Browse code
kernels: fix CVE-2017-1000364 ("stack clash")
Extras:
- 9P FS security support
- DM Delay target support
Change-Id: Ia50a43d9b177ab2d2d8a02c4041f4fcf47291bdd
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/3092
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
Alexey Makhalov authored on 2017/06/29 07:41:47Showing 6 changed files
- SPECS/linux-api-headers/linux-api-headers.spec
- SPECS/linux/config
- SPECS/linux/config-esx
- SPECS/linux/linux-esx.spec
- SPECS/linux/linux.spec
- SPECS/linux/vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_surface_define_ioctl.patch
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
Summary: Linux API header files |
| 2 | 2 |
Name: linux-api-headers |
| 3 |
-Version: 4.4.71 |
|
| 3 |
+Version: 4.4.74 |
|
| 4 | 4 |
Release: 1%{?dist}
|
| 5 | 5 |
License: GPLv2 |
| 6 | 6 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
| 8 | 8 |
Vendor: VMware, Inc. |
| 9 | 9 |
Distribution: Photon |
| 10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 11 |
-%define sha1 linux=e1803ee9837d8ef729601e71e1f51666366a3612 |
|
| 11 |
+%define sha1 linux=80b338e4442f57563dceb71be4acc1f5a5c234a0 |
|
| 12 | 12 |
BuildArch: noarch |
| 13 | 13 |
%description |
| 14 | 14 |
The Linux API Headers expose the kernel's API for use by Glibc. |
| ... | ... |
@@ -25,6 +25,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de
|
| 25 | 25 |
%defattr(-,root,root) |
| 26 | 26 |
%{_includedir}/*
|
| 27 | 27 |
%changelog |
| 28 |
+* Wed Jun 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.74-1 |
|
| 29 |
+- Update version |
|
| 28 | 30 |
* Wed Jun 7 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.71-1 |
| 29 | 31 |
- Update version |
| 30 | 32 |
* Thu May 25 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.70-1 |
| ... | ... |
@@ -1,6 +1,6 @@ |
| 1 | 1 |
# |
| 2 | 2 |
# Automatically generated file; DO NOT EDIT. |
| 3 |
-# Linux/x86 4.4.71 Kernel Configuration |
|
| 3 |
+# Linux/x86 4.4.74 Kernel Configuration |
|
| 4 | 4 |
# |
| 5 | 5 |
CONFIG_64BIT=y |
| 6 | 6 |
CONFIG_X86_64=y |
| ... | ... |
@@ -1825,7 +1825,7 @@ CONFIG_DM_ZERO=m |
| 1825 | 1825 |
CONFIG_DM_MULTIPATH=m |
| 1826 | 1826 |
# CONFIG_DM_MULTIPATH_QL is not set |
| 1827 | 1827 |
# CONFIG_DM_MULTIPATH_ST is not set |
| 1828 |
-# CONFIG_DM_DELAY is not set |
|
| 1828 |
+CONFIG_DM_DELAY=m |
|
| 1829 | 1829 |
CONFIG_DM_UEVENT=y |
| 1830 | 1830 |
CONFIG_DM_FLAKEY=m |
| 1831 | 1831 |
CONFIG_DM_VERITY=m |
| ... | ... |
@@ -3925,7 +3925,7 @@ CONFIG_CIFS_SMB2=y |
| 3925 | 3925 |
CONFIG_9P_FS=m |
| 3926 | 3926 |
# CONFIG_9P_FSCACHE is not set |
| 3927 | 3927 |
CONFIG_9P_FS_POSIX_ACL=y |
| 3928 |
-# CONFIG_9P_FS_SECURITY is not set |
|
| 3928 |
+CONFIG_9P_FS_SECURITY=y |
|
| 3929 | 3929 |
CONFIG_NLS=y |
| 3930 | 3930 |
CONFIG_NLS_DEFAULT="utf8" |
| 3931 | 3931 |
CONFIG_NLS_CODEPAGE_437=y |
| ... | ... |
@@ -1500,7 +1500,7 @@ CONFIG_DM_MIRROR=m |
