Update to version 4.4.145, and apply a patch to unconditionally clear
the stack upon fork, in order to eliminate the entire class of
vulnerabilities that try to exploit kernel stack content leaks. This
also helps further harden the kernel against speculative execution
vulnerabilities[1].
[1]. https://www.spinics.net/lists/linux-mm/msg158197.html
https://www.spinics.net/lists/linux-mm/msg158420.html
Change-Id: I56b257a54f4c8d96ad84c2560cfce1192bac51e3
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/5440
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Srinidhi Rao <srinidhir@vmware.com>
Reviewed-by: Alexey Makhalov <amakhalov@vmware.com>
... | ... |
@@ -1,6 +1,6 @@ |
1 | 1 |
Summary: Linux API header files |
2 | 2 |
Name: linux-api-headers |
3 |
-Version: 4.4.144 |
|
3 |
+Version: 4.4.145 |
|
4 | 4 |
Release: 1%{?dist} |
5 | 5 |
License: GPLv2 |
6 | 6 |
URL: http://www.kernel.org/ |
... | ... |
@@ -8,7 +8,7 @@ Group: System Environment/Kernel |
8 | 8 |
Vendor: VMware, Inc. |
9 | 9 |
Distribution: Photon |
10 | 10 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
11 |
-%define sha1 linux=604bb959a569c7c94d18aa405dce3a6549c54179 |
|
11 |
+%define sha1 linux=453ad80ed24996f0b7700d84bf48d38eb0e53cc1 |
|
12 | 12 |
BuildArch: noarch |
13 | 13 |
# From SPECS/linux and used by linux-esx only |
14 | 14 |
# It provides f*xattrat syscalls |
... | ... |
@@ -29,6 +29,8 @@ find /%{buildroot}%{_includedir} \( -name .install -o -name ..install.cmd \) -de |
29 | 29 |
%defattr(-,root,root) |
30 | 30 |
%{_includedir}/* |
31 | 31 |
%changelog |
32 |
+* Mon Jul 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.145-1 |
|
33 |
+- Update to version 4.4.145 |
|
32 | 34 |
* Thu Jul 26 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.144-1 |
33 | 35 |
- Update to version 4.4.144 |
34 | 36 |
* Mon Jul 16 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.140-1 |
35 | 37 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,87 @@ |
0 |
+From 7e39d8ccbb0889c03ce6dc0dee0e63d78f37d0a9 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: Kees Cook <keescook@chromium.org> |
|
2 |
+Date: Fri, 20 Apr 2018 14:55:31 -0700 |
|
3 |
+Subject: [PATCH] fork: unconditionally clear stack on fork |
|
4 |
+ |
|
5 |
+commit e01e80634ecdde1dd113ac43b3adad21b47f3957 upstream. |
|
6 |
+ |
|
7 |
+One of the classes of kernel stack content leaks[1] is exposing the |
|
8 |
+contents of prior heap or stack contents when a new process stack is |
|
9 |
+allocated. Normally, those stacks are not zeroed, and the old contents |
|
10 |
+remain in place. In the face of stack content exposure flaws, those |
|
11 |
+contents can leak to userspace. |
|
12 |
+ |
|
13 |
+Fixing this will make the kernel no longer vulnerable to these flaws, as |
|
14 |
+the stack will be wiped each time a stack is assigned to a new process. |
|
15 |
+There's not a meaningful change in runtime performance; it almost looks |
|
16 |
+like it provides a benefit. |
|
17 |
+ |
|
18 |
+Performing back-to-back kernel builds before: |
|
19 |
+ Run times: 157.86 157.09 158.90 160.94 160.80 |
|
20 |
+ Mean: 159.12 |
|
21 |
+ Std Dev: 1.54 |
|
22 |
+ |
|
23 |
+and after: |
|
24 |
+ Run times: 159.31 157.34 156.71 158.15 160.81 |
