[linux] 06/07: Update to 4.14.11

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Fri Jan 5 14:52:04 UTC 2018 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch sid
in repository linux.

commit 96dad8ed7e8df2be5a6ee2308c72c244ca68370d
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Fri Jan 5 12:46:27 2018 +0100

    Update to 4.14.11
---
 debian/changelog                                   | 36 +++++++++-
 ...4-fix-for-a-race-condition-in-raw_sendmsg.patch | 70 --------------------
 .../all/netlink-add-netns-check-on-taps.patch      | 39 -----------
 ...eferrable-base-independent-of-base-nohz_a.patch | 76 ----------------------
 ...ke-timer_start_debug-where-it-makes-sense.patch | 45 -------------
 .../all/rt/timekeeping-split-jiffies-lock.patch    |  4 +-
 .../patches/features/all/rt/x86-preempt-lazy.patch | 10 +--
 debian/patches/series                              |  2 -
 debian/patches/series-rt                           |  2 -
 9 files changed, 42 insertions(+), 242 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 105b1a5..ca7220c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,43 @@
-linux (4.14.10-1) UNRELEASED; urgency=medium
+linux (4.14.11-1) UNRELEASED; urgency=medium
 
   * New upstream stable update:
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.9
     https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.10
+    https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11
+    - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
+    - x86/mm/pti: Disable global pages if PAGE_TABLE_ISOLATION=y
+    - x86/mm/pti: Prepare the x86/entry assembly code for entry/exit CR3
+      switching
+    - x86/mm/pti: Add infrastructure for page table isolation
+    - x86/pti: Add the pti= cmdline option and documentation
+    - x86/mm/pti: Add mapping helper functions
+    - x86/mm/pti: Allow NX poison to be set in p4d/pgd
+    - x86/mm/pti: Allocate a separate user PGD
+    - x86/mm/pti: Populate user PGD
+    - x86/mm/pti: Add functions to clone kernel PMDs
+    - x86/mm/pti: Force entry through trampoline when PTI active
+    - x86/mm/pti: Share cpu_entry_area with user space page tables
+    - x86/entry: Align entry text section to PMD boundary
+    - x86/mm/pti: Share entry text PMD
+    - x86/mm/pti: Map ESPFIX into user space
+    - x86/cpu_entry_area: Add debugstore entries to cpu_entry_area
+    - x86/events/intel/ds: Map debug buffers in cpu_entry_area
+    - x86/mm/64: Make a full PGD-entry size hole in the memory map
+    - x86/pti: Put the LDT in its own PGD if PTI is on
+    - x86/pti: Map the vsyscall page if needed
+    - x86/mm: Allow flushing for future ASID switches
+    - x86/mm: Abstract switching CR3
+    - x86/mm: Use/Fix PCID to optimize user/kernel switches
+    - x86/mm: Optimize RESTORE_CR3
+    - x86/mm: Use INVPCID for __native_flush_tlb_single()
+    - x86/mm: Clarify the whole ASID/kernel PCID/user PCID naming
+    - x86/dumpstack: Indicate in Oops whether PTI is configured and enabled
+    - x86/mm/pti: Add Kconfig
+    - net: Fix double free and memory corruption in get_net_ns_by_id()
+      (CVE-2017-15129)
+  * [amd64] Implement Kernel Page Table Isolation (KPTI, aka KAISER)
+    (CVE-2017-5754)
 
