128 @@ const __initconst struct hypervisor_x86 x86_hyper_vmware = {
67
+ 	.init.init_platform	= vmware_platform_setup,
68
+ 	.init.x2apic_available	= vmware_legacy_x2apic_available,
68 69
  };
69
- EXPORT_SYMBOL(x86_hyper_vmware);
70 70
 +
71 71
 +#define MESSAGE_STATUS_SUCCESS  (0x01 << 16)
72 72
 +#define MESSAGE_STATUS_CPT      (0x10 << 16)
... ...
@@ -192,6 +192,3 @@ index 40ed2685..50ed5769 100644
192 192
 +			break;
193 193
 +	}
194 194
 +}
195
-2.11.0
196
-
... ...
@@ -1,7 +1,7 @@
1 1
 %global security_hardening none
2 2
 Summary:        Kernel
3 3
 Name:           linux-aws
4
-Version:        4.14.8
4
+Version:        4.14.54
5 5
 Release:        1%{?kat_build:.%kat_build}%{?dist}
6 6
 License:    	GPLv2
7 7
 URL:        	http://www.kernel.org/
... ...
@@ -9,7 +9,7 @@ Group:        	System Environment/Kernel
9 9
 Vendor:         VMware, Inc.
10 10
 Distribution: 	Photon
11 11
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
12
-%define sha1 linux=45f140e0eab08428d78d81d4169d531a3e65a297
12
+%define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d
13 13
 Source1:	config-aws
14 14
 Source2:	initramfs.trigger
15 15
 %define ena_version 1.5.0
... ...
@@ -305,5 +305,7 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
305 305
 /usr/share/doc/*
306 306
 
307 307
 %changelog
308
+*   Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1
309
+-   Update to version 4.14.54
308 310
 *   Thu Feb 22 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.14.8-1
309 311
 -   First build based on linux.spec and config. No AWS-specific patches yet.
... ...
@@ -1,7 +1,7 @@
1 1
 %global security_hardening none
2 2
 Summary:        Kernel
3 3
 Name:           linux-esx
4
-Version:        4.14.8
4
+Version:        4.14.54
5 5
 Release:        1%{?dist}
6 6
 License:        GPLv2
7 7
 URL:            http://www.kernel.org/
... ...
@@ -9,7 +9,7 @@ Group:          System Environment/Kernel
9 9
 Vendor:         VMware, Inc.
10 10
 Distribution:   Photon
11 11
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
12
-%define sha1 linux=45f140e0eab08428d78d81d4169d531a3e65a297
12
+%define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d
13 13
 Source1:        config-esx
14 14
 Source2:        initramfs.trigger
15 15
 # common
... ...
@@ -186,6 +186,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
186 186
 /usr/src/linux-headers-%{uname_r}
187 187
 
188 188
 %changelog
189
+*   Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1
190
+-   Update to version 4.14.54
189 191
 *   Fri Feb 02 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-1
190 192
 -   Version update
191 193
 *   Mon Dec 19 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-2
... ...
@@ -1,15 +1,15 @@
1 1
 %global security_hardening none
2 2
 Summary:        Kernel
3 3
 Name:           linux-secure
4
-Version:        4.14.8
5
-Release:        2%{?kat_build:.%kat_build}%{?dist}
4
+Version:        4.14.54
5
+Release:        1%{?kat_build:.%kat_build}%{?dist}
6 6
 License:        GPLv2
7 7
 URL:            http://www.kernel.org/
8 8
 Group:          System Environment/Kernel
9 9
 Vendor:         VMware, Inc.
10 10
 Distribution:   Photon
11 11
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
12
-%define sha1 linux=45f140e0eab08428d78d81d4169d531a3e65a297
12
+%define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d
13 13
 Source1:        config-secure
14 14
 Source2:        initramfs.trigger
15 15
 # common
... ...
@@ -222,6 +222,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
222 222
 /usr/src/linux-headers-%{uname_r}
223 223
 
224 224
 %changelog
225
+*   Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1
226
+-   Update to version 4.14.54
225 227
 *   Mon Mar 19 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-2
226 228
 -   Extra hardening: slab_nomerge and some .config changes
227 229
 *   Fri Feb 16 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-1
... ...
@@ -1,15 +1,15 @@
1 1
 %global security_hardening none
2 2
 Summary:        Kernel
3 3
 Name:           linux
4
-Version:        4.14.8
5
-Release:        2%{?kat_build:.%kat_build}%{?dist}
4
+Version:        4.14.54
5
+Release:        1%{?kat_build:.%kat_build}%{?dist}
6 6
 License:    	GPLv2
7 7
 URL:        	http://www.kernel.org/
8 8
 Group:        	System Environment/Kernel
9 9
 Vendor:         VMware, Inc.
10 10
 Distribution: 	Photon
11 11
 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
12
-%define sha1 linux=45f140e0eab08428d78d81d4169d531a3e65a297
12
+%define sha1 linux=434080e874f7b78c3234f22784427d4a189fb54d
13 13
 Source1:	config
14 14
 Source2:	initramfs.trigger
15 15
 %define ena_version 1.5.0
... ...
@@ -341,6 +341,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
341 341
 %endif
342 342
 
