While at it, remove the alarmtimer fix (included in 4.4.160) and the
ext4 magic number fix (included in 4.4.161).
Change-Id: I878026ebeec42deb1f554f84af72073b17d2cab1
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5925
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
Summary: Linux API header files |
2 | 2 |
Name: linux-api-headers |
3 |
-Version: 4.4.157 |
|
3 |
+Version: 4.4.161 |
|
4 | 4 |
Release: 1%{?dist} |
5 | 5 |
License: GPLv2 |
6 | 6 |
URL: http://www.kernel.org/ |
... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
8 | 8 |
Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
11 |
-%define sha1 linux=6ba64a589f986cc8353794e5ead36892e5da7a40 |
|
11 |
+%define sha1 linux=9f1c41d4863a5322a0b2e3f527c96637b30c2cd0 |
|
12 | 12 |
BuildArch: noarch |
13 | 13 |
# From SPECS/linux and used by linux-esx only |
14 | 14 |
# It provides f*xattrat syscalls |
... | ... |
@@ -29,6 +29,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de |
29 | 29 |
%defattr(-,root,root) |
30 | 30 |
%{_includedir}/* |
31 | 31 |
%changelog |
32 |
+* Mon Oct 15 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.161-1 |
|
33 |
+- Update to version 4.4.161 |
|
32 | 34 |
* Mon Sep 24 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.157-1 |
33 | 35 |
- Update to version 4.4.157 |
34 | 36 |
* Tue Sep 04 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.153-1 |
35 | 37 |
deleted file mode 100644 |
... | ... |
@@ -1,51 +0,0 @@ |
1 |
-From 5f936e19cc0ef97dbe3a56e9498922ad5ba1edef Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Thomas Gleixner <tglx@linutronix.de> |
|
3 |
-Date: Mon, 2 Jul 2018 09:34:29 +0200 |
|
4 |
-Subject: [PATCH] alarmtimer: Prevent overflow for relative nanosleep |
|
5 |
- |
|
6 |
-commit 5f936e19cc0ef97dbe3a56e9498922ad5ba1edef upstream. |
|
7 |
- |
|
8 |
-Air Icy reported: |
|
9 |
- |
|
10 |
- UBSAN: Undefined behaviour in kernel/time/alarmtimer.c:811:7 |
|
11 |
- signed integer overflow: |
|
12 |
- 1529859276030040771 + 9223372036854775807 cannot be represented in type 'long long int' |
|
13 |
- Call Trace: |
|
14 |
- alarm_timer_nsleep+0x44c/0x510 kernel/time/alarmtimer.c:811 |
|
15 |
- __do_sys_clock_nanosleep kernel/time/posix-timers.c:1235 [inline] |
|
16 |
- __se_sys_clock_nanosleep kernel/time/posix-timers.c:1213 [inline] |
|
17 |
- __x64_sys_clock_nanosleep+0x326/0x4e0 kernel/time/posix-timers.c:1213 |
|
18 |
- do_syscall_64+0xb8/0x3a0 arch/x86/entry/common.c:290 |
|
19 |
- |
|
20 |
-alarm_timer_nsleep() uses ktime_add() to add the current time and the |
|
21 |
-relative expiry value. ktime_add() has no sanity checks so the addition |
|
22 |
-can overflow when the relative timeout is large enough. |
|
23 |
- |
|
24 |
-Use ktime_add_safe() which has the necessary sanity checks in place and |
|
25 |
-limits the result to the valid range. |
|
26 |
- |
|
27 |
-Fixes: 9a7adcf5c6de ("timers: Posix interface for alarm-timers") |
|
28 |
-Reported-by: Team OWL337 <icytxw@gmail.com> |
|
29 |
-Signed-off-by: Thomas Gleixner <tglx@linutronix.de> |
|
30 |
-Cc: John Stultz <john.stultz@linaro.org> |
|
31 |
-Link: https://lkml.kernel.org/r/alpine.DEB.2.21.1807020926360.1595@nanos.tec.linutronix.de |
|
32 |
-[ Srivatsa: Backported to 4.4.y ] |
|
33 |
-Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> |
|
34 |
- kernel/time/alarmtimer.c | 3 ++- |
|
35 |
- 1 file changed, 2 insertions(+), 1 deletion(-) |
|
36 |
- |
|
37 |
-diff --git a/kernel/time/alarmtimer.c b/kernel/time/alarmtimer.c |
