Change-Id: I1322d3b4bb9f1d8c9c7cee7a397c58f0dba242f2
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/6243
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
Summary: Linux API header files |
2 | 2 |
Name: linux-api-headers |
3 |
-Version: 4.9.137 |
|
3 |
+Version: 4.9.140 |
|
4 | 4 |
Release: 1%{?dist} |
5 | 5 |
License: GPLv2 |
6 | 6 |
URL: http://www.kernel.org/ |
... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
8 | 8 |
Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
11 |
-%define sha1 linux=bd0e5ecf3bee96cb8c81d90247cb3389cbdc0727 |
|
11 |
+%define sha1 linux=926d3d735f9d531fece00241845cfbab25eb273e |
|
12 | 12 |
BuildArch: noarch |
13 | 13 |
Patch0: Implement-the-f-xattrat-family-of-functions.patch |
14 | 14 |
%description |
... | ... |
@@ -27,6 +27,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de |
27 | 27 |
%defattr(-,root,root) |
28 | 28 |
%{_includedir}/* |
29 | 29 |
%changelog |
30 |
+* Mon Nov 26 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.140-1 |
|
31 |
+- Update to version 4.9.140 |
|
30 | 32 |
* Fri Nov 16 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.137-1 |
31 | 33 |
- Update to version 4.9.137 |
32 | 34 |
* Mon Oct 01 2018 srinidhira0 <srinidhir@vmware.com> 4.9.130-1 |
... | ... |
@@ -19,7 +19,7 @@ Subject: [PATCH 1/3] NOWRITEEXEC and PAX features: MPROTECT, EMUTRAMP |
19 | 19 |
12 files changed, 424 insertions(+) |
20 | 20 |
|
21 | 21 |
diff --git a/arch/x86/mm/fault.c b/arch/x86/mm/fault.c |
22 |
-index 9f72ca3..fd5a25e 100644 |
|
22 |
+index 5c419b8..7b7e5d3 100644 |
|
23 | 23 |
--- a/arch/x86/mm/fault.c |
24 | 24 |
+++ b/arch/x86/mm/fault.c |
25 | 25 |
@@ -244,6 +244,11 @@ force_sig_info_fault(int si_signo, int si_code, unsigned long address, |
... | ... |
@@ -34,7 +34,7 @@ index 9f72ca3..fd5a25e 100644 |
34 | 34 |
DEFINE_SPINLOCK(pgd_lock); |
35 | 35 |
LIST_HEAD(pgd_list); |
36 | 36 |
|
37 |
-@@ -886,6 +891,13 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, |
|
37 |
+@@ -881,6 +886,13 @@ __bad_area_nosemaphore(struct pt_regs *regs, unsigned long error_code, |
|
38 | 38 |
return; |
39 | 39 |
} |
40 | 40 |
#endif |
... | ... |
@@ -48,7 +48,7 @@ index 9f72ca3..fd5a25e 100644 |
48 | 48 |
|
49 | 49 |
/* |
50 | 50 |
* To avoid leaking information about the kernel page table |
51 |
-@@ -1492,3 +1504,209 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) |
|
51 |
+@@ -1502,3 +1514,209 @@ trace_do_page_fault(struct pt_regs *regs, unsigned long error_code) |
|
52 | 52 |
} |
53 | 53 |
NOKPROBE_SYMBOL(trace_do_page_fault); |
54 | 54 |
#endif /* CONFIG_TRACING */ |
... | ... |
@@ -259,7 +259,7 @@ index 9f72ca3..fd5a25e 100644 |
259 | 259 |
+} |
260 | 260 |
+#endif |
261 | 261 |
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c |
262 |
-index 2472af2..c7b750d 100644 |
|
262 |
+index e7e25a8..bdb1315 100644 |
|
263 | 263 |
--- a/fs/binfmt_elf.c |
264 | 264 |
+++ b/fs/binfmt_elf.c |
265 | 265 |
@@ -36,6 +36,7 @@ |
... | ... |
@@ -310,7 +310,7 @@ index 2472af2..c7b750d 100644 |
310 | 310 |
if (elf_read_implies_exec(loc->elf_ex, executable_stack)) |
311 | 311 |
current->personality |= READ_IMPLIES_EXEC; |
312 | 312 |
|
313 |
-@@ -2320,6 +2340,56 @@ static int elf_core_dump(struct coredump_params *cprm) |
|
313 |
+@@ -2363,6 +2383,56 @@ static int elf_core_dump(struct coredump_params *cprm) |