343 343
 %changelog
344
+*   Mon Jul 09 2018 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.14.54-1
345
+-   Update to version 4.14.54
344 346
 *   Fri Jan 26 2018 Alexey Makhalov <amakhalov@vmware.com> 4.14.8-2
345 347
 -   Added vchiq entry to rpi3 dts
346 348
 -   Added dtb-rpi3 subpackage
347 349
new file mode 100644
... ...
@@ -0,0 +1,110 @@
0
+diff -Naur gosc-scripts/imc-shell/imgcust-scripts/CustomizationUtils.sh gosc-scripts-modify/imc-shell/imgcust-scripts/CustomizationUtils.sh
1
+--- gosc-scripts/imc-shell/imgcust-scripts/CustomizationUtils.sh	2016-04-30 04:11:27.000000000 +0530
2
+@@ -633,6 +633,55 @@
3
+   Info "RunCustomScript has completed"
4
+ }
5
+ 
6
++# Runs post-customization script.
7
++#
8
++# Args:
9
++#   scriptPath: string: relative path to the script
10
++# Results:
11
++#   None
12
++# Throws:
13
++#   Dies in case execution returns non-zero exit code.
14
++RunPostCustomScript()
15
++{
16
++  local scriptPath=$1
17
++  
18
++  Info "RunPostCustomScript invoked"
19
++  
20
++  if [[ -e $scriptPath ]]; then
21
++    # Strip any CR characters from the decoded script
22
++    Exec "${CAT} $scriptPath | ${TR} -d '\r' > $scriptPath.tmp" '' ''
23
++    Exec "${CHMOD} u+x $scriptPath.tmp" '' ''
24
++    
25
++    Info "Executing post-customization script..."
26
++    
27
++    ${SH} -c "$scriptPath.tmp postcustomization"
28
++    local exitCode=$?
29
++    if [[ $exitCode -ne 0 ]]; then
30
++      Die "Execution of post-customization failed!"
31
++    fi
32
++  else
33
++   Warn "Customization script '$scriptPath' does not exist"
34
++  fi
35
++  
36
++  Info "RunPostCustomScript has completed" 
37
++}
38
++
39
++# Sets Guest Customization status
40
++#
41
++# Args:
42
++#   Status: String: Started / Successful / Failed
43
++# Results:
44
++#   None
45
++# Throws:
46
++#   None
47
++PostGCStatus()
48
++{
49
++  local STATUS=$1
50
++  local OUTPUT="$(ps -C vmtoolsd -o cmd=)"
51
++  local CMD="$OUTPUT --cmd \"info-set guestinfo.gc.status $STATUS\""
52
++  eval $CMD
53
++}
54
++
55
+ # Installs post-customization script.
56
+ #
57
+ # Args:
58
+diff -Naur gosc-scripts/imc-shell/imgcust-scripts/PhotonCustomization.sh gosc-scripts-modify/imc-shell/imgcust-scripts/PhotonCustomization.sh
59
+--- gosc-scripts/imc-shell/imgcust-scripts/PhotonCustomization.sh	2016-04-30 02:40:39.000000000 +0530
60
+@@ -20,7 +20,6 @@
61
+     scriptName=`${DIRNAME} $configPath`"/$scriptName"
62
+     Info "Handling customization script [$scriptName]"
63
+     RunCustomScript $scriptName
64
+-    InstallCustomScript $scriptName
65
+   else
66
+     Info "No customization script to run"
67
+   fi
68
+@@ -88,7 +87,27 @@
69
+ 
70
+   Info "Photon customization started"
71
+ 
72
++  #Set Guest Customization status as Started
73
++  PostGCStatus "Started"
74
++
75
+   RunCloudConfig $configFilePath
76
+ 
77
+   Info "Photon customization finished"
78
++
79
++  # Run Post customization script
80
++
81
++  local scriptName=$(ConfigFile_GetCustomScriptName)
82
++
83
++  if [[ -n "$scriptName" ]]; then
84
++    scriptName=`${DIRNAME} $configFilePath`"/$scriptName"
85
++    Info "Handling Post Customization script [$scriptName]"
86
++    RunPostCustomScript $scriptName
87
++  else
88
++    Info "No post customization script to run"
89
++  fi
90
++  
91
++  #Set Guest customization status as successful
92
++  PostGCStatus "Successful"
93
++
94
++  Info "Photon Customization Successful. GC Status is updated"
95
+ }
96
+diff -Naur gosc-scripts/imc-shell/imgcust-scripts/Utils.sh gosc-scripts-modify/imc-shell/imgcust-scripts/Utils.sh
97
+--- gosc-scripts/imc-shell/imgcust-scripts/Utils.sh	2016-04-30 02:40:39.000000000 +0530
98
+@@ -105,6 +105,8 @@
99
+ {
100
+   Error "$@"
101
+   echo "DIE: $@" 1>&2
102
++  # Set Guest customization status as failure
103
++  PostGCStatus "Failed"
104
+   exit 1
105
+ }
106
+ 
... ...
@@ -1,7 +1,7 @@
1 1
 Summary:        Usermode tools for VmWare virts
2 2
 Name:           open-vm-tools
3 3
 Version:        10.2.0
4
-Release:        3%{?dist}
4
+Release:        4%{?dist}
5 5
 License:        LGPLv2+
6 6
 URL:            https://github.com/vmware/open-vm-tools
7 7
 Group:          Applications/System
... ...
@@ -18,6 +18,7 @@ Patch1:         hostnameReCustomizationFix.patch
18 18
 Patch2:         PureIPv6-hosts.patch
19 19
 Patch3:         GOSC-libDeploy.patch
20 20
 Patch4:         timezoneCust.patch
21
+Patch5:         gosc-post-custom.patch
21 22
 BuildRequires:  glib-devel
22 23
 BuildRequires:  xerces-c-devel
23 24
 BuildRequires:  xml-security-c-devel
... ...
@@ -54,6 +55,7 @@ It contains the libraries and header files to create applications.
54 54
 %patch2 -p0
55 55
 %patch3 -p2
56 56
 %patch4 -p0
57
+%patch5 -p0
57 58
 %build
58 59
 touch ChangeLog
59 60
 autoreconf -i
... ...
@@ -113,6 +115,8 @@ fi
113 113
 %{_libdir}/*.so
114 114
 
