Upstream commit df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (sctp: do not
peel off an assoc from one netns to another one) fixes this CVE, and
has been included in linux-stable 4.9.65. So update to the latest
stable kernel (4.9.66) to get the fix.
Change-Id: I8a76279f3ee463b7879c04a3c8c037df7dd748ac
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/4424
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
Summary: Linux API header files |
2 | 2 |
Name: linux-api-headers |
3 |
-Version: 4.9.64 |
|
3 |
+Version: 4.9.66 |
|
4 | 4 |
Release: 1%{?dist} |
5 | 5 |
License: GPLv2 |
6 | 6 |
URL: http://www.kernel.org/ |
... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
8 | 8 |
Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
11 |
-%define sha1 linux=06466679a6b1ada7614d988ed730ccd5c03210d9 |
|
11 |
+%define sha1 linux=ecb5adfa84ab6f06f2cb07b56517883310710a0b |
|
12 | 12 |
BuildArch: noarch |
13 | 13 |
%description |
14 | 14 |
The Linux API Headers expose the kernel's API for use by Glibc. |
... | ... |
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de |
25 | 25 |
%defattr(-,root,root) |
26 | 26 |
%{_includedir}/* |
27 | 27 |
%changelog |
28 |
+* Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1 |
|
29 |
+- Version update |
|
28 | 30 |
* Tue Nov 21 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.64-1 |
29 | 31 |
- Version update |
30 | 32 |
* Mon Nov 06 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.60-1 |
... | ... |
@@ -10,7 +10,7 @@ Subject: [PATCH 3/3] Added PAX_RANDKSTACK |
10 | 10 |
3 files changed, 51 insertions(+) |
11 | 11 |
|
12 | 12 |
diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S |
13 |
-index ef766a3..f64514d 100644 |
|
13 |
+index be9df51..7f18cd3 100644 |
|
14 | 14 |
--- a/arch/x86/entry/entry_64.S |
15 | 15 |
+++ b/arch/x86/entry/entry_64.S |
16 | 16 |
@@ -54,6 +54,16 @@ ENTRY(native_usergs_sysret64) |
... | ... |
@@ -27,10 +27,10 @@ index ef766a3..f64514d 100644 |
27 | 27 |
+#endif |
28 | 28 |
+.endm |
29 | 29 |
+ |
30 |
- .macro TRACE_IRQS_IRETQ |
|
30 |
+ .macro TRACE_IRQS_FLAGS flags:req |
|
31 | 31 |
#ifdef CONFIG_TRACE_IRQFLAGS |
32 |
- bt $9, EFLAGS(%rsp) /* interrupts off? */ |
|
33 |
-@@ -223,6 +233,8 @@ entry_SYSCALL_64_fastpath: |
|
32 |
+ bt $9, \flags /* interrupts off? */ |
|
33 |
+@@ -227,6 +237,8 @@ entry_SYSCALL_64_fastpath: |
|
34 | 34 |
testl $_TIF_ALLWORK_MASK, TASK_TI_flags(%r11) |
35 | 35 |
jnz 1f |
36 | 36 |
|
... | ... |
@@ -39,7 +39,7 @@ index ef766a3..f64514d 100644 |
39 | 39 |
LOCKDEP_SYS_EXIT |
40 | 40 |
TRACE_IRQS_ON /* user mode is traced as IRQs on */ |
41 | 41 |
movq RIP(%rsp), %rcx |
42 |
-@@ -251,6 +263,8 @@ entry_SYSCALL64_slow_path: |
|
42 |
+@@ -255,6 +267,8 @@ entry_SYSCALL64_slow_path: |
|
43 | 43 |
call do_syscall_64 /* returns with IRQs disabled */ |
44 | 44 |
|
45 | 45 |
return_from_SYSCALL_64: |
... | ... |
@@ -48,7 +48,7 @@ index ef766a3..f64514d 100644 |
48 | 48 |
RESTORE_EXTRA_REGS |
49 | 49 |
TRACE_IRQS_IRETQ /* we're about to change IF */ |
50 | 50 |
|
51 |
-@@ -423,6 +437,7 @@ ENTRY(ret_from_fork) |
|
51 |
+@@ -427,6 +441,7 @@ ENTRY(ret_from_fork) |
|
52 | 52 |
2: |
53 | 53 |
movq %rsp, %rdi |
54 | 54 |
call syscall_return_slowpath /* returns with IRQs disabled */ |
... | ... |
@@ -56,7 +56,7 @@ index ef766a3..f64514d 100644 |
56 | 56 |
TRACE_IRQS_ON /* user mode is traced as IRQS on */ |
57 | 57 |
SWAPGS |
58 | 58 |
jmp restore_regs_and_iret |
59 |
-@@ -534,6 +549,7 @@ ret_from_intr: |
|
59 |
+@@ -538,6 +553,7 @@ ret_from_intr: |
|
60 | 60 |
GLOBAL(retint_user) |
61 | 61 |
mov %rsp,%rdi |
62 | 62 |
call prepare_exit_to_usermode |
... | ... |
@@ -65,10 +65,10 @@ index ef766a3..f64514d 100644 |