   [ Ben Hutchings ]
   * e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
diff --git a/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch b/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
deleted file mode 100644
index 23ec669..0000000
--- a/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From: Mohamed Ghannam <simo.ghannam at gmail.com>
-Date: Sun, 10 Dec 2017 03:50:58 +0000
-Subject: net: ipv4: fix for a race condition in raw_sendmsg
-Origin: https://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17712
-
-inet->hdrincl is racy, and could lead to uninitialized stack pointer
-usage, so its value should be read only once.
-
-Fixes: c008ba5bdc9f ("ipv4: Avoid reading user iov twice after raw_probe_proto_opt")
-Signed-off-by: Mohamed Ghannam <simo.ghannam at gmail.com>
-Reviewed-by: Eric Dumazet <edumazet at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/ipv4/raw.c | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
---- a/net/ipv4/raw.c
-+++ b/net/ipv4/raw.c
-@@ -513,11 +513,16 @@ static int raw_sendmsg(struct sock *sk,
- 	int err;
- 	struct ip_options_data opt_copy;
- 	struct raw_frag_vec rfv;
-+	int hdrincl;
- 
- 	err = -EMSGSIZE;
- 	if (len > 0xFFFF)
- 		goto out;
- 
-+	/* hdrincl should be READ_ONCE(inet->hdrincl)
-+	 * but READ_ONCE() doesn't work with bit fields
-+	 */
-+	hdrincl = inet->hdrincl;
- 	/*
- 	 *	Check the flags.
- 	 */
-@@ -593,7 +598,7 @@ static int raw_sendmsg(struct sock *sk,
- 		/* Linux does not mangle headers on raw sockets,
- 		 * so that IP options + IP_HDRINCL is non-sense.
- 		 */
--		if (inet->hdrincl)
-+		if (hdrincl)
- 			goto done;
- 		if (ipc.opt->opt.srr) {
- 			if (!daddr)
-@@ -615,12 +620,12 @@ static int raw_sendmsg(struct sock *sk,
- 
- 	flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos,
- 			   RT_SCOPE_UNIVERSE,
--			   inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
-+			   hdrincl ? IPPROTO_RAW : sk->sk_protocol,
- 			   inet_sk_flowi_flags(sk) |
--			    (inet->hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
-+			    (hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
- 			   daddr, saddr, 0, 0, sk->sk_uid);
- 
--	if (!inet->hdrincl) {
-+	if (!hdrincl) {
- 		rfv.msg = msg;
- 		rfv.hlen = 0;
- 
-@@ -645,7 +650,7 @@ static int raw_sendmsg(struct sock *sk,
- 		goto do_confirm;
- back_from_confirm:
- 
--	if (inet->hdrincl)
-+	if (hdrincl)
- 		err = raw_send_hdrinc(sk, &fl4, msg, len,
- 				      &rt, msg->msg_flags, &ipc.sockc);
- 
diff --git a/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch b/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch
deleted file mode 100644
index d037380..0000000
--- a/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: Kevin Cernekee <cernekee at chromium.org>
-Date: Wed, 6 Dec 2017 12:12:27 -0800
-Subject: netlink: Add netns check on taps
-Origin: https://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17449
-
-Currently, a nlmon link inside a child namespace can observe systemwide
-netlink activity.  Filter the traffic so that nlmon can only sniff
-netlink messages from its own netns.
-
-Test case:
-
-    vpnns -- bash -c "ip link add nlmon0 type nlmon; \
-                      ip link set nlmon0 up; \
-                      tcpdump -i nlmon0 -q -w /tmp/nlmon.pcap -U" &
-    sudo ip xfrm state add src 10.1.1.1 dst 10.1.1.2 proto esp \
-        spi 0x1 mode transport \
-        auth sha1 0x6162633132330000000000000000000000000000 \
-        enc aes 0x00000000000000000000000000000000
-    grep --binary abc123 /tmp/nlmon.pcap
-
-Signed-off-by: Kevin Cernekee <cernekee at chromium.org>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/netlink/af_netlink.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/net/netlink/af_netlink.c
-+++ b/net/netlink/af_netlink.c
-@@ -254,6 +254,9 @@ static int __netlink_deliver_tap_skb(str
- 	struct sock *sk = skb->sk;
- 	int ret = -ENOMEM;
- 
-+	if (!net_eq(dev_net(dev), sock_net(sk)))
-+		return 0;
-+
- 	dev_hold(dev);
- 
- 	if (is_vmalloc_addr(skb->head))
diff --git a/debian/patches/features/all/rt/0001-timer-Use-deferrable-base-independent-of-base-nohz_a.patch b/debian/patches/features/all/rt/0001-timer-Use-deferrable-base-independent-of-base-nohz_a.patch
deleted file mode 100644
index b1167e7..0000000
--- a/debian/patches/features/all/rt/0001-timer-Use-deferrable-base-independent-of-base-nohz_a.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From: Anna-Maria Gleixner <anna-maria at linutronix.de>
-Date: Fri, 22 Dec 2017 15:51:12 +0100
-Subject: [PATCH 1/4] timer: Use deferrable base independent of
- base::nohz_active
-Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.14/older/patches-4.14.8-rt9.tar.xz
-
-During boot and before base::nohz_active is set in the timer bases, deferrable
-timers are enqueued into the standard timer base. This works correctly as
-long as base::nohz_active is false.
-
-Once it base::nohz_active is set and a timer which was enqueued before that
