@@ -1,6 +1,6 @@

 Summary:	Linux API header files

 Name:		linux-api-headers

-Version:	4.19.15

+Version:	4.19.26

 Release:	1%{?dist}

 License:	GPLv2

 URL:		http://www.kernel.org/

@@ -8,7 +8,7 @@ Group:		System Environment/Kernel

 Vendor:		VMware, Inc.

 Distribution: Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=fb970b2014ecf9dcef23943f8095b28dfe0d6cca

+%define sha1 linux=18b659da3a2f7eaef7b16a3c468bed9f7071c17a

 BuildArch:	noarch

 %description

 The Linux API Headers expose the kernel's API for use by Glibc.

@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de

 %defattr(-,root,root)

 %{_includedir}/*

 %changelog

+*   Tue Mar 05 2019 Ajay Kaher <akaher@vmware.com> 4.19.26-1

+-   Update to version 4.19.26

 *   Tue Jan 15 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.15-1

 -   Update to version 4.19.15

 *   Mon Dec 10 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.6-1

@@ -28,21 +28,21 @@ values at runtime.

  3 files changed, 377 insertions(+), 4 deletions(-)

-diff -ur linux-4.19.1/drivers/pci/pci.c linux-4.19.1_new/drivers/pci/pci.c

-+++ linux-4.19.1_new/drivers/pci/pci.c	2018-11-08 01:59:21.813106907 +0000

-@@ -6116,6 +6116,8 @@

- 				pci_add_flags(PCI_SCAN_ALL_PCIE_DEVS);

+diff -ur linux-4.19.26/drivers/pci/pci.c linux-4.19.26_new/drivers/pci/pci.c

+--- linux-4.19.26/drivers/pci/pci.c	2019-02-27 14:39:03.000000000 +0530

+@@ -6115,6 +6115,8 @@

  			} else if (!strncmp(str, "disable_acs_redir=", 18)) {

- 				disable_acs_redir_param = str + 18;

+ 				disable_acs_redir_param =

+ 					kstrdup(str + 18, GFP_KERNEL);

 +			} else if (!strncmp(str, "scan_all", 8)) {

 +				pci_scan_all();

  			} else {

  				printk(KERN_ERR "PCI: Unknown option `%s'\n",

  						str);

-diff -ur linux-4.19.1/drivers/pci/pci.h linux-4.19.1_new/drivers/pci/pci.h

-+++ linux-4.19.1_new/drivers/pci/pci.h	2018-11-08 01:57:51.917110565 +0000

+diff -ur linux-4.19.26/drivers/pci/pci.h linux-4.19.26_new/drivers/pci/pci.h

+--- linux-4.19.26/drivers/pci/pci.h	2019-02-27 14:39:03.000000000 +0530

 @@ -147,6 +147,8 @@

  static inline void pci_no_msi(void) { }

  #endif

@@ -52,9 +52,9 @@ diff -ur linux-4.19.1/drivers/pci/pci.h linux-4.19.1_new/drivers/pci/pci.h

  static inline void pci_msi_set_enable(struct pci_dev *dev, int enable)

  {

  	u16 control;

-diff -ur linux-4.19.1/drivers/pci/probe.c linux-4.19.1_new/drivers/pci/probe.c

-+++ linux-4.19.1_new/drivers/pci/probe.c	2018-11-08 01:57:51.917110565 +0000

+diff -ur linux-4.19.26/drivers/pci/probe.c linux-4.19.26_new/drivers/pci/probe.c

+--- linux-4.19.26/drivers/pci/probe.c	2019-02-27 14:39:03.000000000 +0530

 @@ -168,6 +168,346 @@

  #define PCI_COMMAND_DECODE_ENABLE	(PCI_COMMAND_MEMORY | PCI_COMMAND_IO)

