Browse code
kernels: Fix CVE-2017-15115 by updating to 4.9.66
Upstream commit df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (sctp: do not
peel off an assoc from one netns to another one) fixes this CVE, and
has been included in linux-stable 4.9.65. So update to the latest
stable kernel (4.9.66) to get the fix.
Change-Id: I100a933fd7e4bab61f3fe5b733c33ad1ed38a65c
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4425
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
Srivatsa S. Bhat authored on 2017/12/05 07:08:34Showing 5 changed files
- SPECS/linux-api-headers/linux-api-headers.spec
- SPECS/linux/0003-Added-PAX_RANDKSTACK.patch
- SPECS/linux/linux-esx.spec
- SPECS/linux/linux-secure.spec
- SPECS/linux/linux.spec
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
Summary: Linux API header files |
| 2 | 2 |
Name: linux-api-headers |
| 3 |
-Version: 4.9.64 |
|
| 3 |
+Version: 4.9.66 |
|
| 4 | 4 |
Release: 1%{?dist}
|
| 5 | 5 |
License: GPLv2 |
| 6 | 6 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 11 |
-%define sha1 linux=06466679a6b1ada7614d988ed730ccd5c03210d9 |
|
| 11 |
+%define sha1 linux=ecb5adfa84ab6f06f2cb07b56517883310710a0b |
|
| 12 | 12 |
BuildArch: noarch |
| 13 | 13 |
%description |
| 14 | 14 |
The Linux API Headers expose the kernel's API for use by Glibc. |
| ... | ... |
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
|
| 25 | 25 |
%defattr(-,root,root) |
| 26 | 26 |
%{_includedir}/*
|
| 27 | 27 |
%changelog |
| 28 |
+* Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1 |
|
| 29 |
+- Version update |
|
| 28 | 30 |
* Tue Nov 21 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.64-1 |
| 29 | 31 |
- Version update |
| 30 | 32 |
* Mon Nov 06 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.60-1 |
| ... | ... |
@@ -10,7 +10,7 @@ Subject: [PATCH 3/3] Added PAX_RANDKSTACK |
| 10 | 10 |
3 files changed, 51 insertions(+) |
| 11 | 11 |
|
| 12 | 12 |
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S |
| 13 |
-index ef766a3..f64514d 100644 |
|
| 13 |
+index be9df51..7f18cd3 100644 |
|
| 14 | 14 |
--- a/arch/x86/entry/entry_64.S |
| 15 | 15 |
+++ b/arch/x86/entry/entry_64.S |
| 16 | 16 |
@@ -54,6 +54,16 @@ ENTRY(native_usergs_sysret64) |
| ... | ... |
@@ -27,10 +27,10 @@ index ef766a3..f64514d 100644 |
| 27 | 27 |
+#endif |
| 28 | 28 |
+.endm |
| 29 | 29 |
+ |
| 30 |
- .macro TRACE_IRQS_IRETQ |
|
| 30 |
+ .macro TRACE_IRQS_FLAGS flags:req |
|
| 31 | 31 |
#ifdef CONFIG_TRACE_IRQFLAGS |
| 32 |
- bt $9, EFLAGS(%rsp) /* interrupts off? */ |
|
| 33 |
-@@ -223,6 +233,8 @@ entry_SYSCALL_64_fastpath: |
|
| 32 |
+ bt $9, \flags /* interrupts off? */ |
|
| 33 |
+@@ -227,6 +237,8 @@ entry_SYSCALL_64_fastpath: |
|
| 34 | 34 |
testl $_TIF_ALLWORK_MASK, TASK_TI_flags(%r11) |
| 35 | 35 |
jnz 1f |
| 36 | 36 |
|
| ... | ... |
@@ -39,7 +39,7 @@ index ef766a3..f64514d 100644 |
| 39 | 39 |
LOCKDEP_SYS_EXIT |
| 40 | 40 |
TRACE_IRQS_ON /* user mode is traced as IRQs on */ |
| 41 | 41 |
movq RIP(%rsp), %rcx |
| 42 |
-@@ -251,6 +263,8 @@ entry_SYSCALL64_slow_path: |
|
| 42 |
+@@ -255,6 +267,8 @@ entry_SYSCALL64_slow_path: |
|
| 43 | 43 |
call do_syscall_64 /* returns with IRQs disabled */ |
| 44 | 44 |
|
| 45 | 45 |
return_from_SYSCALL_64: |
| ... | ... |
@@ -48,7 +48,7 @@ index ef766a3..f64514d 100644 |
| 48 | 48 |
RESTORE_EXTRA_REGS |
| 49 | 49 |
TRACE_IRQS_IRETQ /* we're about to change IF */ |
| 50 | 50 |
|
| 51 |
-@@ -423,6 +437,7 @@ ENTRY(ret_from_fork) |
|
| 51 |
+@@ -427,6 +441,7 @@ ENTRY(ret_from_fork) |
|
| 52 | 52 |
2: |
| 53 | 53 |
movq %rsp, %rdi |
| 54 | 54 |
call syscall_return_slowpath /* returns with IRQs disabled */ |
| ... | ... |
@@ -56,7 +56,7 @@ index ef766a3..f64514d 100644 |
| 56 | 56 |
TRACE_IRQS_ON /* user mode is traced as IRQS on */ |
| 57 | 57 |
SWAPGS |
| 58 | 58 |
jmp restore_regs_and_iret |
| 59 |
-@@ -534,6 +549,7 @@ ret_from_intr: |
|
| 59 |
+@@ -538,6 +553,7 @@ ret_from_intr: |
|
| 60 | 60 |
