4.14.12-1

2018-01-05 22:24:00 +00:00 · 2018-01-05 22:24:00 +00:00 · ed8f0b123d
commit ed8f0b123d
parent 540a56c51a
9 changed files with 80 additions and 157 deletions
--- a/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
+++ b/0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
@ -1,8 +1,8 @@
-From fb89d912d5f7289d3a922c77b671e36e1c740f5e Mon Sep 17 00:00:00 2001
-Message-Id: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
+From 0b716bdb952b678d9bb5eb32198dbc82ec492df2 Mon Sep 17 00:00:00 2001
+Message-Id: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
 From: Serge Hallyn <serge.hallyn@canonical.com>
 Date: Fri, 31 May 2013 19:12:12 +0100
-Subject: [PATCH 1/7] add sysctl to disallow unprivileged CLONE_NEWUSER by
+Subject: [PATCH 1/6] add sysctl to disallow unprivileged CLONE_NEWUSER by
 default

 Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
--- a/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
+++ b/0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
@ -1,10 +1,10 @@
-From 8c6956686606b9c3661e74a410c8cb2fc276c5ee Mon Sep 17 00:00:00 2001
-Message-Id: <8c6956686606b9c3661e74a410c8cb2fc276c5ee.1514959852.git.jan.steffens@gmail.com>
-In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
+From e6a5e05524563626d14c1745619e37e79cb5a3a7 Mon Sep 17 00:00:00 2001
+Message-Id: <e6a5e05524563626d14c1745619e37e79cb5a3a7.1515173964.git.jan.steffens@gmail.com>
+In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
 From: Benjamin Poirier <bpoirier@suse.com>
 Date: Mon, 11 Dec 2017 16:26:40 +0900
-Subject: [PATCH 2/7] e1000e: Fix e1000_check_for_copper_link_ich8lan return
+Subject: [PATCH 2/6] e1000e: Fix e1000_check_for_copper_link_ich8lan return
 value.

 e1000e_check_for_copper_link() and e1000_check_for_copper_link_ich8lan()
--- a/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
+++ b/0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
@ -1,10 +1,10 @@
-From b81e273fb227373a2951c7256ab11a87d5333a9d Mon Sep 17 00:00:00 2001
-Message-Id: <b81e273fb227373a2951c7256ab11a87d5333a9d.1514959852.git.jan.steffens@gmail.com>
-In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
+From e3fff011db7dd80d53b6bda48bcf2313918aa7a8 Mon Sep 17 00:00:00 2001
+Message-Id: <e3fff011db7dd80d53b6bda48bcf2313918aa7a8.1515173964.git.jan.steffens@gmail.com>
+In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
 From: Mohamed Ghannam <simo.ghannam@gmail.com>
 Date: Tue, 5 Dec 2017 20:58:35 +0000
-Subject: [PATCH 3/7] dccp: CVE-2017-8824: use-after-free in DCCP code
+Subject: [PATCH 3/6] dccp: CVE-2017-8824: use-after-free in DCCP code

 Whenever the sock object is in DCCP_CLOSED state,
 dccp_disconnect() must free dccps_hc_tx_ccid and
--- a/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
+++ b/0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
@ -1,74 +0,0 @@
-From d03c0ef520f40c6de691c37e0f168c87b3423015 Mon Sep 17 00:00:00 2001
-Message-Id: <d03c0ef520f40c6de691c37e0f168c87b3423015.1514959852.git.jan.steffens@gmail.com>
-In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-From: Steffen Klassert <steffen.klassert@secunet.com>
-Date: Wed, 15 Nov 2017 06:40:57 +0100
-Subject: [PATCH 4/7] Revert "xfrm: Fix stack-out-of-bounds read in
- xfrm_state_find."
-
-This reverts commit c9f3f813d462c72dbe412cee6a5cbacf13c4ad5e.
-
-This commit breaks transport mode when the policy template
-has widlcard addresses configured, so revert it.
-
-Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
---
- net/xfrm/xfrm_policy.c | 29 ++++++++++++++++++-----------
- 1 file changed, 18 insertions(+), 11 deletions(-)
-
-diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
-index 2a6093840e7e856e..6bc16bb61b5533ef 100644
--- a/net/xfrm/xfrm_policy.c
-+++ b/net/xfrm/xfrm_policy.c
-@@ -1362,29 +1362,36 @@ xfrm_tmpl_resolve_one(struct xfrm_policy *policy, const struct flowi *fl,
- 	struct net *net = xp_net(policy);
- 	int nx;
- 	int i, error;
-+	xfrm_address_t *daddr = xfrm_flowi_daddr(fl, family);
-+	xfrm_address_t *saddr = xfrm_flowi_saddr(fl, family);
- 	xfrm_address_t tmp;
- 
- 	for (nx = 0, i = 0; i < policy->xfrm_nr; i++) {
- 		struct xfrm_state *x;
-		xfrm_address_t *local;
-		xfrm_address_t *remote;
-+		xfrm_address_t *remote = daddr;
-+		xfrm_address_t *local  = saddr;
- 		struct xfrm_tmpl *tmpl = &policy->xfrm_vec[i];
- 
-		remote = &tmpl->id.daddr;
-		local = &tmpl->saddr;
-		if (xfrm_addr_any(local, tmpl->encap_family)) {
-			error = xfrm_get_saddr(net, fl->flowi_oif,
-					       &tmp, remote,
-					       tmpl->encap_family, 0);
-			if (error)
-				goto fail;
-			local = &tmp;
-+		if (tmpl->mode == XFRM_MODE_TUNNEL ||
-+		    tmpl->mode == XFRM_MODE_BEET) {
-+			remote = &tmpl->id.daddr;
-+			local = &tmpl->saddr;
-+			if (xfrm_addr_any(local, tmpl->encap_family)) {
-+				error = xfrm_get_saddr(net, fl->flowi_oif,
-+						       &tmp, remote,
-+						       tmpl->encap_family, 0);
-+				if (error)
-+					goto fail;
-+				local = &tmp;
-+			}
- 		}
- 
- 		x = xfrm_state_find(remote, local, fl, tmpl, policy, &error, family);
- 
- 		if (x && x->km.state == XFRM_STATE_VALID) {
- 			xfrm[nx++] = x;
-+			daddr = remote;
-+			saddr = local;
- 			continue;
- 		}
- 		if (x) {
-- 
-2.15.1
-
--- a/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+++ b/0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
@ -1,10 +1,10 @@
-From 3721d64246982f91a5bf863fc17ac60ff722e0c4 Mon Sep 17 00:00:00 2001
-Message-Id: <3721d64246982f91a5bf863fc17ac60ff722e0c4.1514959852.git.jan.steffens@gmail.com>
-In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
+From 5a11be3bab2dcd6fe061206662969c4cea46988f Mon Sep 17 00:00:00 2001
+Message-Id: <5a11be3bab2dcd6fe061206662969c4cea46988f.1515173964.git.jan.steffens@gmail.com>
+In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
 From: Steffen Klassert <steffen.klassert@secunet.com>
 Date: Fri, 22 Dec 2017 10:44:57 +0100
-Subject: [PATCH 5/7] xfrm: Fix stack-out-of-bounds read on socket policy
+Subject: [PATCH 4/6] xfrm: Fix stack-out-of-bounds read on socket policy
 lookup.