|
25 |
+ Mean: 158.46 |
|
26 |
+ Std Dev: 1.46 |
|
27 |
+ |
|
28 |
+Instead of making this a build or runtime config, Andy Lutomirski |
|
29 |
+recommended this just be enabled by default. |
|
30 |
+ |
|
31 |
+[1] A noisy search for many kinds of stack content leaks can be seen here: |
|
32 |
+https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=linux+kernel+stack+leak |
|
33 |
+ |
|
34 |
+I did some more with perf and cycle counts on running 100,000 execs of |
|
35 |
+/bin/true. |
|
36 |
+ |
|
37 |
+before: |
|
38 |
+Cycles: 218858861551 218853036130 214727610969 227656844122 224980542841 |
|
39 |
+Mean: 221015379122.60 |
|
40 |
+Std Dev: 4662486552.47 |
|
41 |
+ |
|
42 |
+after: |
|
43 |
+Cycles: 213868945060 213119275204 211820169456 224426673259 225489986348 |
|
44 |
+Mean: 217745009865.40 |
|
45 |
+Std Dev: 5935559279.99 |
|
46 |
+ |
|
47 |
+It continues to look like it's faster, though the deviation is rather |
|
48 |
+wide, but I'm not sure what I could do that would be less noisy. I'm |
|
49 |
+open to ideas! |
|
50 |
+ |
|
51 |
+Link: http://lkml.kernel.org/r/20180221021659.GA37073@beast |
|
52 |
+Signed-off-by: Kees Cook <keescook@chromium.org> |
|
53 |
+Acked-by: Michal Hocko <mhocko@suse.com> |
|
54 |
+Reviewed-by: Andrew Morton <akpm@linux-foundation.org> |
|
55 |
+Cc: Andy Lutomirski <luto@kernel.org> |
|
56 |
+Cc: Laura Abbott <labbott@redhat.com> |
|
57 |
+Cc: Rasmus Villemoes <rasmus.villemoes@prevas.dk> |
|
58 |
+Cc: Mel Gorman <mgorman@techsingularity.net> |
|
59 |
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
|
60 |
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
|
61 |
+[ Srivatsa: Backported to 4.4.y ] |
|
62 |
+Signed-off-by: Srivatsa S. Bhat <srivatsa@csail.mit.edu> |
|
63 |
+--- |
|
64 |
+ include/linux/thread_info.h | 6 +----- |
|
65 |
+ 1 file changed, 1 insertion(+), 5 deletions(-) |
|
66 |
+ |
|
67 |
+diff --git a/include/linux/thread_info.h b/include/linux/thread_info.h |
|
68 |
+index ff307b5..646891f 100644 |
|
69 |
+--- a/include/linux/thread_info.h |
|
70 |
+@@ -55,11 +55,7 @@ extern long do_no_restart_syscall(struct restart_block *parm); |
|
71 |
+ |
|
72 |
+ #ifdef __KERNEL__ |
|
73 |
+ |
|
74 |
+-#ifdef CONFIG_DEBUG_STACK_USAGE |
|
75 |
+-# define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO) |
|
76 |
+-#else |
|
77 |
+-# define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK) |
|
78 |
+-#endif |
|
79 |
++#define THREADINFO_GFP (GFP_KERNEL | __GFP_NOTRACK | __GFP_ZERO) |
|
80 |
+ |
|
81 |
+ /* |
|
82 |
+ * flag set/clear/test wrappers |
|
83 |
+-- |
|
84 |
+2.7.4 |
|
85 |
+ |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux-esx |
4 |
-Version: 4.4.144 |
|
4 |
+Version: 4.4.145 |
|
5 | 5 |
Release: 1%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/linux-%{version}.tar.xz |
12 |
-%define sha1 linux=604bb959a569c7c94d18aa405dce3a6549c54179 |
|
12 |
+%define sha1 linux=453ad80ed24996f0b7700d84bf48d38eb0e53cc1 |
|
13 | 13 |
Source1: config-esx |
14 | 14 |
Patch0: double-tcp_mem-limits.patch |
15 | 15 |
Patch1: linux-4.4-sysctl-sched_weighted_cpuload_uses_rla.patch |
... | ... |
@@ -78,6 +78,8 @@ Patch65: 0154-udf-prevent-speculative-execution.patch |