|
314 | 314 |
|
315 | 315 |
#endif /* CONFIG_ELF_CORE */ |
316 | 316 |
|
... | ... |
@@ -368,10 +368,10 @@ index 2472af2..c7b750d 100644 |
368 | 368 |
{ |
369 | 369 |
register_binfmt(&elf_format); |
370 | 370 |
diff --git a/fs/exec.c b/fs/exec.c |
371 |
-index 67e8657..4eff942 100644 |
|
371 |
+index fcd8642e..c8e7b8f 100644 |
|
372 | 372 |
--- a/fs/exec.c |
373 | 373 |
+++ b/fs/exec.c |
374 |
-@@ -718,7 +718,12 @@ int setup_arg_pages(struct linux_binprm *bprm, |
|
374 |
+@@ -739,7 +739,12 @@ int setup_arg_pages(struct linux_binprm *bprm, |
|
375 | 375 |
if (unlikely(executable_stack == EXSTACK_ENABLE_X)) |
376 | 376 |
vm_flags |= VM_EXEC; |
377 | 377 |
else if (executable_stack == EXSTACK_DISABLE_X) |
... | ... |
@@ -419,10 +419,10 @@ index 20fa8d8..3d0dd18 100644 |
419 | 419 |
#endif |
420 | 420 |
|
421 | 421 |
diff --git a/include/linux/mm_types.h b/include/linux/mm_types.h |
422 |
-index 08d947f..3729003 100644 |
|
422 |
+index 8d6decd..923c34f 100644 |
|
423 | 423 |
--- a/include/linux/mm_types.h |
424 | 424 |
+++ b/include/linux/mm_types.h |
425 |
-@@ -517,6 +517,9 @@ struct mm_struct { |
|
425 |
+@@ -521,6 +521,9 @@ struct mm_struct { |
|
426 | 426 |
atomic_long_t hugetlb_usage; |
427 | 427 |
#endif |
428 | 428 |
struct work_struct async_put_work; |
... | ... |
@@ -433,10 +433,10 @@ index 08d947f..3729003 100644 |
433 | 433 |
|
434 | 434 |
static inline void mm_init_cpumask(struct mm_struct *mm) |
435 | 435 |
diff --git a/include/linux/sched.h b/include/linux/sched.h |
436 |
-index 4c27bcd..a138d62 100644 |
|
436 |
+index f4a551a..6f05b70 100644 |
|
437 | 437 |
--- a/include/linux/sched.h |
438 | 438 |
+++ b/include/linux/sched.h |
439 |
-@@ -1984,6 +1984,8 @@ static inline struct vm_struct *task_stack_vm_area(const struct task_struct *t) |
|
439 |
+@@ -1999,6 +1999,8 @@ static inline struct vm_struct *task_stack_vm_area(const struct task_struct *t) |
|
440 | 440 |
} |
441 | 441 |
#endif |
442 | 442 |
|
... | ... |
@@ -467,10 +467,10 @@ index b59ee07..ad4d96b 100644 |
467 | 467 |
#define OLD_DT_LOOS 0x60000000 |
468 | 468 |
#define DT_LOOS 0x6000000d |
469 | 469 |
diff --git a/ipc/shm.c b/ipc/shm.c |
470 |
-index dbac886..266e8bd 100644 |
|
470 |
+index 9c687cd..aa0fc4f 100644 |
|
471 | 471 |
--- a/ipc/shm.c |
472 | 472 |
+++ b/ipc/shm.c |
473 |
-@@ -1133,6 +1133,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, ulong *raddr, |
|
473 |
+@@ -1161,6 +1161,9 @@ long do_shmat(int shmid, char __user *shmaddr, int shmflg, |
|
474 | 474 |
f_mode = FMODE_READ | FMODE_WRITE; |
475 | 475 |
} |
476 | 476 |
if (shmflg & SHM_EXEC) { |
... | ... |
@@ -481,10 +481,10 @@ index dbac886..266e8bd 100644 |
481 | 481 |
acc_mode |= S_IXUGO; |
482 | 482 |
} |
483 | 483 |
diff --git a/mm/mmap.c b/mm/mmap.c |
484 |
-index 1af87c1..19fe04f 100644 |
|
484 |
+index 2837556..812ac33 100644 |
|
485 | 485 |
--- a/mm/mmap.c |
486 | 486 |
+++ b/mm/mmap.c |
487 |
-@@ -1360,6 +1360,17 @@ unsigned long do_mmap(struct file *file, unsigned long addr, |
|
487 |
+@@ -1403,6 +1403,17 @@ unsigned long do_mmap(struct file *file, unsigned long addr, |
|
488 | 488 |
vm_flags |= calc_vm_prot_bits(prot, pkey) | calc_vm_flag_bits(flags) | |
489 | 489 |
mm->def_flags | VM_MAYREAD | VM_MAYWRITE | VM_MAYEXEC; |
490 | 490 |
|
... | ... |