|
38 |
-index 6fcc367..e78480b 100644 |
|
39 |
-+++ b/kernel/time/alarmtimer.c |
|
40 |
-@@ -773,7 +773,8 @@ static int alarm_timer_nsleep(const clockid_t which_clock, int flags, |
|
41 |
- /* Convert (if necessary) to absolute time */ |
|
42 |
- if (flags != TIMER_ABSTIME) { |
|
43 |
- ktime_t now = alarm_bases[type].gettime(); |
|
44 |
-- exp = ktime_add(now, exp); |
|
45 |
-+ |
|
46 |
-+ exp = ktime_add_safe(now, exp); |
|
47 |
- } |
|
48 |
- |
|
49 |
- if (alarmtimer_do_nsleep(&alarm, exp)) |
50 | 1 |
deleted file mode 100644 |
... | ... |
@@ -1,53 +0,0 @@ |
1 |
-From b1c76346e194bf9390efec9bc00088650c2552e9 Mon Sep 17 00:00:00 2001 |
|
2 |
-From: Theodore Ts'o <tytso@mit.edu> |
|
3 |
-Date: Wed, 13 Jun 2018 00:51:28 -0400 |
|
4 |
-Subject: [PATCH 2/2] ext4: always verify the magic number in xattr blocks |
|
5 |
- |
|
6 |
-commit 513f86d73855ce556ea9522b6bfd79f87356dc3a upstream. |
|
7 |
- |
|
8 |
-If there an inode points to a block which is also some other type of |
|
9 |
-metadata block (such as a block allocation bitmap), the |
|
10 |
-buffer_verified flag can be set when it was validated as that other |
|
11 |
-metadata block type; however, it would make a really terrible external |
|
12 |
-attribute block. The reason why we use the verified flag is to avoid |
|
13 |
-constantly reverifying the block. However, it doesn't take much |
|
14 |
-overhead to make sure the magic number of the xattr block is correct, |
|
15 |
-and this will avoid potential crashes. |
|
16 |
- |
|
17 |
-This addresses CVE-2018-10879. |
|
18 |
- |
|
19 |
-https://bugzilla.kernel.org/show_bug.cgi?id=200001 |
|
20 |
- |
|
21 |
-Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
|
22 |
-Reviewed-by: Andreas Dilger <adilger@dilger.ca> |
|
23 |
-Cc: stable@kernel.org |
|
24 |
-[ Srivatsa: Backported to 4.4.y ] |
|
25 |
-Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> |
|
26 |
- fs/ext4/xattr.c | 7 ++++--- |
|
27 |
- 1 file changed, 4 insertions(+), 3 deletions(-) |
|
28 |
- |
|
29 |
-diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c |
|
30 |
-index eff07b9..7293f0b 100644 |
|
31 |
-+++ b/fs/ext4/xattr.c |
|
32 |
-@@ -220,12 +220,13 @@ ext4_xattr_check_block(struct inode *inode, struct buffer_head *bh) |
|
33 |
- { |
|
34 |
- int error; |
|
35 |
- |
|
36 |
-- if (buffer_verified(bh)) |
|
37 |
-- return 0; |
|
38 |
-- |
|
39 |
- if (BHDR(bh)->h_magic != cpu_to_le32(EXT4_XATTR_MAGIC) || |
|
40 |
- BHDR(bh)->h_blocks != cpu_to_le32(1)) |
|
41 |
- return -EFSCORRUPTED; |
|
42 |
-+ |
|
43 |
-+ if (buffer_verified(bh)) |
|
44 |
-+ return 0; |
|
45 |
-+ |
|
46 |
- if (!ext4_xattr_block_csum_verify(inode, bh->b_blocknr, BHDR(bh))) |
|
47 |
- return -EFSBADCRC; |
|
48 |
- error = ext4_xattr_check_names(BFIRST(bh), bh->b_data + bh->b_size, |
|
49 |
-2.7.4 |
|
50 |
- |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-esx |
4 |
-Version: 4.4.157 |
|
4 |
+Version: 4.4.161 |
|
5 | 5 |
Release: 1%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=6ba64a589f986cc8353794e5ead36892e5da7a40 |
|
12 |
+%define sha1 linux=9f1c41d4863a5322a0b2e3f527c96637b30c2cd0 |
|
13 | 13 |
Source1: config-esx |
14 | 14 |
Patch0: double-tcp_mem-limits.patch |
15 | 15 |
Patch1: linux-4.4-sysctl-sched_weighted_cpuload_uses_rla.patch |
... | ... |
@@ -62,11 +62,8 @@ Patch45: 0005-xfs-sanity-check-inode-di_mode.patch |
62 | 62 |
Patch46: 0006-xfs-verify-dinode-header-first.patch |
63 | 63 |