115 115
 %changelog
116
+*   Tue Jul 10 2018 Keerthana K <keerthanak@vmware.com> 10.2.0-4
117
+-   Fix for post custom script failure.
116 118
 *   Mon Apr 09 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 10.2.0-3
117 119
 -   Revert regex changes to gosc scripts.
118 120
 *   Wed Mar 21 2018 Anish Swaminathan <anishs@vmware.com> 10.2.0-2
119 121
new file mode 100644
... ...
@@ -0,0 +1,82 @@
0
+Summary:        Library providing support for "XML Signature" and "XML Encryption" standards
1
+Name:           xmlsec1
2
+Version:        1.2.26
3
+Release:        1%{?dist}
4
+License:        MIT
5
+Group:          Applications/System
6
+Vendor:         VMware, Inc.
7
+Distribution:   Photon
8
+Url:            http://www.aleksey.com/xmlsec/
9
+Source0:        http://www.aleksey.com/xmlsec/download/%{name}-%{version}.tar.gz
10
+%define sha1 xmlsec1=d55d5be05eac1114e1d9b8655b602ce26f9f4a11
11
+BuildRequires: libxml2-devel
12
+BuildRequires: libltdl-devel
13
+
14
+%description
15
+XML Security Library is a C library based on LibXML2  and OpenSSL.
16
+The library was created with a goal to support major XML security
17
+standards "XML Digital Signature" and "XML Encryption".
18
+
19
+%package devel
20
+Summary: Libraries, includes, etc. to develop applications with XML Digital Signatures and XML Encryption support.
21
+Group: Development/Libraries
22
+Requires: %{name} = %{version}-%{release}
23
+
24
+%description devel
25
+Libraries, includes, etc. you can use to develop applications with XML Digital
26
+Signatures and XML Encryption support.
27
+
28
+%prep
29
+%setup -q
30
+
31
+%build
32
+%configure --disable-static
33
+make %{?_smp_mflags}
34
+
35
+%install
36
+rm -rf %{buildroot}
37
+make DESTDIR=%{buildroot} install
38
+
39
+%check
40
+make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}
41
+
42
+%post -p /sbin/ldconfig
43
+%postun -p /sbin/ldconfig
44
+
45
+%files
46
+%defattr(-, root, root)
47
+
48
+%{_prefix}/lib/libxmlsec1.so.1
49
+%{_prefix}/lib/libxmlsec1.so.1.2.26
50
+%{_prefix}/lib/libxmlsec1.so
51
+%{_prefix}/lib/libxmlsec1-nss.so.1
52
+%{_prefix}/lib/libxmlsec1-nss.so.1.2.26
53
+%{_prefix}/lib/libxmlsec1-nss.so
54
+%{_prefix}/lib/libxmlsec1-openssl.so.1
55
+%{_prefix}/lib/libxmlsec1-openssl.so.1.2.26
56
+%{_prefix}/lib/libxmlsec1-openssl.so
57
+%{_prefix}/bin/xmlsec1
58
+
59
+%files devel
60
+%defattr(-, root, root)
61
+
62
+%{_prefix}/bin/xmlsec1-config
63
+%{_prefix}/include/xmlsec1/xmlsec/*.h
64
+%{_prefix}/include/xmlsec1/xmlsec/private/*.h
65
+%{_prefix}/include/xmlsec1/xmlsec/nss/*.h
66
+%{_prefix}/include/xmlsec1/xmlsec/openssl/*.h
67
+%{_prefix}/lib/libxmlsec1.*a
68
+%{_prefix}/lib/libxmlsec1-nss.*a
69
+%{_prefix}/lib/libxmlsec1-openssl.*a
70
+%{_prefix}/lib/pkgconfig/xmlsec1.pc
71
+%{_prefix}/lib/pkgconfig/xmlsec1-nss.pc
72
+%{_prefix}/lib/pkgconfig/xmlsec1-openssl.pc
73
+%{_prefix}/lib/xmlsec1Conf.sh
74
+%{_prefix}/share/doc/xmlsec1/*
75
+%{_prefix}/share/aclocal/xmlsec1.m4
76
+%{_prefix}/share/man/man1/xmlsec1.1.gz
77
+%{_prefix}/share/man/man1/xmlsec1-config.1.gz
78
+
79
+%changelog
80
+*   Mon Jul 02 2018 Ankit Jain <ankitja@vmware.com> 1.2.26-1
81
+-   Initial version
... ...
@@ -8,6 +8,7 @@ from CommandUtils import CommandUtils
8 8
 from constants import constants
9 9
 from SpecData import SPECS
10 10
 import docker
11
+from distutils.version import LooseVersion
11 12
 
