[linux] 06/07: Update to 4.14.11
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Fri Jan 5 14:52:04 UTC 2018
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch sid
in repository linux.
commit 96dad8ed7e8df2be5a6ee2308c72c244ca68370d
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Fri Jan 5 12:46:27 2018 +0100
Update to 4.14.11
---
debian/changelog | 36 +++++++++-
...4-fix-for-a-race-condition-in-raw_sendmsg.patch | 70 --------------------
.../all/netlink-add-netns-check-on-taps.patch | 39 -----------
...eferrable-base-independent-of-base-nohz_a.patch | 76 ----------------------
...ke-timer_start_debug-where-it-makes-sense.patch | 45 -------------
.../all/rt/timekeeping-split-jiffies-lock.patch | 4 +-
.../patches/features/all/rt/x86-preempt-lazy.patch | 10 +--
debian/patches/series | 2 -
debian/patches/series-rt | 2 -
9 files changed, 42 insertions(+), 242 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 105b1a5..ca7220c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,43 @@
-linux (4.14.10-1) UNRELEASED; urgency=medium
+linux (4.14.11-1) UNRELEASED; urgency=medium
* New upstream stable update:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.9
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.10
+ https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11
+ - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
+ - x86/mm/pti: Disable global pages if PAGE_TABLE_ISOLATION=y
+ - x86/mm/pti: Prepare the x86/entry assembly code for entry/exit CR3
+ switching
+ - x86/mm/pti: Add infrastructure for page table isolation
+ - x86/pti: Add the pti= cmdline option and documentation
+ - x86/mm/pti: Add mapping helper functions
+ - x86/mm/pti: Allow NX poison to be set in p4d/pgd
+ - x86/mm/pti: Allocate a separate user PGD
+ - x86/mm/pti: Populate user PGD
+ - x86/mm/pti: Add functions to clone kernel PMDs
+ - x86/mm/pti: Force entry through trampoline when PTI active
+ - x86/mm/pti: Share cpu_entry_area with user space page tables
+ - x86/entry: Align entry text section to PMD boundary
+ - x86/mm/pti: Share entry text PMD
+ - x86/mm/pti: Map ESPFIX into user space
+ - x86/cpu_entry_area: Add debugstore entries to cpu_entry_area
+ - x86/events/intel/ds: Map debug buffers in cpu_entry_area
+ - x86/mm/64: Make a full PGD-entry size hole in the memory map
+ - x86/pti: Put the LDT in its own PGD if PTI is on
+ - x86/pti: Map the vsyscall page if needed
+ - x86/mm: Allow flushing for future ASID switches
+ - x86/mm: Abstract switching CR3
+ - x86/mm: Use/Fix PCID to optimize user/kernel switches
+ - x86/mm: Optimize RESTORE_CR3
+ - x86/mm: Use INVPCID for __native_flush_tlb_single()
+ - x86/mm: Clarify the whole ASID/kernel PCID/user PCID naming
+ - x86/dumpstack: Indicate in Oops whether PTI is configured and enabled
+ - x86/mm/pti: Add Kconfig
+ - net: Fix double free and memory corruption in get_net_ns_by_id()
+ (CVE-2017-15129)
+ * [amd64] Implement Kernel Page Table Isolation (KPTI, aka KAISER)
+ (CVE-2017-5754)
[ Ben Hutchings ]
* e1000e: Fix e1000_check_for_copper_link_ich8lan return value.
diff --git a/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch b/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
deleted file mode 100644
index 23ec669..0000000
--- a/debian/patches/bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
+++ /dev/null
@@ -1,70 +0,0 @@
-From: Mohamed Ghannam <simo.ghannam at gmail.com>
-Date: Sun, 10 Dec 2017 03:50:58 +0000
-Subject: net: ipv4: fix for a race condition in raw_sendmsg
-Origin: https://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17712
-
-inet->hdrincl is racy, and could lead to uninitialized stack pointer
-usage, so its value should be read only once.
-
-Fixes: c008ba5bdc9f ("ipv4: Avoid reading user iov twice after raw_probe_proto_opt")
-Signed-off-by: Mohamed Ghannam <simo.ghannam at gmail.com>
-Reviewed-by: Eric Dumazet <edumazet at google.com>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/ipv4/raw.c | 15 ++++++++++-----
- 1 file changed, 10 insertions(+), 5 deletions(-)
-
---- a/net/ipv4/raw.c
-+++ b/net/ipv4/raw.c
-@@ -513,11 +513,16 @@ static int raw_sendmsg(struct sock *sk,
- int err;
- struct ip_options_data opt_copy;
- struct raw_frag_vec rfv;
-+ int hdrincl;
-
- err = -EMSGSIZE;
- if (len > 0xFFFF)
- goto out;
-
-+ /* hdrincl should be READ_ONCE(inet->hdrincl)
-+ * but READ_ONCE() doesn't work with bit fields
-+ */
-+ hdrincl = inet->hdrincl;
- /*
- * Check the flags.