@@ -1,6 +1,6 @@

 #

 # Automatically generated file; DO NOT EDIT.

-# Linux/x86 4.19.15 Kernel Configuration

+# Linux/x86 4.19.26 Kernel Configuration

 #

 #

@@ -3430,6 +3430,7 @@ CONFIG_DRM_KMS_HELPER=y

 CONFIG_DRM_KMS_FB_HELPER=y

 CONFIG_DRM_FBDEV_EMULATION=y

 CONFIG_DRM_FBDEV_OVERALLOC=100

+# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set

 # CONFIG_DRM_LOAD_EDID_FIRMWARE is not set

 # CONFIG_DRM_DP_CEC is not set

 CONFIG_DRM_TTM=y

@@ -5255,7 +5256,6 @@ CONFIG_CIFS_STATS2=y

 # CONFIG_CIFS_ALLOW_INSECURE_LEGACY is not set

 CONFIG_CIFS_UPCALL=y

 CONFIG_CIFS_XATTR=y

-CONFIG_CIFS_POSIX=y

 CONFIG_CIFS_ACL=y

 CONFIG_CIFS_DEBUG=y

 # CONFIG_CIFS_DEBUG2 is not set

@@ -1,6 +1,6 @@

 #

 # Automatically generated file; DO NOT EDIT.

-# Linux/x86 4.19.6 Kernel Configuration

+# Linux/x86 4.19.26 Kernel Configuration

 #

 #

@@ -93,6 +93,7 @@ CONFIG_PREEMPT_NONE=y

 CONFIG_TICK_CPU_ACCOUNTING=y

 # CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set

 # CONFIG_IRQ_TIME_ACCOUNTING is not set

+CONFIG_HAVE_SCHED_AVG_IRQ=y

 CONFIG_BSD_PROCESS_ACCT=y

 CONFIG_BSD_PROCESS_ACCT_V3=y

 CONFIG_TASKSTATS=y

@@ -2883,6 +2884,7 @@ CONFIG_DRM_KMS_HELPER=y

 CONFIG_DRM_KMS_FB_HELPER=y

 CONFIG_DRM_FBDEV_EMULATION=y

 CONFIG_DRM_FBDEV_OVERALLOC=100

+# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set

 # CONFIG_DRM_LOAD_EDID_FIRMWARE is not set

 # CONFIG_DRM_DP_CEC is not set

 CONFIG_DRM_TTM=y

@@ -3966,7 +3968,6 @@ CONFIG_CIFS_STATS2=y

 # CONFIG_CIFS_ALLOW_INSECURE_LEGACY is not set

 CONFIG_CIFS_UPCALL=y

 CONFIG_CIFS_XATTR=y

-CONFIG_CIFS_POSIX=y

 CONFIG_CIFS_ACL=y

 CONFIG_CIFS_DEBUG=y

 # CONFIG_CIFS_DEBUG2 is not set

@@ -1,6 +1,6 @@

 #

 # Automatically generated file; DO NOT EDIT.

-# Linux/x86 4.19.15 Kernel Configuration

+# Linux/x86 4.19.26 Kernel Configuration

 #

 #

@@ -3088,6 +3088,7 @@ CONFIG_DRM_KMS_HELPER=y

 CONFIG_DRM_KMS_FB_HELPER=y

 CONFIG_DRM_FBDEV_EMULATION=y

 CONFIG_DRM_FBDEV_OVERALLOC=100

+# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set

 # CONFIG_DRM_LOAD_EDID_FIRMWARE is not set

 # CONFIG_DRM_DP_CEC is not set

 CONFIG_DRM_TTM=y

@@ -4330,7 +4331,6 @@ CONFIG_CIFS_STATS2=y

 # CONFIG_CIFS_ALLOW_INSECURE_LEGACY is not set

 CONFIG_CIFS_UPCALL=y

 CONFIG_CIFS_XATTR=y

-CONFIG_CIFS_POSIX=y

 CONFIG_CIFS_ACL=y

 CONFIG_CIFS_DEBUG=y

 # CONFIG_CIFS_DEBUG2 is not set

deleted file mode 100644

@@ -1,115 +0,0 @@

-KASAN has found use-after-free in sockfs_setattr.