12 13
 class PackageBuilderBase(object):
13 14
     def __init__(self, mapPackageToCycles, pkgBuildType):
... ...
@@ -76,7 +77,7 @@ class PackageBuilderBase(object):
76 76
         packageIsAlreadyBuilt = True
77 77
         pkgUtils = PackageUtils(self.logName, self.logPath)
78 78
         for pkg in listRPMPackages:
79
-            if pkgUtils.findRPMFileForGivenPackage(pkg, index) is None:
79
+            if pkgUtils.findRPMFileForGivenPackage(pkg,"*", index) is None:
80 80
                 packageIsAlreadyBuilt = False
81 81
                 break
82 82
         return packageIsAlreadyBuilt
... ...
@@ -90,7 +91,40 @@ class PackageBuilderBase(object):
90 90
     def _findBuildTimeCheckRequiredPackages(self, index=0):
91 91
         return SPECS.getData().getCheckBuildRequiresForPackage(self.package, index)
92 92
 
93
-    def _installPackage(self, pkgUtils, package, instanceID, destLogPath,
93
+    def _findRunTimeRequiredRPMPackagesParseObj(self,rpmPackage):
94
+        listRequiredPackages=SPECS.getData().getRequiresParseObjForPackage(rpmPackage)
95
+        return listRequiredPackages
96
+
97
+    def _findBuildTimeRequiredPackagesParseObj(self, index):
98
+        listRequiredPackages=SPECS.getData().getBuildRequiresParseObjForPackage(self.package, index)
99
+        return listRequiredPackages
100
+
101
+    def _findBuildTimeCheckRequiredPackagesParseObj(self, index):
102
+        listRequiredPackages=SPECS.getData().getCheckBuildRequiresParseObjForPackage(self.package, index)
103
+        return listRequiredPackages
104
+
105
+    def _getProperVersion(self,package,parseSpecObj):
106
+        listOfVersionObjs=self.getSpecObj(package)
107
+        for num in listOfVersionObjs:
108
+                if parseSpecObj.compare == 'gte':
109
+                       if LooseVersion(num.version) >= LooseVersion(parseSpecObj.version):
110
+                                return num.version
111
+                elif parseSpecObj.compare == 'lte':
112
+                        if LooseVersion(num.version) <= LooseVersion(parseSpecObj.version):
113
+                                return num.version
114
+                elif parseSpecObj.compare == 'eq':
115
+                        if LooseVersion(num.version) == LooseVersion(parseSpecObj.version):
116
+                                return num.version
117
+                elif parseSpecObj.compare == 'lt':
118
+                        if LooseVersion(num.version) < LooseVersion(parseSpecObj.version):
119
+                                return num.version
120
+                elif parseSpecObj.compare == 'gt':
121
+                        if LooseVersion(num.version) > LooseVersion(parseSpecObj.version):
122
+                                return num.version
123
+        return "*"
124
+
125
+
126
+    def _installPackage(self, pkgUtils, package,packageVersion, instanceID, destLogPath,
94 127
                         listInstalledPackages, listInstalledRPMs):
95 128
         latestRPM = os.path.basename(
96 129
             pkgUtils.findRPMFileForGivenPackage(package)).replace(".rpm", "")
... ...
@@ -107,13 +141,14 @@ class PackageBuilderBase(object):
107 107
                 package in constants.noDepsPackageList):
108 108
             noDeps = True
109 109
         if self.pkgBuildType == "chroot":
110
-            pkgUtils.installRPM(package, instanceID, noDeps, destLogPath)
110
+            pkgUtils.installRPM(package, packageVersion,instanceID, noDeps, destLogPath)
111 111
         elif self.pkgBuildType == "container":
112
-            pkgUtils.prepRPMforInstallInContainer(package, instanceID, noDeps, destLogPath)
112
+            pkgUtils.prepRPMforInstallInContainer(package,packageVersion, instanceID, noDeps, destLogPath)
113 113
 