GLOBAL(retint_user) |
| 61 | 61 |
mov %rsp,%rdi |
| 62 | 62 |
call prepare_exit_to_usermode |
| ... | ... |
@@ -65,10 +65,10 @@ index ef766a3..f64514d 100644 |
| 65 | 65 |
SWAPGS |
| 66 | 66 |
jmp restore_regs_and_iret |
| 67 | 67 |
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c |
| 68 |
-index b3760b3..e4cfd3d 100644 |
|
| 68 |
+index 0887d2a..cd76ae8 100644 |
|
| 69 | 69 |
--- a/arch/x86/kernel/process_64.c |
| 70 | 70 |
+++ b/arch/x86/kernel/process_64.c |
| 71 |
-@@ -145,7 +145,13 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp, |
|
| 71 |
+@@ -262,7 +262,13 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp, |
|
| 72 | 72 |
struct inactive_task_frame *frame; |
| 73 | 73 |
struct task_struct *me = current; |
| 74 | 74 |
|
| ... | ... |
@@ -82,7 +82,7 @@ index b3760b3..e4cfd3d 100644 |
| 82 | 82 |
childregs = task_pt_regs(p); |
| 83 | 83 |
fork_frame = container_of(childregs, struct fork_frame, regs); |
| 84 | 84 |
frame = &fork_frame->frame; |
| 85 |
-@@ -621,3 +627,18 @@ unsigned long KSTK_ESP(struct task_struct *task) |
|
| 85 |
+@@ -647,3 +653,18 @@ unsigned long KSTK_ESP(struct task_struct *task) |
|
| 86 | 86 |
{
|
| 87 | 87 |
return task_pt_regs(task)->sp; |
| 88 | 88 |
} |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-esx |
| 4 |
-Version: 4.9.64 |
|
| 5 |
-Release: 2%{?dist}
|
|
| 4 |
+Version: 4.9.66 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=06466679a6b1ada7614d988ed730ccd5c03210d9 |
|
| 12 |
+%define sha1 linux=ecb5adfa84ab6f06f2cb07b56517883310710a0b |
|
| 13 | 13 |
Source1: config-esx |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
# common |
| ... | ... |
@@ -200,6 +200,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 200 | 200 |
/usr/src/linux-headers-%{uname_r}
|
| 201 | 201 |
|
| 202 | 202 |
%changelog |
| 203 |
+* Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1 |
|
| 204 |
+- Version update |
|
| 203 | 205 |
* Mon Nov 27 2017 Bo Gan <ganb@vmware.com> 4.9.64-2 |
| 204 | 206 |
- Recreate /dev/root in init |
| 205 | 207 |
* Tue Nov 21 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.64-1 |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-secure |
| 4 |
-Version: 4.9.64 |
|
| 4 |
+Version: 4.9.66 |
|
| 5 | 5 |
Release: 1%{?dist}
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=06466679a6b1ada7614d988ed730ccd5c03210d9 |
|
| 12 |
+%define sha1 linux=ecb5adfa84ab6f06f2cb07b56517883310710a0b |
|
| 13 | 13 |
Source1: config-secure |
| 14 | 14 |
Source2: aufs4.9.tar.gz |
| 15 | 15 |
%define sha1 aufs=ebe716ce4b638a3772c7cd3161abbfe11d584906 |
| ... | ... |
@@ -277,6 +277,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 277 | 277 |
/usr/src/linux-headers-%{uname_r}
|
| 278 | 278 |
|
| 279 | 279 |
%changelog |
| 280 |
+* Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1 |
|
| 281 |
+- Version update |
|
| 280 | 282 |
* Tue Nov 21 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.64-1 |
| 281 | 283 |
- Version update |
| 282 | 284 |
* Wed Nov 08 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.60-2 |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 |
-Version: 4.9.64 |
|
| 4 |
+Version: 4.9.66 |
|
| 5 | 5 |
Release: 1%{?dist}
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=06466679a6b1ada7614d988ed730ccd5c03210d9 |
|
| 12 |
+%define sha1 linux=ecb5adfa84ab6f06f2cb07b56517883310710a0b |
|
| 13 | 13 |
Source1: config |
| 14 | 14 |
Source2: initramfs.trigger |
| 15 | 15 |
%define ena_version 1.1.3 |
| ... | ... |
@@ -302,6 +302,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 302 | 302 |
/usr/share/doc/* |
| 303 | 303 |
|
| 304 | 304 |
%changelog |
| 305 |
+* Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1 |
|
| 306 |
+- Version update |
|
| 305 | 307 |
* Tue Nov 21 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.64-1 |
| 306 | 308 |
- Version update |
| 307 | 309 |
* Mon Nov 06 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.60-1 |