-The existed commit 6d8c50dcb029 ("socket: close race condition between sock_close()

-and sockfs_setattr()") is to fix this simillar issue, but it seems to ignore

-that crypto module forgets to set the sk to NULL after af_alg_release.

-

-KASAN report details as below:

-BUG: KASAN: use-after-free in sockfs_setattr+0x120/0x150

-Write of size 4 at addr ffff88837b956128 by task syz-executor0/4186

-

-CPU: 2 PID: 4186 Comm: syz-executor0 Not tainted xxx + #1

-Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS

-1.10.2-1ubuntu1 04/01/2014

-Call Trace:

- dump_stack+0xca/0x13e

- print_address_description+0x79/0x330

- ? vprintk_func+0x5e/0xf0

- kasan_report+0x18a/0x2e0

- ? sockfs_setattr+0x120/0x150

- sockfs_setattr+0x120/0x150

- ? sock_register+0x2d0/0x2d0

- notify_change+0x90c/0xd40

- ? chown_common+0x2ef/0x510

- chown_common+0x2ef/0x510

- ? chmod_common+0x3b0/0x3b0

- ? __lock_is_held+0xbc/0x160

- ? __sb_start_write+0x13d/0x2b0

- ? __mnt_want_write+0x19a/0x250

- do_fchownat+0x15c/0x190

- ? __ia32_sys_chmod+0x80/0x80

- ? trace_hardirqs_on_thunk+0x1a/0x1c

- __x64_sys_fchownat+0xbf/0x160

- ? lockdep_hardirqs_on+0x39a/0x5e0

- do_syscall_64+0xc8/0x580

- entry_SYSCALL_64_after_hwframe+0x49/0xbe

-RIP: 0033:0x462589

-Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89

-f7 48 89 d6 48 89

-ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3

-48 c7 c1 bc ff ff

-ff f7 d8 64 89 01 48

-RSP: 002b:00007fb4b2c83c58 EFLAGS: 00000246 ORIG_RAX: 0000000000000104

-RAX: ffffffffffffffda RBX: 000000000072bfa0 RCX: 0000000000462589

-RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000007

-RBP: 0000000000000005 R08: 0000000000001000 R09: 0000000000000000

-R10: 0000000000000000 R11: 0000000000000246 R12: 00007fb4b2c846bc

-R13: 00000000004bc733 R14: 00000000006f5138 R15: 00000000ffffffff

-

-Allocated by task 4185:

- kasan_kmalloc+0xa0/0xd0

- __kmalloc+0x14a/0x350

- sk_prot_alloc+0xf6/0x290

- sk_alloc+0x3d/0xc00

- af_alg_accept+0x9e/0x670

- hash_accept+0x4a3/0x650

- __sys_accept4+0x306/0x5c0

- __x64_sys_accept4+0x98/0x100

- do_syscall_64+0xc8/0x580

- entry_SYSCALL_64_after_hwframe+0x49/0xbe

-

-Freed by task 4184:

- __kasan_slab_free+0x12e/0x180

- kfree+0xeb/0x2f0

- __sk_destruct+0x4e6/0x6a0

- sk_destruct+0x48/0x70

- __sk_free+0xa9/0x270

- sk_free+0x2a/0x30

- af_alg_release+0x5c/0x70

- __sock_release+0xd3/0x280

- sock_close+0x1a/0x20

- __fput+0x27f/0x7f0

- task_work_run+0x136/0x1b0

- exit_to_usermode_loop+0x1a7/0x1d0

- do_syscall_64+0x461/0x580

- entry_SYSCALL_64_after_hwframe+0x49/0xbe

-

-Syzkaller reproducer:

-r0 = perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0,

-0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

-0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,

-0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0,

-0xffffffffffffffff, 0x0)

-r1 = socket$alg(0x26, 0x5, 0x0)

-getrusage(0x0, 0x0)

-bind(r1, &(0x7f00000001c0)=@alg={0x26, 'hash\x00', 0x0, 0x0,

-'sha256-ssse3\x00'}, 0x80)

-r2 = accept(r1, 0x0, 0x0)

-r3 = accept4$unix(r2, 0x0, 0x0, 0x0)