78 | 78 |
Patch66: 0155-userns-prevent-speculative-execution.patch |
79 | 79 |
Patch67: 0169-x86-syscall-Clear-unused-extra-registers-on-syscall-.patch |
80 | 80 |
|
81 |
+Patch70: 0001-fork-unconditionally-clear-stack-on-fork.patch |
|
82 |
+ |
|
81 | 83 |
|
82 | 84 |
BuildRequires: bc |
83 | 85 |
BuildRequires: kbd |
... | ... |
@@ -173,6 +175,7 @@ The Linux package contains the Linux kernel doc files |
173 | 173 |
%patch66 -p1 |
174 | 174 |
%patch67 -p1 |
175 | 175 |
|
176 |
+%patch70 -p1 |
|
176 | 177 |
|
177 | 178 |
%build |
178 | 179 |
# patch vmw_balloon driver |
... | ... |
@@ -261,6 +264,8 @@ ln -sf linux-%{uname_r}.cfg /boot/photon.cfg |
261 | 261 |
/usr/src/linux-headers-%{uname_r} |
262 | 262 |
|
263 | 263 |
%changelog |
264 |
+* Mon Jul 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.145-1 |
|
265 |
+- Update to version 4.4.145 and clear stack on fork. |
|
264 | 266 |
* Thu Jul 26 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.144-1 |
265 | 267 |
- Update to version 4.4.144 and fix CVE-2018-10322 |
266 | 268 |
* Mon Jul 16 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.140-1 |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
%global security_hardening none |
2 | 2 |
Summary: Kernel |
3 | 3 |
Name: linux |
4 |
-Version: 4.4.144 |
|
4 |
+Version: 4.4.145 |
|
5 | 5 |
Release: 1%{?kat_build:.%kat_build}%{?dist} |
6 | 6 |
License: GPLv2 |
7 | 7 |
URL: http://www.kernel.org/ |
... | ... |
@@ -9,7 +9,7 @@ Group: System Environment/Kernel |
9 | 9 |
Vendor: VMware, Inc. |
10 | 10 |
Distribution: Photon |
11 | 11 |
Source0: http://www.kernel.org/pub/linux/kernel/v4.x/%{name}-%{version}.tar.xz |
12 |
-%define sha1 linux=604bb959a569c7c94d18aa405dce3a6549c54179 |
|
12 |
+%define sha1 linux=453ad80ed24996f0b7700d84bf48d38eb0e53cc1 |
|
13 | 13 |
Source1: config |
14 | 14 |
%define ena_version 1.1.3 |
15 | 15 |
Source2: https://github.com/amzn/amzn-drivers/archive/ena_linux_1.1.3.tar.gz |
... | ... |
@@ -78,6 +78,8 @@ Patch65: 0154-udf-prevent-speculative-execution.patch |
78 | 78 |
Patch66: 0155-userns-prevent-speculative-execution.patch |
79 | 79 |
Patch67: 0169-x86-syscall-Clear-unused-extra-registers-on-syscall-.patch |
80 | 80 |
|
81 |
+Patch70: 0001-fork-unconditionally-clear-stack-on-fork.patch |
|
82 |
+ |
|
81 | 83 |
|
82 | 84 |
%if 0%{?kat_build:1} |
83 | 85 |
Patch1000: %{kat_build}.patch |
... | ... |
@@ -205,6 +207,7 @@ This package contains the 'perf' performance analysis tools for Linux kernel. |
205 | 205 |
%patch66 -p1 |
206 | 206 |
%patch67 -p1 |
207 | 207 |
|
208 |
+%patch70 -p1 |
|
208 | 209 |
|
209 | 210 |
%if 0%{?kat_build:1} |
210 | 211 |
%patch1000 -p1 |
... | ... |
@@ -361,6 +364,8 @@ ln -sf %{name}-%{uname_r}.cfg /boot/photon.cfg |
361 | 361 |
/usr/share/perf-core |
362 | 362 |
|
363 | 363 |
%changelog |
364 |
+* Mon Jul 30 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.145-1 |
|
365 |
+- Update to version 4.4.145 and clear stack on fork. |
|
364 | 366 |
* Thu Jul 26 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.144-1 |
365 | 367 |
- Update to version 4.4.144 and fix CVE-2018-10322 |
366 | 368 |
* Mon Jul 16 2018 Srivatsa S. Bhat <srivatsa@csail.mit.edu> 4.4.140-1 |