114 114
     def _installDependentRunTimePackages(self, pkgUtils, package, instanceID, destLogPath,
115 115
                                          listInstalledPackages, listInstalledRPMs):
116 116
         listRunTimeDependentPackages = self._findRunTimeRequiredRPMPackages(package)
117
+        listRunTimeDependentPackagesParseObj=self._findRunTimeRequiredRPMPackagesParseObj(package)
117 118
         if listRunTimeDependentPackages:
118 119
             for pkg in listRunTimeDependentPackages:
119 120
                 if pkg in self.mapPackageToCycles:
... ...
@@ -122,26 +157,40 @@ class PackageBuilderBase(object):
122 122
                     pkgUtils.findRPMFileForGivenPackage(pkg)).replace(".rpm", "")
123 123
                 if pkg in listInstalledPackages and latestPkgRPM in listInstalledRPMs:
124 124
                     continue
125
-                self._installPackage(pkgUtils, pkg, instanceID, destLogPath,
126
-                                     listInstalledPackages, listInstalledRPMs)
125
+                flag = False
126
+                for objName in listRunTimeDependentPackagesParseObj:
127
+                    if objName.package == pkg:
128
+                        properVersion=self._getProperVersion(pkg,objName)
129
+                        self._installPackage(pkgUtils, pkg,properVersion, instanceID, destLogPath,listInstalledPackages, listInstalledRPMs)
130
+                        flag = True
131
+                        break;
132
+                if flag == False:
133
+                        self._installPackage(pkgUtils, pkg,"*", instanceID, destLogPath,listInstalledPackages, listInstalledRPMs)
127 134
 
128 135
     def _findDependentPackagesAndInstalledRPM(self, instanceID, index=0):
129 136
         listInstalledPackages, listInstalledRPMs = self._findInstalledPackages(instanceID)
130 137
         self.logger.info(listInstalledPackages)
131 138
         listDependentPackages = self._findBuildTimeRequiredPackages(index)
139
+        listDependentPackagesParseObj=self._findBuildTimeRequiredPackagesParseObj(index)
132 140
         if constants.rpmCheck and self.package in constants.testForceRPMS:
133 141
             listDependentPackages.extend(self._findBuildTimeCheckRequiredPackages(index))
142
+            listDependentPackagesParseObj.extend(self._findBuildTimeCheckRequiredPackagesParseObj(index))
134 143
             testPackages = (set(constants.listMakeCheckRPMPkgtoInstall) -
135 144
                             set(listInstalledPackages) -
136 145
                             set([self.package]))
137 146
             listDependentPackages.extend(testPackages)
138 147
             listDependentPackages = list(set(listDependentPackages))
139
-        return listDependentPackages, listInstalledPackages, listInstalledRPMs
148
+            listDependentPackagesParseObj=list(set(listDependentPackagesParseObj))
149
+        return listDependentPackages, listDependentPackagesParseObj,listInstalledPackages, listInstalledRPMs
140 150
 
141 151
     @staticmethod
142 152
     def getNumOfVersions(package):
143 153
         return SPECS.getData().getNumberOfVersions(package)
144 154
 
155
+    @staticmethod
156
+    def getSpecObj(package):
157
+        return SPECS.getData().getSpecObj(package)
158
+
145 159
 class PackageBuilderContainer(PackageBuilderBase):
146 160
     def __init__(self, mapPackageToCycles, pkgBuildType):
147 161
         self.buildContainerImage = "photon_build_container:latest"
... ...
@@ -249,7 +298,7 @@ class PackageBuilderContainer(PackageBuilderBase):
249 249
                     constants.perPackageToolChain[self.package],
250 250
                     self.package)
251 251
 
252
-            listDependentPackages, listInstalledPackages, listInstalledRPMs = (
252
+            listDependentPackages,listDependentPackagesParseObj, listInstalledPackages, listInstalledRPMs = (
253 253
                 self._findDependentPackagesAndInstalledRPM(containerID, index))
254 254
 