-is accessed the lock selector code choses the lock of the deferred
-base. This causes unlocked access to the standard base and in case the
-timer is removed it does not clear the pending flag in the standard base
-bitmap which causes get_next_timer_interrupt() to return bogus values.
-
-To prevent that, the deferrable timers must be enqueued in the deferrable
-base, even when base::nohz_active is not set. Those deferrable timers also
-need to be expired unconditional.
-
-Fixes: 500462a9de65 ("timers: Switch to a non-cascading wheel")
-Signed-off-by: Anna-Maria Gleixner <anna-maria at linutronix.de>
-Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
-Cc: stable at vger.kernel.org
-Cc: rt at linutronix.de
-Signed-off-by: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
----
- kernel/time/timer.c | 16 +++++++---------
- 1 file changed, 7 insertions(+), 9 deletions(-)
-
-diff --git a/kernel/time/timer.c b/kernel/time/timer.c
-index f2674a056c26..fdfaf4f3bcfa 100644
---- a/kernel/time/timer.c
-+++ b/kernel/time/timer.c
-@@ -814,11 +814,10 @@ static inline struct timer_base *get_timer_cpu_base(u32 tflags, u32 cpu)
- 	struct timer_base *base = per_cpu_ptr(&timer_bases[BASE_STD], cpu);
- 
- 	/*
--	 * If the timer is deferrable and nohz is active then we need to use
--	 * the deferrable base.
-+	 * If the timer is deferrable and NO_HZ_COMMON is set then we need
-+	 * to use the deferrable base.
- 	 */
--	if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && base->nohz_active &&
--	    (tflags & TIMER_DEFERRABLE))
-+	if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && (tflags & TIMER_DEFERRABLE))
- 		base = per_cpu_ptr(&timer_bases[BASE_DEF], cpu);
- 	return base;
- }
-@@ -828,11 +827,10 @@ static inline struct timer_base *get_timer_this_cpu_base(u32 tflags)
- 	struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]);
- 
- 	/*
--	 * If the timer is deferrable and nohz is active then we need to use
--	 * the deferrable base.
-+	 * If the timer is deferrable and NO_HZ_COMMON is set then we need
-+	 * to use the deferrable base.
- 	 */
--	if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && base->nohz_active &&
--	    (tflags & TIMER_DEFERRABLE))
-+	if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && (tflags & TIMER_DEFERRABLE))
- 		base = this_cpu_ptr(&timer_bases[BASE_DEF]);
- 	return base;
- }
-@@ -1644,7 +1642,7 @@ static __latent_entropy void run_timer_softirq(struct softirq_action *h)
- 	base->must_forward_clk = false;
- 
- 	__run_timers(base);
--	if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && base->nohz_active)
-+	if (IS_ENABLED(CONFIG_NO_HZ_COMMON))
- 		__run_timers(this_cpu_ptr(&timer_bases[BASE_DEF]));
- }
- 
--- 
-2.15.1
-
diff --git a/debian/patches/features/all/rt/0003-timer-Invoke-timer_start_debug-where-it-makes-sense.patch b/debian/patches/features/all/rt/0003-timer-Invoke-timer_start_debug-where-it-makes-sense.patch
deleted file mode 100644
index 896a46d..0000000
--- a/debian/patches/features/all/rt/0003-timer-Invoke-timer_start_debug-where-it-makes-sense.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From: Thomas Gleixner <tglx at linutronix.de>
-Date: Fri, 22 Dec 2017 15:51:14 +0100
-Subject: [PATCH 3/4] timer: Invoke timer_start_debug() where it makes sense
-Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.14/older/patches-4.14.8-rt9.tar.xz
-
-The timer start debug function is called before the proper timer base is
-set. As a consequence the trace data contains the stale CPU and flags
-values.
-
-Call the debug function after setting the new base and flags.
-
-Fixes: 500462a9de65 ("timers: Switch to a non-cascading wheel")
-Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
-Cc: stable at vger.kernel.org
-Cc: rt at linutronix.de
-Signed-off-by: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
----
- kernel/time/timer.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/kernel/time/timer.c b/kernel/time/timer.c
-index fdfaf4f3bcfa..a4d095e1010e 100644
---- a/kernel/time/timer.c
-+++ b/kernel/time/timer.c
-@@ -982,8 +982,6 @@ __mod_timer(struct timer_list *timer, unsigned long expires, bool pending_only)
- 	if (!ret && pending_only)
- 		goto out_unlock;
- 
--	debug_activate(timer, expires);
--
- 	new_base = get_target_base(base, timer->flags);
- 
- 	if (base != new_base) {
-@@ -1007,6 +1005,8 @@ __mod_timer(struct timer_list *timer, unsigned long expires, bool pending_only)
- 		}
- 	}
- 
-+	debug_activate(timer, expires);
-+
- 	timer->expires = expires;
- 	/*
- 	 * If 'idx' was calculated above and the base time did not advance
--- 
-2.15.1
-
diff --git a/debian/patches/features/all/rt/timekeeping-split-jiffies-lock.patch b/debian/patches/features/all/rt/timekeeping-split-jiffies-lock.patch
index db46aff..52e246c 100644
--- a/debian/patches/features/all/rt/timekeeping-split-jiffies-lock.patch
+++ b/debian/patches/features/all/rt/timekeeping-split-jiffies-lock.patch
@@ -115,7 +115,7 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
  	return period;
  }
  