- */
-@@ -593,7 +598,7 @@ static int raw_sendmsg(struct sock *sk,
- /* Linux does not mangle headers on raw sockets,
- * so that IP options + IP_HDRINCL is non-sense.
- */
-- if (inet->hdrincl)
-+ if (hdrincl)
- goto done;
- if (ipc.opt->opt.srr) {
- if (!daddr)
-@@ -615,12 +620,12 @@ static int raw_sendmsg(struct sock *sk,
-
- flowi4_init_output(&fl4, ipc.oif, sk->sk_mark, tos,
- RT_SCOPE_UNIVERSE,
-- inet->hdrincl ? IPPROTO_RAW : sk->sk_protocol,
-+ hdrincl ? IPPROTO_RAW : sk->sk_protocol,
- inet_sk_flowi_flags(sk) |
-- (inet->hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
-+ (hdrincl ? FLOWI_FLAG_KNOWN_NH : 0),
- daddr, saddr, 0, 0, sk->sk_uid);
-
-- if (!inet->hdrincl) {
-+ if (!hdrincl) {
- rfv.msg = msg;
- rfv.hlen = 0;
-
-@@ -645,7 +650,7 @@ static int raw_sendmsg(struct sock *sk,
- goto do_confirm;
- back_from_confirm:
-
-- if (inet->hdrincl)
-+ if (hdrincl)
- err = raw_send_hdrinc(sk, &fl4, msg, len,
- &rt, msg->msg_flags, &ipc.sockc);
-
diff --git a/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch b/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch
deleted file mode 100644
index d037380..0000000
--- a/debian/patches/bugfix/all/netlink-add-netns-check-on-taps.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From: Kevin Cernekee <cernekee at chromium.org>
-Date: Wed, 6 Dec 2017 12:12:27 -0800
-Subject: netlink: Add netns check on taps
-Origin: https://git.kernel.org/linus/93c647643b48f0131f02e45da3bd367d80443291
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17449
-
-Currently, a nlmon link inside a child namespace can observe systemwide
-netlink activity. Filter the traffic so that nlmon can only sniff
-netlink messages from its own netns.
-
-Test case:
-
- vpnns -- bash -c "ip link add nlmon0 type nlmon; \
- ip link set nlmon0 up; \
- tcpdump -i nlmon0 -q -w /tmp/nlmon.pcap -U" &
- sudo ip xfrm state add src 10.1.1.1 dst 10.1.1.2 proto esp \
- spi 0x1 mode transport \
- auth sha1 0x6162633132330000000000000000000000000000 \
- enc aes 0x00000000000000000000000000000000
- grep --binary abc123 /tmp/nlmon.pcap
-
-Signed-off-by: Kevin Cernekee <cernekee at chromium.org>
-Signed-off-by: David S. Miller <davem at davemloft.net>
----
- net/netlink/af_netlink.c | 3 +++
- 1 file changed, 3 insertions(+)
-
---- a/net/netlink/af_netlink.c
-+++ b/net/netlink/af_netlink.c
-@@ -254,6 +254,9 @@ static int __netlink_deliver_tap_skb(str
- struct sock *sk = skb->sk;
- int ret = -ENOMEM;
-
-+ if (!net_eq(dev_net(dev), sock_net(sk)))
-+ return 0;
-+
- dev_hold(dev);
-
- if (is_vmalloc_addr(skb->head))
diff --git a/debian/patches/features/all/rt/0001-timer-Use-deferrable-base-independent-of-base-nohz_a.patch b/debian/patches/features/all/rt/0001-timer-Use-deferrable-base-independent-of-base-nohz_a.patch
deleted file mode 100644
index b1167e7..0000000
--- a/debian/patches/features/all/rt/0001-timer-Use-deferrable-base-independent-of-base-nohz_a.patch
+++ /dev/null
@@ -1,76 +0,0 @@
-From: Anna-Maria Gleixner <anna-maria at linutronix.de>
-Date: Fri, 22 Dec 2017 15:51:12 +0100
-Subject: [PATCH 1/4] timer: Use deferrable base independent of
- base::nohz_active
-Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.14/older/patches-4.14.8-rt9.tar.xz
-
-During boot and before base::nohz_active is set in the timer bases, deferrable
-timers are enqueued into the standard timer base. This works correctly as
-long as base::nohz_active is false.
-
-Once it base::nohz_active is set and a timer which was enqueued before that
-is accessed the lock selector code choses the lock of the deferred
-base. This causes unlocked access to the standard base and in case the
-timer is removed it does not clear the pending flag in the standard base
-bitmap which causes get_next_timer_interrupt() to return bogus values.