-r4 = dup3(r3, r0, 0x0)

-fchownat(r4, &(0x7f00000000c0)='\x00', 0x0, 0x0, 0x1000)

-

-Fixes: 6d8c50dcb029 ("socket: close race condition between sock_close() and sockfs_setattr()")

-Signed-off-by: Mao Wenan <maowenan@huawei.com>

- crypto/af_alg.c | 4 +++-

- 1 file changed, 3 insertions(+), 1 deletion(-)

-

-diff --git a/crypto/af_alg.c b/crypto/af_alg.c

-index 17eb09d..ec78a04 100644

-+++ b/crypto/af_alg.c

-@@ -122,8 +122,10 @@ static void alg_do_release(const struct af_alg_type *type, void *private)

- 

- int af_alg_release(struct socket *sock)

- {

--	if (sock->sk)

-+	if (sock->sk) {

- 		sock_put(sock->sk);

-+		sock->sk = NULL;

-+	}

- 	return 0;

- }

- EXPORT_SYMBOL_GPL(af_alg_release);

-2.7.4

-

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-aws

-Version:        4.19.15

-Release:        2%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.26

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=fb970b2014ecf9dcef23943f8095b28dfe0d6cca

+%define sha1 linux=18b659da3a2f7eaef7b16a3c468bed9f7071c17a

 Source1:	config-aws

 Source2:	initramfs.trigger

 # common

@@ -35,8 +35,6 @@ Patch29:        4.17-0001-apparmor-patch-to-provide-compatibility-with-v2.x-ne.p

 Patch30:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch31:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

 Patch32:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

-#Fix CVE-2019-8912

-Patch33:        fix_use_after_free_in_sockfs_setattr.patch

 # Amazon AWS

 Patch101: 0002-watchdog-Disable-watchdog-on-virtual-machines.patch

@@ -154,7 +152,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel.

 %patch30 -p1

 %patch31 -p1

 %patch32 -p1

-%patch33 -p1

 %patch101 -p1

 %patch102 -p1

@@ -359,6 +356,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 %{_libdir}/perf/include/bpf/*

 %changelog

+*   Tue Mar 05 2019 Ajay Kaher <akaher@vmware.com> 4.19.26-1

+-   Update to version 4.19.26

 *   Thu Feb 21 2019 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.19.15-2

 -   Fix CVE-2019-8912

 *   Tue Jan 15 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.15-1

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-esx

-Version:        4.19.15

-Release:        2%{?dist}

+Version:        4.19.26

+Release:        1%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=fb970b2014ecf9dcef23943f8095b28dfe0d6cca

+%define sha1 linux=18b659da3a2f7eaef7b16a3c468bed9f7071c17a

 Source1:        config-esx

 Source2:        initramfs.trigger

 # common

@@ -39,8 +39,6 @@ Patch25:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.p

 Patch26:        4.17-0001-apparmor-patch-to-provide-compatibility-with-v2.x-ne.patch

 Patch27:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch28:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

-#Fix CVE-2019-8912

-Patch29:        fix_use_after_free_in_sockfs_setattr.patch

 BuildArch:     x86_64

 BuildRequires: bc

@@ -99,7 +97,6 @@ The Linux package contains the Linux kernel doc files

 %patch26 -p1

 %patch27 -p1

 %patch28 -p1

-%patch29 -p1

 %build

 # patch vmw_balloon driver

@@ -196,6 +193,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Tue Mar 05 2019 Ajay Kaher <akaher@vmware.com> 4.19.26-1

+-   Update to version 4.19.26

 *   Thu Feb 21 2019 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.19.15-2

 -   Fix CVE-2019-8912

 *   Tue Jan 15 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.15-1

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux-secure

-Version:        4.19.15

-Release:        2%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.26

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:        GPLv2

 URL:            http://www.kernel.org/

 Group:          System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=fb970b2014ecf9dcef23943f8095b28dfe0d6cca