Patch47: 0007-xfs-move-inode-fork-verifiers-to-xfs_dinode_verify.patch |
64 | 64 |
Patch48: 0008-xfs-enhance-dinode-verifier.patch |
65 |
-# Fix for CVE-2018-13053 |
|
66 |
-Patch49: 0001-alarmtimer-Prevent-overflow-for-relative-nanosleep.patch |
|
67 | 65 |
# Fix for CVE-2018-10879 |
68 | 66 |
Patch50: 0001-ext4-add-corruption-check-in-ext4_xattr_set_entry.patch |
69 |
-Patch51: 0002-ext4-always-verify-the-magic-number-in-xattr-blocks.patch |
|
70 | 67 |
|
71 | 68 |
# For Spectre |
72 | 69 |
Patch67: 0169-x86-syscall-Clear-unused-extra-registers-on-syscall-.patch |
... | ... |
@@ -150,9 +147,7 @@ The Linux package contains the Linux kernel doc files |
150 | 150 |
%patch46 -p1 |
151 | 151 |
%patch47 -p1 |
152 | 152 |
%patch48 -p1 |
153 |
-%patch49 -p1 |
|
154 | 153 |
%patch50 -p1 |
155 |
-%patch51 -p1 |
|
156 | 154 |
|
157 | 155 |
%patch67 -p1 |
158 | 156 |
|
... | ... |
@@ -243,6 +238,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
243 | 243 |
/usr/src/linux-headers-%{uname_r} |
244 | 244 |
|
245 | 245 |
%changelog |
246 |
+* Mon Oct 15 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.161-1 |
|
247 |
+- Update to version 4.4.161 |
|
246 | 248 |
* Mon Sep 24 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.157-1 |
247 | 249 |
- Update to version 4.4.157 and fix CVE-2018-10879 |
248 | 250 |
* Tue Sep 18 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.153-3 |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 |
-Version: 4.4.157 |
|
4 |
+Version: 4.4.161 |
|
5 | 5 |
Release: 1%{?kat_build:.%kat_build}%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/%{name}-%{version}.tar.xz |
12 |
-%define sha1 linux=6ba64a589f986cc8353794e5ead36892e5da7a40 |
|
12 |
+%define sha1 linux=9f1c41d4863a5322a0b2e3f527c96637b30c2cd0 |
|
13 | 13 |
Source1: config |
14 | 14 |
%define ena_version 1.1.3 |
15 | 15 |
Source2: https://github.com/amzn/amzn-drivers/archive/ena_linux_1.1.3.tar.gz |
... | ... |
@@ -62,11 +62,8 @@ Patch38: 0005-xfs-sanity-check-inode-di_mode.patch |
62 | 62 |
Patch39: 0006-xfs-verify-dinode-header-first.patch |
63 | 63 |
Patch40: 0007-xfs-move-inode-fork-verifiers-to-xfs_dinode_verify.patch |
64 | 64 |
Patch41: 0008-xfs-enhance-dinode-verifier.patch |
65 |
-# Fix for CVE-2018-13053 |
|
66 |
-Patch42: 0001-alarmtimer-Prevent-overflow-for-relative-nanosleep.patch |
|
67 | 65 |
# Fix for CVE-2018-10879 |
68 | 66 |
Patch43: 0001-ext4-add-corruption-check-in-ext4_xattr_set_entry.patch |
69 |
-Patch44: 0002-ext4-always-verify-the-magic-number-in-xattr-blocks.patch |
|
70 | 67 |
|
71 | 68 |
# For Spectre |
72 | 69 |
Patch67: 0169-x86-syscall-Clear-unused-extra-registers-on-syscall-.patch |
... | ... |
@@ -183,9 +180,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
183 | 183 |
%patch39 -p1 |
184 | 184 |
%patch40 -p1 |
185 | 185 |
%patch41 -p1 |
186 |
-%patch42 -p1 |
|
187 | 186 |
%patch43 -p1 |
188 |
-%patch44 -p1 |
|
189 | 187 |
|
190 | 188 |
%patch67 -p1 |
191 | 189 |
|
... | ... |
@@ -344,6 +339,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
344 | 344 |
/usr/share/perf-core |
345 | 345 |
|
346 | 346 |
%changelog |
347 |
+* Mon Oct 15 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.161-1 |
|
348 |
+- Update to version 4.4.161 |
|
347 | 349 |
* Mon Sep 24 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.157-1 |
348 | 350 |
- Update to version 4.4.157 and fix CVE-2018-10879 |
349 | 351 |
* Tue Sep 18 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.153-3 |