255 255
             pkgUtils = PackageUtils(self.logName, self.logPath)
... ...
@@ -258,8 +307,15 @@ class PackageBuilderContainer(PackageBuilderBase):
258 258
                                  "Installing dependent packages..")
259 259
                 self.logger.info(listDependentPackages)
260 260
                 for pkg in listDependentPackages:
261
-                    self._installPackage(pkgUtils, pkg, containerID, destLogPath,
262
-                                         listInstalledPackages, listInstalledRPMs)
261
+                    flag = False
262
+                    for objName in listDependentPackagesParseObj:
263
+                        if objName.package == pkg:
264
+                                properVersion=self._getProperVersion(pkg,objName)
265
+                                self._installPackage(pkgUtils, pkg,properVersion, containerID, destLogPath,listInstalledPackages, listInstalledRPMs)
266
+                                flag = True
267
+                                break;
268
+                    if flag == False:
269
+                        self._installPackage(pkgUtils, pkg,"*", containerID, destLogPath,listInstalledPackages, listInstalledRPMs)
263 270
                 pkgUtils.installRPMSInAOneShotInContainer(containerID, destLogPath)
264 271
                 self.logger.info("Finished installing the build time dependent packages....")
265 272
 
... ...
@@ -329,7 +385,7 @@ class PackageBuilderChroot(PackageBuilderBase):
329 329
         chrootID = None
330 330
         try:
331 331
             chrootID = self._prepareBuildRoot()
332
-            listDependentPackages, listInstalledPackages, listInstalledRPMs = (
332
+            listDependentPackages,listDependentPackagesParseObj, listInstalledPackages, listInstalledRPMs = (
333 333
                 self._findDependentPackagesAndInstalledRPM(chrootID, index))
334 334
 
335 335
             pkgUtils = PackageUtils(self.logName, self.logPath)
... ...
@@ -337,8 +393,15 @@ class PackageBuilderChroot(PackageBuilderBase):
337 337
             if listDependentPackages:
338 338
                 self.logger.info("Installing the build time dependent packages......")
339 339
                 for pkg in listDependentPackages:
340
-                    self._installPackage(pkgUtils, pkg, chrootID, self.logPath,
341
-                                         listInstalledPackages, listInstalledRPMs)
340
+                    flag = False
341
+                    for objName in listDependentPackagesParseObj:
342
+                        if objName.package == pkg:
343
+                                properVersion=self._getProperVersion(pkg,objName)
344
+                                self._installPackage(pkgUtils, pkg,properVersion, chrootID, self.logPath,listInstalledPackages, listInstalledRPMs)
345
+                                flag = True
346
+                                break;
347
+                    if flag == False:
348
+                        self._installPackage(pkgUtils, pkg,"*", chrootID, self.logPath,listInstalledPackages, listInstalledRPMs)
342 349
                 pkgUtils.installRPMSInAOneShot(chrootID, self.logPath)
343 350
                 self.logger.info("Finished installing the build time dependent packages....")
344 351
 
... ...
@@ -41,11 +41,11 @@ class PackageUtils(object):
41 41
         self.rpmFilesToReInstallInAOneShot = ""
42 42
         self.noDepsRPMFilesToReInstallInAOneShot = ""
43 43
 
44
-    def installRPM(self, package, chrootID, noDeps=False, destLogPath=None):
44
+    def installRPM(self, package,version, chrootID, noDeps=False, destLogPath=None):
45 45
 #        self.logger.info("Installing rpm for package:"+package)
46 46
 #        self.logger.debug("No deps:"+str(noDeps))
47 47
 
48
-        rpmfile = self.findRPMFileForGivenPackage(package)
48
+        rpmfile = self.findRPMFileForGivenPackage(package,version)
49 49
         if rpmfile is None:
50 50
             self.logger.error("No rpm file found for package:" + package)
51 51
             raise Exception("Missing rpm file: " + package)
... ...
@@ -143,10 +143,12 @@ class PackageUtils(object):
143 143
         for srpmFile in listSRPMFiles:
144 144
             srpmDestFile = self._copyRPM(chrootID + "/" + srpmFile, constants.sourceRpmPath)
145 145
 
146
-    def findRPMFileForGivenPackage(self, package, index=0):
146
+    def findRPMFileForGivenPackage(self, package,version="*", index=0):
147 147
         cmdUtils = CommandUtils()
148
-        version = SPECS.getData().getVersion(package, index)
149
-        release = SPECS.getData().getRelease(package, index)
148
+        release = "*"
149
+        if version == "*":
150
+                version = SPECS.getData().getVersion(package, index)
151
+                release = SPECS.getData().getRelease(package, index)
150 152
         listFoundRPMFiles = sum([cmdUtils.findFile(package + "-" + version + "-" + release + "." +
151 153
                                                    platform.machine()+".rpm",
152 154
                                                    constants.rpmPath),
... ...
@@ -220,8 +222,8 @@ class PackageUtils(object):
220 220
         self.logger.error("Failed while adjusting gcc specs")
221 221
         raise Exception("Failed while adjusting gcc specs")
222 222
 