-
-To prevent that, the deferrable timers must be enqueued in the deferrable
-base, even when base::nohz_active is not set. Those deferrable timers also
-need to be expired unconditional.
-
-Fixes: 500462a9de65 ("timers: Switch to a non-cascading wheel")
-Signed-off-by: Anna-Maria Gleixner <anna-maria at linutronix.de>
-Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
-Cc: stable at vger.kernel.org
-Cc: rt at linutronix.de
-Signed-off-by: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
----
- kernel/time/timer.c | 16 +++++++---------
- 1 file changed, 7 insertions(+), 9 deletions(-)
-
-diff --git a/kernel/time/timer.c b/kernel/time/timer.c
-index f2674a056c26..fdfaf4f3bcfa 100644
---- a/kernel/time/timer.c
-+++ b/kernel/time/timer.c
-@@ -814,11 +814,10 @@ static inline struct timer_base *get_timer_cpu_base(u32 tflags, u32 cpu)
- struct timer_base *base = per_cpu_ptr(&timer_bases[BASE_STD], cpu);
-
- /*
-- * If the timer is deferrable and nohz is active then we need to use
-- * the deferrable base.
-+ * If the timer is deferrable and NO_HZ_COMMON is set then we need
-+ * to use the deferrable base.
- */
-- if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && base->nohz_active &&
-- (tflags & TIMER_DEFERRABLE))
-+ if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && (tflags & TIMER_DEFERRABLE))
- base = per_cpu_ptr(&timer_bases[BASE_DEF], cpu);
- return base;
- }
-@@ -828,11 +827,10 @@ static inline struct timer_base *get_timer_this_cpu_base(u32 tflags)
- struct timer_base *base = this_cpu_ptr(&timer_bases[BASE_STD]);
-
- /*
-- * If the timer is deferrable and nohz is active then we need to use
-- * the deferrable base.
-+ * If the timer is deferrable and NO_HZ_COMMON is set then we need
-+ * to use the deferrable base.
- */
-- if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && base->nohz_active &&
-- (tflags & TIMER_DEFERRABLE))
-+ if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && (tflags & TIMER_DEFERRABLE))
- base = this_cpu_ptr(&timer_bases[BASE_DEF]);
- return base;
- }
-@@ -1644,7 +1642,7 @@ static __latent_entropy void run_timer_softirq(struct softirq_action *h)
- base->must_forward_clk = false;
-
- __run_timers(base);
-- if (IS_ENABLED(CONFIG_NO_HZ_COMMON) && base->nohz_active)
-+ if (IS_ENABLED(CONFIG_NO_HZ_COMMON))
- __run_timers(this_cpu_ptr(&timer_bases[BASE_DEF]));
- }
-
---
-2.15.1
-
diff --git a/debian/patches/features/all/rt/0003-timer-Invoke-timer_start_debug-where-it-makes-sense.patch b/debian/patches/features/all/rt/0003-timer-Invoke-timer_start_debug-where-it-makes-sense.patch
deleted file mode 100644
index 896a46d..0000000
--- a/debian/patches/features/all/rt/0003-timer-Invoke-timer_start_debug-where-it-makes-sense.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From: Thomas Gleixner <tglx at linutronix.de>
-Date: Fri, 22 Dec 2017 15:51:14 +0100
-Subject: [PATCH 3/4] timer: Invoke timer_start_debug() where it makes sense
-Origin: https://www.kernel.org/pub/linux/kernel/projects/rt/4.14/older/patches-4.14.8-rt9.tar.xz
-
-The timer start debug function is called before the proper timer base is
-set. As a consequence the trace data contains the stale CPU and flags
-values.
-
-Call the debug function after setting the new base and flags.