+%define sha1 linux=18b659da3a2f7eaef7b16a3c468bed9f7071c17a

 Source1:        config-secure

 Source2:        initramfs.trigger

 # common

@@ -38,9 +38,6 @@ Patch32:        4.17-0001-apparmor-patch-to-provide-compatibility-with-v2.x-ne.p

 Patch33:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch34:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

 Patch35:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

-#Fix CVE-2019-8912

-Patch36:        fix_use_after_free_in_sockfs_setattr.patch

-

 # NSX requirements (should be removed)

 Patch99:        LKCM.patch

@@ -111,7 +108,6 @@ The Linux package contains the Linux kernel doc files

 %patch33 -p1

 %patch34 -p1

 %patch35 -p1

-%patch36 -p1

 pushd ..

 %patch99 -p0

@@ -239,6 +235,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg

 /usr/src/linux-headers-%{uname_r}

 %changelog

+*   Tue Mar 05 2019 Ajay Kaher <akaher@vmware.com> 4.19.26-1

+-   Update to version 4.19.26

 *   Thu Feb 21 2019 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.19.15-2

 -   Fix CVE-2019-8912

 *   Tue Jan 15 2019 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.19.15-1

@@ -1,15 +1,15 @@

 %global security_hardening none

 Summary:        Kernel

 Name:           linux

-Version:        4.19.15

-Release:        3%{?kat_build:.%kat_build}%{?dist}

+Version:        4.19.26

+Release:        1%{?kat_build:.%kat_build}%{?dist}

 License:    	GPLv2

 URL:        	http://www.kernel.org/

 Group:        	System Environment/Kernel

 Vendor:         VMware, Inc.

 Distribution: 	Photon

 Source0:        http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz

-%define sha1 linux=fb970b2014ecf9dcef23943f8095b28dfe0d6cca

+%define sha1 linux=18b659da3a2f7eaef7b16a3c468bed9f7071c17a

 Source1:	config

 Source2:	initramfs.trigger

 %define ena_version 1.6.0

@@ -43,8 +43,6 @@ Patch29:        4.17-0001-apparmor-patch-to-provide-compatibility-with-v2.x-ne.p

 Patch30:        4.17-0002-apparmor-af_unix-mediation.patch

 Patch31:        4.17-0003-apparmor-fix-use-after-free-in-sk_peer_label.patch

 Patch32:        4.18-0001-hwrng-rdrand-Add-RNG-driver-based-on-x86-rdrand-inst.patch

-#Fix CVE-2019-8912

-Patch33:	fix_use_after_free_in_sockfs_setattr.patch

 %ifarch aarch64

 # NXP LS1012a FRWY patches

@@ -182,7 +180,6 @@ Kernel Device Tree Blob files for NXP ls1012a FRWY board

 %patch30 -p1

 %patch31 -p1

 %patch32 -p1

-%patch33 -p1

 %ifarch aarch64

 # NXP FSL_PPFE Driver patches

@@ -441,6 +438,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg

 %endif

 %changelog

+*   Tue Mar 05 2019 Ajay Kaher <akaher@vmware.com> 4.19.26-1

+-   Update to version 4.19.26

 *   Thu Feb 21 2019 Him Kalyan Bordoloi <bordoloih@vmware.com> 4.19.15-3

 -   Fix CVE-2019-8912

 *   Thu Jan 24 2019 Alexey Makhalov <amakhalov@vmware.com> 4.19.15-2

@@ -1,9 +1,9 @@

 diff --git a/drivers/usb/class/cdc-acm.c b/drivers/usb/class/cdc-acm.c

-index 3b9aadd007f5..96a55ea46c25 100644

+index 08b8aa5..62a662d 100644

 --- a/drivers/usb/class/cdc-acm.c

 +++ b/drivers/usb/class/cdc-acm.c

-@@ -1942,6 +1942,20 @@ static const struct usb_device_id acm_ids[] = {

- 	.driver_info = IGNORE_DEVICE,

+@@ -1887,6 +1887,20 @@ static const struct usb_device_id acm_ids[] = {

+ 	.driver_info = SEND_ZERO_PACKET,

  	},

 +	/* Exclude Exar USB serial ports */