@@ -502,8 +502,8 @@ index 1af87c1..19fe04f 100644 |
502 | 502 |
if (flags & MAP_LOCKED) |
503 | 503 |
if (!can_do_mlock()) |
504 | 504 |
return -EPERM; |
505 |
-@@ -2822,6 +2833,9 @@ static int do_brk(unsigned long addr, unsigned long request) |
|
506 |
- return 0; |
|
505 |
+@@ -2886,6 +2897,9 @@ static int do_brk(unsigned long addr, unsigned long len) |
|
506 |
+ int error; |
|
507 | 507 |
|
508 | 508 |
flags = VM_DATA_DEFAULT_FLAGS | VM_ACCOUNT | mm->def_flags; |
509 | 509 |
+#ifdef CONFIG_PAX_MPROTECT |
... | ... |
@@ -512,7 +512,7 @@ index 1af87c1..19fe04f 100644 |
512 | 512 |
|
513 | 513 |
error = get_unmapped_area(NULL, addr, len, 0, MAP_FIXED); |
514 | 514 |
if (offset_in_page(error)) |
515 |
-@@ -3195,6 +3209,17 @@ static struct vm_area_struct *__install_special_mapping( |
|
515 |
+@@ -3266,6 +3280,17 @@ static struct vm_area_struct *__install_special_mapping( |
|
516 | 516 |
vma->vm_start = addr; |
517 | 517 |
vma->vm_end = addr + len; |
518 | 518 |
|
... | ... |
@@ -531,7 +531,7 @@ index 1af87c1..19fe04f 100644 |
531 | 531 |
vma->vm_page_prot = vm_get_page_prot(vma->vm_flags); |
532 | 532 |
|
533 | 533 |
diff --git a/mm/mprotect.c b/mm/mprotect.c |
534 |
-index 1193652..88aa56a 100644 |
|
534 |
+index 6896f77..1a6b9e8 100644 |
|
535 | 535 |
--- a/mm/mprotect.c |
536 | 536 |
+++ b/mm/mprotect.c |
537 | 537 |
@@ -25,6 +25,10 @@ |
... | ... |
@@ -545,7 +545,7 @@ index 1193652..88aa56a 100644 |
545 | 545 |
#include <asm/uaccess.h> |
546 | 546 |
#include <asm/pgtable.h> |
547 | 547 |
#include <asm/cacheflush.h> |
548 |
-@@ -329,6 +333,10 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, |
|
548 |
+@@ -379,6 +383,10 @@ mprotect_fixup(struct vm_area_struct *vma, struct vm_area_struct **pprev, |
|
549 | 549 |
* held in write mode. |
550 | 550 |
*/ |
551 | 551 |
vma->vm_flags = newflags; |
... | ... |
@@ -556,7 +556,7 @@ index 1193652..88aa56a 100644 |
556 | 556 |
dirty_accountable = vma_wants_writenotify(vma, vma->vm_page_prot); |
557 | 557 |
vma_set_page_prot(vma); |
558 | 558 |
|
559 |
-@@ -420,6 +428,10 @@ static int do_mprotect_pkey(unsigned long start, size_t len, |
|
559 |
+@@ -470,6 +478,10 @@ static int do_mprotect_pkey(unsigned long start, size_t len, |
|
560 | 560 |
if (start > vma->vm_start) |
561 | 561 |
prev = vma; |
562 | 562 |
|
... | ... |
@@ -568,7 +568,7 @@ index 1193652..88aa56a 100644 |
568 | 568 |
unsigned long mask_off_old_flags; |
569 | 569 |
unsigned long newflags; |
570 | 570 |
diff --git a/security/Kconfig b/security/Kconfig |
571 |
-index 118f454..965f1a3 100644 |
|
571 |
+index 32f36b4..6742dcd 100644 |
|
572 | 572 |
--- a/security/Kconfig |
573 | 573 |
+++ b/security/Kconfig |
574 | 574 |
@@ -4,6 +4,84 @@ |
... | ... |
@@ -657,5 +657,5 @@ index 118f454..965f1a3 100644 |
657 | 657 |
|
658 | 658 |
config SECURITY_DMESG_RESTRICT |
659 | 659 |
-- |
660 |
-2.8.1 |
|
660 |
+2.7.4 |
|
661 | 661 |
|
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-aws |
4 |
-Version: 4.9.137 |
|
4 |
+Version: 4.9.140 |
|
5 | 5 |
Release: 1%{?kat_build:.%kat_build}%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=bd0e5ecf3bee96cb8c81d90247cb3389cbdc0727 |
|
12 |
+%define sha1 linux=926d3d735f9d531fece00241845cfbab25eb273e |
|
13 | 13 |
Source1: config-aws |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