-@@ -684,10 +689,10 @@ static ktime_t tick_nohz_stop_sched_tick
+@@ -689,10 +694,10 @@ static ktime_t tick_nohz_stop_sched_tick
  
  	/* Read jiffies and the time when jiffies were updated last */
  	do {
@@ -127,7 +127,7 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
 +	} while (read_seqcount_retry(&jiffies_seq, seq));
  	ts->last_jiffies = basejiff;
  
- 	if (rcu_needs_cpu(basemono, &next_rcu) ||
+ 	/*
 --- a/kernel/time/timekeeping.c
 +++ b/kernel/time/timekeeping.c
 @@ -2326,8 +2326,10 @@ EXPORT_SYMBOL(hardpps);
diff --git a/debian/patches/features/all/rt/x86-preempt-lazy.patch b/debian/patches/features/all/rt/x86-preempt-lazy.patch
index 89009c6..cd1c7ee 100644
--- a/debian/patches/features/all/rt/x86-preempt-lazy.patch
+++ b/debian/patches/features/all/rt/x86-preempt-lazy.patch
@@ -76,7 +76,7 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
  	call	preempt_schedule_irq
 --- a/arch/x86/entry/entry_64.S
 +++ b/arch/x86/entry/entry_64.S
-@@ -750,7 +750,23 @@ retint_kernel:
+@@ -761,7 +761,23 @@ retint_kernel:
  	bt	$9, EFLAGS(%rsp)		/* were interrupts off? */
  	jnc	1f
  0:	cmpl	$0, PER_CPU_VAR(__preempt_count)
@@ -205,7 +205,7 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
  /*
 --- a/arch/x86/kernel/asm-offsets.c
 +++ b/arch/x86/kernel/asm-offsets.c
-@@ -37,6 +37,7 @@ void common(void) {
+@@ -38,6 +38,7 @@ void common(void) {
  
  	BLANK();
  	OFFSET(TASK_TI_flags, task_struct, thread_info.flags);
@@ -213,11 +213,11 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
  	OFFSET(TASK_addr_limit, task_struct, thread.addr_limit);
  
  	BLANK();
-@@ -93,6 +94,7 @@ void common(void) {
+@@ -94,6 +95,7 @@ void common(void) {
  
  	BLANK();
  	DEFINE(PTREGS_SIZE, sizeof(struct pt_regs));
 +	DEFINE(_PREEMPT_ENABLED, PREEMPT_ENABLED);
  
- 	/* Layout info for cpu_entry_area */
- 	OFFSET(CPU_ENTRY_AREA_tss, cpu_entry_area, tss);
+ 	/* TLB state for the entry code */
+ 	OFFSET(TLB_STATE_user_pcid_flush_mask, tlb_state, user_pcid_flush_mask);
diff --git a/debian/patches/series b/debian/patches/series
index efad900..cd8f5cc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -119,9 +119,7 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
 bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch
 bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch
-bugfix/all/netlink-add-netns-check-on-taps.patch
 bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch
-bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
 bugfix/all/media-dvb-usb-v2-lmedm04-Improve-logic-checking-of-w.patch
 bugfix/all/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_.patch
 bugfix/all/media-hdpvr-fix-an-error-handling-path-in-hdpvr_prob.patch
diff --git a/debian/patches/series-rt b/debian/patches/series-rt
index a4a2793..31c5232 100644
--- a/debian/patches/series-rt
+++ b/debian/patches/series-rt
@@ -16,9 +16,7 @@ features/all/rt/rcu-Suppress-lockdep-false-positive-boost_mtx-compla.patch
 ############################################################
 
 # Timer/NOHZ fixups
-features/all/rt/0001-timer-Use-deferrable-base-independent-of-base-nohz_a.patch
 features/all/rt/0002-nohz-Prevent-erroneous-tick-stop-invocations.patch
-features/all/rt/0003-timer-Invoke-timer_start_debug-where-it-makes-sense.patch
 features/all/rt/0004-timerqueue-Document-return-values-of-timerqueue_add-.patch
 
 # soft hrtimer patches (v4)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list