223
-    def prepRPMforInstallInContainer(self, package, containerID, noDeps=False, destLogPath=None):
224
-        rpmfile = self.findRPMFileForGivenPackage(package)
223
+    def prepRPMforInstallInContainer(self, package,version, containerID, noDeps=False, destLogPath=None):
224
+        rpmfile = self.findRPMFileForGivenPackage(package,version)
225 225
         if rpmfile is None:
226 226
             self.logger.error("No rpm file found for package: " + package)
227 227
             raise Exception("Missing rpm file")
... ...
@@ -21,6 +21,9 @@ class SpecObject(object):
21 21
         self.checkBuildRequirePackages = []
22 22
         self.installRequiresAllPackages = []
23 23
         self.installRequiresPackages = {}
24
+        self.specParseObjBuildRequirePackages = []
25
+        self.specParseObjInstallRequiresPackages=[]
26
+        self.specParseObjCheckBuildRequirePackages=[]
24 27
         self.specFile = ""
25 28
         self.listSources = []
26 29
         self.checksums = {}
... ...
@@ -47,9 +50,9 @@ class SpecObjectsUtils(object):
47 47
             specName = spec.getBasePackageName()
48 48
             specObj = SpecObject()
49 49
             specObj.name = specName
50
-            specObj.buildRequirePackages = spec.getBuildRequiresAllPackages()
51
-            specObj.installRequiresAllPackages = spec.getRequiresAllPackages()
52
-            specObj.checkBuildRequirePackages = spec.getCheckBuildRequiresAllPackages()
50
+            specObj.buildRequirePackages,specObj.specParseObjBuildRequirePackages = spec.getBuildRequiresAllPackages()
51
+            specObj.installRequiresAllPackages,specObj.specParseObjInstallRequiresPackages = spec.getRequiresAllPackages()
52
+            specObj.checkBuildRequirePackages,specObj.specParseObjCheckBuildRequirePackages = spec.getCheckBuildRequiresAllPackages()
53 53
             specObj.listPackages = spec.getPackageNames()
54 54
             specObj.specFile = specFile
55 55
             specObj.version = spec.getVersion()
... ...
@@ -107,6 +110,22 @@ class SpecObjectsUtils(object):
107 107
         specName = self.getSpecName(package)
108 108
         return self.mapSpecObjects[specName][index].checkBuildRequirePackages
109 109
 
110
+    def getBuildRequiresParseObjForPackage(self, package, index=0):
111
+        specName=self.getSpecName(package)
112
+        return self.mapSpecObjects[specName][index].specParseObjBuildRequirePackages
113
+
114
+    def getRequiresParseObjForPackage(self, package, index=0):
115
+        specName=self.getSpecName(package)
116
+        return self.mapSpecObjects[specName][index].specParseObjInstallRequiresPackages
117
+
118
+    def getCheckBuildRequiresParseObjForPackage(self, package, index=0):
119
+        specName=self.getSpecName(package)
120
+        return self.mapSpecObjects[specName][index].specParseObjCheckBuildRequirePackages
121
+
122
+    def getSpecObj(self, package):
123
+        specName=self.getSpecName(package)
124
+        return self.mapSpecObjects[specName]
125
+
110 126
     def getRelease(self, package, index=0):
111 127
         specName = self.getSpecName(package)
112 128
         return self.mapSpecObjects[specName][index].release
... ...
@@ -92,35 +92,52 @@ class Specutils(object):
92 92
 
93 93
     def getRequiresAllPackages(self):
94 94
         dependentPackages = []
95
+        specParseObjDependentPackages=[]
95 96
         for pkg in self.spec.packages.values():
96 97
             for dpkg in pkg.requires:
97 98
                 dependentPackages.append(dpkg.package)
99
+                specParseObjDependentPackages.append(dpkg)
98 100
         dependentPackages = list(set(dependentPackages))
101
+        specParseObjDependentPackages = list(set(specParseObjDependentPackages))
102
+        specParseObjDependentPackagesTemp = specParseObjDependentPackages[:]
99 103
         packageNames = self.getPackageNames()
100 104
         for pkgName in packageNames:
101 105
             if pkgName in dependentPackages:
102 106
                 dependentPackages.remove(pkgName)
103
-        return dependentPackages
107
+            for objName in specParseObjDependentPackagesTemp:
108
+                if objName.package == pkgName:
109
+                        specParseObjDependentPackages.remove(objName)
110
+        return dependentPackages,specParseObjDependentPackages
104 111
 