| 1500 | 1500 |
# CONFIG_DM_RAID is not set |
| 1501 | 1501 |
CONFIG_DM_ZERO=m |
| 1502 | 1502 |
# CONFIG_DM_MULTIPATH is not set |
| 1503 |
-# CONFIG_DM_DELAY is not set |
|
| 1503 |
+CONFIG_DM_DELAY=m |
|
| 1504 | 1504 |
CONFIG_DM_UEVENT=y |
| 1505 | 1505 |
# CONFIG_DM_FLAKEY is not set |
| 1506 | 1506 |
# CONFIG_DM_VERITY is not set |
| ... | ... |
@@ -1,7 +1,7 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux-esx |
| 4 |
-Version: 4.4.71 |
|
| 4 |
+Version: 4.4.74 |
|
| 5 | 5 |
Release: 1%{?dist}
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| ... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=e1803ee9837d8ef729601e71e1f51666366a3612 |
|
| 12 |
+%define sha1 linux=80b338e4442f57563dceb71be4acc1f5a5c234a0 |
|
| 13 | 13 |
Source1: config-esx |
| 14 | 14 |
Patch0: double-tcp_mem-limits.patch |
| 15 | 15 |
Patch1: linux-4.4-sysctl-sched_weighted_cpuload_uses_rla.patch |
| ... | ... |
@@ -34,8 +34,6 @@ Patch19: serial-8250-do-not-probe-U6-16550A-fifo-size.patch |
| 34 | 34 |
Patch20: vmci-1.1.4.0-use-32bit-atomics-for-queue-headers.patch |
| 35 | 35 |
Patch21: vmci-1.1.5.0-doorbell-create-and-destroy-fixes.patch |
| 36 | 36 |
Patch22: net-9p-vsock.patch |
| 37 |
-#fixes CVE-2017-7346 |
|
| 38 |
-Patch23: vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_surface_define_ioctl.patch |
|
| 39 | 37 |
BuildRequires: bc |
| 40 | 38 |
BuildRequires: kbd |
| 41 | 39 |
BuildRequires: kmod |
| ... | ... |
@@ -94,7 +92,6 @@ The Linux package contains the Linux kernel doc files |
| 94 | 94 |
%patch20 -p1 |
| 95 | 95 |
%patch21 -p1 |
| 96 | 96 |
%patch22 -p1 |
| 97 |
-%patch23 -p1 |
|
| 98 | 97 |
|
| 99 | 98 |
%build |
| 100 | 99 |
# patch vmw_balloon driver |
| ... | ... |
@@ -183,6 +180,9 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg
|
| 183 | 183 |
/usr/src/linux-headers-%{uname_r}
|
| 184 | 184 |
|
| 185 | 185 |
%changelog |
| 186 |
+* Wed Jun 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.74-1 |
|
| 187 |
+- [feature] DM Delay target support |
|
| 188 |
+- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605
|
|
| 186 | 189 |
* Wed Jun 7 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.71-1 |
| 187 | 190 |
- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 |
| 188 | 191 |
CVE-2017-9077 and CVE-2017-9242 |
| ... | ... |
@@ -1,15 +1,15 @@ |
| 1 | 1 |
%global security_hardening none |
| 2 | 2 |
Summary: Kernel |
| 3 | 3 |
Name: linux |
| 4 |
-Version: 4.4.71 |
|
| 5 |
-Release: 2%{?dist}
|
|
| 4 |
+Version: 4.4.74 |
|
| 5 |
+Release: 1%{?dist}
|
|
| 6 | 6 |
License: GPLv2 |
| 7 | 7 |
URL: http://www.kernel.org/ |
| 8 | 8 |
Group: System Environment/Kernel |
| 9 | 9 |
Vendor: VMware, Inc. |
| 10 | 10 |
Distribution: Photon |
| 11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/%{name}-%{version}.tar.xz
|
| 12 |
-%define sha1 linux=e1803ee9837d8ef729601e71e1f51666366a3612 |
|
| 12 |