# common |
... | ... |
@@ -440,6 +440,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
440 | 440 |
/usr/share/doc/* |
441 | 441 |
|
442 | 442 |
%changelog |
443 |
+* Mon Nov 26 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.140-1 |
|
444 |
+- Update to version 4.9.140 |
|
443 | 445 |
* Fri Nov 16 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.137-1 |
444 | 446 |
- Update to version 4.9.137 |
445 | 447 |
* Tue Oct 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.130-2 |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-esx |
4 |
-Version: 4.9.137 |
|
4 |
+Version: 4.9.140 |
|
5 | 5 |
Release: 1%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=bd0e5ecf3bee96cb8c81d90247cb3389cbdc0727 |
|
12 |
+%define sha1 linux=926d3d735f9d531fece00241845cfbab25eb273e |
|
13 | 13 |
Source1: config-esx |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
# common |
... | ... |
@@ -233,6 +233,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
233 | 233 |
/usr/src/linux-headers-%{uname_r} |
234 | 234 |
|
235 | 235 |
%changelog |
236 |
+* Mon Nov 26 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.140-1 |
|
237 |
+- Update to version 4.9.140 |
|
236 | 238 |
* Fri Nov 16 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.137-1 |
237 | 239 |
- Update to version 4.9.137 |
238 | 240 |
* Mon Oct 08 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.130-3 |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-secure |
4 |
-Version: 4.9.137 |
|
4 |
+Version: 4.9.140 |
|
5 | 5 |
Release: 1%{?kat_build:.%kat_build}%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=bd0e5ecf3bee96cb8c81d90247cb3389cbdc0727 |
|
12 |
+%define sha1 linux=926d3d735f9d531fece00241845cfbab25eb273e |
|
13 | 13 |
Source1: config-secure |
14 | 14 |
Source2: aufs4.9.tar.gz |
15 | 15 |
%define sha1 aufs=ebe716ce4b638a3772c7cd3161abbfe11d584906 |
... | ... |
@@ -331,6 +331,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
331 | 331 |
/usr/src/linux-headers-%{uname_r} |
332 | 332 |
|
333 | 333 |
%changelog |
334 |
+* Mon Nov 26 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.140-1 |
|
335 |
+- Update to version 4.9.140 |
|
334 | 336 |
* Fri Nov 16 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.137-1 |
335 | 337 |
- Update to version 4.9.137 |
336 | 338 |
* Tue Oct 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.130-2 |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 |
-Version: 4.9.137 |
|
4 |
+Version: 4.9.140 |
|
5 | 5 |
Release: 1%{?kat_build:.%kat_build}%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=bd0e5ecf3bee96cb8c81d90247cb3389cbdc0727 |
|
12 |
+%define sha1 linux=926d3d735f9d531fece00241845cfbab25eb273e |
|
13 | 13 |
Source1: config |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
%define ena_version 1.1.3 |
... | ... |
@@ -363,6 +363,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
363 | 363 |
/usr/share/doc/* |
364 | 364 |
|
365 | 365 |
%changelog |
366 |
+* Mon Nov 26 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.140-1 |
|
367 |
+- Update to version 4.9.140 |
|
366 | 368 |
* Fri Nov 16 2018 Srivatsa S. Bhat (VMware) <srivatsa@csail.mit.edu> 4.9.137-1 |
367 | 369 |
- Update to version 4.9.137 |
368 | 370 |
* Tue Oct 02 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.130-2 |