105 112
     def getBuildRequiresAllPackages(self):
106 113
         dependentPackages = []
114
+        specParseObjDependentPackages=[]
107 115
         for pkg in self.spec.packages.values():
108 116
             for dpkg in pkg.buildrequires:
109 117
                 dependentPackages.append(dpkg.package)
118
+                specParseObjDependentPackages.append(dpkg)
110 119
         dependentPackages = list(set(dependentPackages))
120
+        specParseObjDependentPackages = list(set(specParseObjDependentPackages))
121
+        specParseObjDependentPackagesTemp = specParseObjDependentPackages[:]
111 122
         packageNames = self.getPackageNames()
112 123
         for pkgName in packageNames:
113 124
             if pkgName in dependentPackages:
114 125
                 dependentPackages.remove(pkgName)
115
-        return dependentPackages
126
+            for objName in specParseObjDependentPackagesTemp:
127
+                if objName.package == pkgName:
128
+                        specParseObjDependentPackages.remove(objName)
129
+        return dependentPackages,specParseObjDependentPackages
116 130
 
117 131
     def getCheckBuildRequiresAllPackages(self):
118 132
         dependentPackages = []
133
+        specParseObjDependentPackages=[]
119 134
         for pkg in self.spec.packages.values():
120 135
             for dpkg in pkg.checkbuildrequires:
121 136
                 dependentPackages.append(dpkg.package)
137
+                specParseObjDependentPackages.append(dpkg)
122 138
         dependentPackages = list(set(dependentPackages))
123
-        return dependentPackages
139
+        specParseObjDependentPackages = list(set(specParseObjDependentPackages))
140
+        return dependentPackages,specParseObjDependentPackages
124 141
 
125 142
     def getRequires(self, pkgName):
126 143
         dependentPackages = []
127 144
new file mode 100755
... ...
@@ -0,0 +1,18 @@
0
+#! /bin/sh
1
+
2
+specs="linux-api-headers/linux-api-headers.spec linux/linux.spec linux/linux-esx.spec linux/linux-secure.spec linux/linux-aws.spec"
3
+
4
+tarball_url=`curl -s https://www.kernel.org  | grep -Eo 'https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.14.[0-9]*.tar.xz'`
5
+tarball=$(basename $tarball_url)
6
+version=`echo $tarball | sed 's/linux-//; s/.tar.xz//'`
7
+echo latest linux version: $version
8
+test -f stage/SOURCES/$tarball && echo up to date && exit 0
9
+$(cd stage/SOURCES && wget $tarball_url)
10
+sha1=`sha1sum stage/SOURCES/$tarball | awk '{print $1}'`
11
+changelog_entry=$(echo "`date +"%a %b %d %Y"` `git config user.name` <`git config user.email`> $version-1")
12
+for spec in $specs; do
13
+	sed -i '/^Version:/ s/4.14.[0-9]*/'$version'/' SPECS/$spec
14
+	sed -i '/^Release:/ s/[0-9]*%/1%/' SPECS/$spec
15
+	sed -i '/^%define sha1 linux/ s/=[0-9a-f]*$/='$sha1'/' SPECS/$spec
16
+	sed -i '/^%changelog/a*   '"$changelog_entry"'\n-   Update to version '"$version"'' SPECS/$spec
17
+done
0 18
deleted file mode 100755
... ...
@@ -1,18 +0,0 @@
1
-#! /bin/sh
2
-
3
-specs="linux-api-headers/linux-api-headers.spec linux/linux.spec linux/linux-esx.spec linux/linux-secure.spec linux/linux-aws.spec"
4
-
5
-tarball_url=`curl -s https://www.kernel.org  | grep -Eo 'https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.9.[0-9]*.tar.xz'`
6
-tarball=$(basename $tarball_url)
7
-version=`echo $tarball | sed 's/linux-//; s/.tar.xz//'`
8
-echo latest linux version: $version
9
-test -f stage/SOURCES/$tarball && echo up to date && exit 0
10
-$(cd stage/SOURCES && wget $tarball_url)
11
-sha1=`sha1sum stage/SOURCES/$tarball | awk '{print $1}'`
12
-changelog_entry=$(echo "`date +"%a %b %d %Y"` `git config user.name` <`git config user.email`> $version-1")
13
-for spec in $specs; do
14
-	sed -i '/^Version:/ s/4.9.[0-9]*/'$version'/' SPECS/$spec
15
-	sed -i '/^Release:/ s/[0-9]*%/1%/' SPECS/$spec
16
-	sed -i '/^%define sha1 linux/ s/=[0-9a-f]*$/='$sha1'/' SPECS/$spec
17
-	sed -i '/^%changelog/a*   '"$changelog_entry"'\n-   Update to version '"$version"'' SPECS/$spec
18
-done