+%define sha1 linux=80b338e4442f57563dceb71be4acc1f5a5c234a0 |
|
| 13 | 13 |
Source1: config |
| 14 | 14 |
%define ena_version 1.1.3 |
| 15 | 15 |
Source2: https://github.com/amzn/amzn-drivers/archive/ena_linux_1.1.3.tar.gz |
| ... | ... |
@@ -33,8 +33,6 @@ Patch14: vmxnet3-1.4.8.0-segCnt-can-be-1-for-LRO-packets.patch |
| 33 | 33 |
#fixes CVE-2016-6187 |
| 34 | 34 |
Patch15: apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch |
| 35 | 35 |
Patch16: net-9p-vsock.patch |
| 36 |
-#fixes CVE-2017-7346 |
|
| 37 |
-Patch17: vmwgfx-limit-the-number-of-mip-levels-in-vmw_gb_surface_define_ioctl.patch |
|
| 38 | 36 |
BuildRequires: bc |
| 39 | 37 |
BuildRequires: kbd |
| 40 | 38 |
BuildRequires: kmod |
| ... | ... |
@@ -121,7 +119,6 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
| 121 | 121 |
%patch14 -p1 |
| 122 | 122 |
%patch15 -p1 |
| 123 | 123 |
%patch16 -p1 |
| 124 |
-%patch17 -p1 |
|
| 125 | 124 |
|
| 126 | 125 |
%build |
| 127 | 126 |
make mrproper |
| ... | ... |
@@ -274,6 +271,10 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg
|
| 274 | 274 |
/usr/share/perf-core |
| 275 | 275 |
|
| 276 | 276 |
%changelog |
| 277 |
+* Wed Jun 28 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.74-1 |
|
| 278 |
+- [feature] 9P FS security support |
|
| 279 |
+- [feature] DM Delay target support |
|
| 280 |
+- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605
|
|
| 277 | 281 |
* Mon Jun 19 2017 Anish Swaminathan <anishs@vmware.com> 4.4.71-2 |
| 278 | 282 |
- [feature] IPV6 netfilter NAT masquerade, security support |
| 279 | 283 |
* Wed Jun 7 2017 Alexey Makhalov <amakhalov@vmware.com> 4.4.71-1 |
| 280 | 284 |
deleted file mode 100644 |
| ... | ... |
@@ -1,28 +0,0 @@ |
| 1 |
-The 'req->mip_levels' parameter in vmw_gb_surface_define_ioctl() is |
|
| 2 |
-a user-controlled 'uint32_t' value which is used as a loop count limit. |
|
| 3 |
-This can lead to a kernel lockup and DoS. Add check for 'req->mip_levels'. |
|
| 4 |
- |
|
| 5 |
-References: |
|
| 6 |
-https://bugzilla.redhat.com/show_bug.cgi?id=1437431 |
|
| 7 |
-Signed-off-by: Vladis Dronov <vdronov at redhat.com> |
|
| 8 |
- drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 4 ++++ |
|
| 9 |
- 1 file changed, 4 insertions(+) |
|
| 10 |
- |
|
| 11 |
-diff --git a/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c |
|
| 12 |
-index b445ce9..b30824b 100644 |
|
| 13 |
-+++ b/drivers/gpu/drm/vmwgfx/vmwgfx_surface.c |
|
| 14 |
-@@ -1281,6 +1281,10 @@ int vmw_gb_surface_define_ioctl(struct drm_device *dev, void *data, |
|
| 15 |
- if (req->multisample_count != 0) |
|
| 16 |
- return -EINVAL; |
|
| 17 |
- |
|
| 18 |
-+ if (req->mip_levels > DRM_VMW_MAX_SURFACE_FACES * |
|
| 19 |
-+ DRM_VMW_MAX_MIP_LEVELS) |
|
| 20 |
-+ return -EINVAL; |
|
| 21 |
-+ |
|
| 22 |
- if (unlikely(vmw_user_surface_size == 0)) |
|
| 23 |
- vmw_user_surface_size = ttm_round_pot(sizeof(*user_srf)) + |
|
| 24 |
- 128; |
|
| 25 |
-2.9.3 |