-
-Fixes: 500462a9de65 ("timers: Switch to a non-cascading wheel")
-Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
-Cc: stable at vger.kernel.org
-Cc: rt at linutronix.de
-Signed-off-by: Sebastian Andrzej Siewior <bigeasy at linutronix.de>
----
- kernel/time/timer.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/kernel/time/timer.c b/kernel/time/timer.c
-index fdfaf4f3bcfa..a4d095e1010e 100644
---- a/kernel/time/timer.c
-+++ b/kernel/time/timer.c
-@@ -982,8 +982,6 @@ __mod_timer(struct timer_list *timer, unsigned long expires, bool pending_only)
- if (!ret && pending_only)
- goto out_unlock;
-
-- debug_activate(timer, expires);
--
- new_base = get_target_base(base, timer->flags);
-
- if (base != new_base) {
-@@ -1007,6 +1005,8 @@ __mod_timer(struct timer_list *timer, unsigned long expires, bool pending_only)
- }
- }
-
-+ debug_activate(timer, expires);
-+
- timer->expires = expires;
- /*
- * If 'idx' was calculated above and the base time did not advance
---
-2.15.1
-
diff --git a/debian/patches/features/all/rt/timekeeping-split-jiffies-lock.patch b/debian/patches/features/all/rt/timekeeping-split-jiffies-lock.patch
index db46aff..52e246c 100644
--- a/debian/patches/features/all/rt/timekeeping-split-jiffies-lock.patch
+++ b/debian/patches/features/all/rt/timekeeping-split-jiffies-lock.patch
@@ -115,7 +115,7 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
return period;
}
-@@ -684,10 +689,10 @@ static ktime_t tick_nohz_stop_sched_tick
+@@ -689,10 +694,10 @@ static ktime_t tick_nohz_stop_sched_tick
/* Read jiffies and the time when jiffies were updated last */
do {
@@ -127,7 +127,7 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
+ } while (read_seqcount_retry(&jiffies_seq, seq));
ts->last_jiffies = basejiff;
- if (rcu_needs_cpu(basemono, &next_rcu) ||
+ /*
--- a/kernel/time/timekeeping.c
+++ b/kernel/time/timekeeping.c
@@ -2326,8 +2326,10 @@ EXPORT_SYMBOL(hardpps);
diff --git a/debian/patches/features/all/rt/x86-preempt-lazy.patch b/debian/patches/features/all/rt/x86-preempt-lazy.patch
index 89009c6..cd1c7ee 100644
--- a/debian/patches/features/all/rt/x86-preempt-lazy.patch
+++ b/debian/patches/features/all/rt/x86-preempt-lazy.patch
@@ -76,7 +76,7 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
call preempt_schedule_irq
--- a/arch/x86/entry/entry_64.S
+++ b/arch/x86/entry/entry_64.S
-@@ -750,7 +750,23 @@ retint_kernel:
+@@ -761,7 +761,23 @@ retint_kernel:
bt $9, EFLAGS(%rsp) /* were interrupts off? */
jnc 1f
0: cmpl $0, PER_CPU_VAR(__preempt_count)
@@ -205,7 +205,7 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
/*
--- a/arch/x86/kernel/asm-offsets.c
+++ b/arch/x86/kernel/asm-offsets.c
-@@ -37,6 +37,7 @@ void common(void) {
+@@ -38,6 +38,7 @@ void common(void) {
BLANK();
OFFSET(TASK_TI_flags, task_struct, thread_info.flags);
@@ -213,11 +213,11 @@ Signed-off-by: Thomas Gleixner <tglx at linutronix.de>
OFFSET(TASK_addr_limit, task_struct, thread.addr_limit);
BLANK();
-@@ -93,6 +94,7 @@ void common(void) {
+@@ -94,6 +95,7 @@ void common(void) {
BLANK();
DEFINE(PTREGS_SIZE, sizeof(struct pt_regs));
+ DEFINE(_PREEMPT_ENABLED, PREEMPT_ENABLED);
- /* Layout info for cpu_entry_area */
- OFFSET(CPU_ENTRY_AREA_tss, cpu_entry_area, tss);
+ /* TLB state for the entry code */
+ OFFSET(TLB_STATE_user_pcid_flush_mask, tlb_state, user_pcid_flush_mask);
diff --git a/debian/patches/series b/debian/patches/series
index efad900..cd8f5cc 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -119,9 +119,7 @@ features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
bugfix/all/dccp-cve-2017-8824-use-after-free-in-dccp-code.patch
bugfix/all/netfilter-nfnetlink_cthelper-add-missing-permission-.patch
-bugfix/all/netlink-add-netns-check-on-taps.patch
bugfix/all/netfilter-xt_osf-add-missing-permission-checks.patch
-bugfix/all/net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch
bugfix/all/media-dvb-usb-v2-lmedm04-Improve-logic-checking-of-w.patch
bugfix/all/media-dvb-usb-v2-lmedm04-move-ts2020-attach-to-dm04_.patch
bugfix/all/media-hdpvr-fix-an-error-handling-path-in-hdpvr_prob.patch
diff --git a/debian/patches/series-rt b/debian/patches/series-rt
index a4a2793..31c5232 100644
--- a/debian/patches/series-rt
+++ b/debian/patches/series-rt
@@ -16,9 +16,7 @@ features/all/rt/rcu-Suppress-lockdep-false-positive-boost_mtx-compla.patch
############################################################
# Timer/NOHZ fixups
-features/all/rt/0001-timer-Use-deferrable-base-independent-of-base-nohz_a.patch
features/all/rt/0002-nohz-Prevent-erroneous-tick-stop-invocations.patch
-features/all/rt/0003-timer-Invoke-timer_start_debug-where-it-makes-sense.patch
features/all/rt/0004-timerqueue-Document-return-values-of-timerqueue_add-.patch
# soft hrtimer patches (v4)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list