65 | 65 |
SWAPGS |
66 | 66 |
jmp restore_regs_and_iret |
67 | 67 |
diff --git a/arch/x86/kernel/process_64.c b/arch/x86/kernel/process_64.c |
68 |
-index b3760b3..e4cfd3d 100644 |
|
68 |
+index 0887d2a..cd76ae8 100644 |
|
69 | 69 |
--- a/arch/x86/kernel/process_64.c |
70 | 70 |
+++ b/arch/x86/kernel/process_64.c |
71 |
-@@ -145,7 +145,13 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp, |
|
71 |
+@@ -262,7 +262,13 @@ int copy_thread_tls(unsigned long clone_flags, unsigned long sp, |
|
72 | 72 |
struct inactive_task_frame *frame; |
73 | 73 |
struct task_struct *me = current; |
74 | 74 |
|
... | ... |
@@ -82,7 +82,7 @@ index b3760b3..e4cfd3d 100644 |
82 | 82 |
childregs = task_pt_regs(p); |
83 | 83 |
fork_frame = container_of(childregs, struct fork_frame, regs); |
84 | 84 |
frame = &fork_frame->frame; |
85 |
-@@ -621,3 +627,18 @@ unsigned long KSTK_ESP(struct task_struct *task) |
|
85 |
+@@ -647,3 +653,18 @@ unsigned long KSTK_ESP(struct task_struct *task) |
|
86 | 86 |
{ |
87 | 87 |
return task_pt_regs(task)->sp; |
88 | 88 |
} |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-esx |
4 |
-Version: 4.9.64 |
|
4 |
+Version: 4.9.66 |
|
5 | 5 |
Release: 1%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=06466679a6b1ada7614d988ed730ccd5c03210d9 |
|
12 |
+%define sha1 linux=ecb5adfa84ab6f06f2cb07b56517883310710a0b |
|
13 | 13 |
Source1: config-esx |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
# common |
... | ... |
@@ -198,6 +198,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
198 | 198 |
/usr/src/linux-headers-%{uname_r} |
199 | 199 |
|
200 | 200 |
%changelog |
201 |
+* Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1 |
|
202 |
+- Version update |
|
201 | 203 |
* Tue Nov 21 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.64-1 |
202 | 204 |
- Version update |
203 | 205 |
* Mon Nov 06 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.60-1 |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-secure |
4 |
-Version: 4.9.64 |
|
4 |
+Version: 4.9.66 |
|
5 | 5 |
Release: 1%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=06466679a6b1ada7614d988ed730ccd5c03210d9 |
|
12 |
+%define sha1 linux=ecb5adfa84ab6f06f2cb07b56517883310710a0b |
|
13 | 13 |
Source1: config-secure |
14 | 14 |
Source2: aufs4.9.tar.gz |
15 | 15 |
%define sha1 aufs=ebe716ce4b638a3772c7cd3161abbfe11d584906 |
... | ... |
@@ -277,6 +277,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
277 | 277 |
/usr/src/linux-headers-%{uname_r} |
278 | 278 |
|
279 | 279 |
%changelog |
280 |
+* Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1 |
|
281 |
+- Version update |
|
280 | 282 |
* Tue Nov 21 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.64-1 |
281 | 283 |
- Version update |
282 | 284 |
* Wed Nov 08 2017 Alexey Makhalov <amakhalov@vmware.com> 4.9.60-2 |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 |
-Version: 4.9.64 |
|
4 |
+Version: 4.9.66 |
|
5 | 5 |
Release: 1%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=06466679a6b1ada7614d988ed730ccd5c03210d9 |
|
12 |
+%define sha1 linux=ecb5adfa84ab6f06f2cb07b56517883310710a0b |
|
13 | 13 |
Source1: config |
14 | 14 |
Source2: initramfs.trigger |
15 | 15 |
%define ena_version 1.1.3 |
... | ... |
@@ -302,6 +302,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
302 | 302 |
/usr/share/doc/* |
303 | 303 |
|
304 | 304 |
%changelog |
305 |
+* Mon Dec 04 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.66-1 |
|
306 |
+- Version update |
|
305 | 307 |
* Tue Nov 21 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.64-1 |
306 | 308 |
- Version update |
307 | 309 |
* Mon Nov 06 2017 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.9.60-1 |