 When we do tunnel or beet mode, we pass saddr and daddr from the
--- a/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+++ b/0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
@ -1,10 +1,10 @@
-From a79cb4d4e540c72a601ca0494e914565c16e2893 Mon Sep 17 00:00:00 2001
-Message-Id: <a79cb4d4e540c72a601ca0494e914565c16e2893.1514959852.git.jan.steffens@gmail.com>
-In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
+From eadda028a73a567edd8462ccd0e8c28e023cde28 Mon Sep 17 00:00:00 2001
+Message-Id: <eadda028a73a567edd8462ccd0e8c28e023cde28.1515173964.git.jan.steffens@gmail.com>
+In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
 From: Tejun Heo <tj@kernel.org>
 Date: Wed, 20 Dec 2017 07:09:19 -0800
-Subject: [PATCH 6/7] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC
+Subject: [PATCH 5/6] cgroup: fix css_task_iter crash on CSS_TASK_ITER_PROC

 While teaching css_task_iter to handle skipping over tasks which
 aren't group leaders, bc2fb7ed089f ("cgroup: add @flags to
--- a/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
+++ b/0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
@ -0,0 +1,42 @@
+From cf45be4971bdd769c09e2a11db483510cd0bcc5f Mon Sep 17 00:00:00 2001
+Message-Id: <cf45be4971bdd769c09e2a11db483510cd0bcc5f.1515173964.git.jan.steffens@gmail.com>
+In-Reply-To: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+References: <0b716bdb952b678d9bb5eb32198dbc82ec492df2.1515173964.git.jan.steffens@gmail.com>
+From: Jim Bride <jim.bride@linux.intel.com>
+Date: Mon, 6 Nov 2017 13:38:57 -0800
+Subject: [PATCH 6/6] drm/i915/edp: Only use the alternate fixed mode if it's
+ asked for
+
+In commit dc911f5bd8aa ("drm/i915/edp: Allow alternate fixed mode for
+eDP if available."), the patch allows for the use of an alternate fixed
+mode if it is available, but the patch was not ensuring that the only
+time the alternate mode is used is when it is specifically requested.
+This patch adds an additional comparison to intel_edp_compare_alt_mode
+to ensure that we only use the alternate mode if it is directly
+requested.
+
+Fixes: dc911f5bd8aac ("Allow alternate fixed mode for eDP if available.")
+Cc: David Weinehall <david.weinehall@linux.intel.com>
+Cc: Rodrigo Vivi <rodrigo.vivi@intel.com>
+Signed-off-by: Jim Bride <jim.bride@linux.intel.com>
+---
+ drivers/gpu/drm/i915/intel_dp.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c
+index 09f274419eea1c74..838cee312e8e6978 100644
+--- a/drivers/gpu/drm/i915/intel_dp.c
+++ b/drivers/gpu/drm/i915/intel_dp.c
+@@ -1632,7 +1632,8 @@ static bool intel_edp_compare_alt_mode(struct drm_display_mode *m1,
+ 			m1->vdisplay == m2->vdisplay &&
+ 			m1->vsync_start == m2->vsync_start &&
+ 			m1->vsync_end == m2->vsync_end &&
+-			m1->vtotal == m2->vtotal);
+			m1->vtotal == m2->vtotal &&
+			m1->vrefresh == m2->vrefresh);
+ 	return bres;
+ }
+ 
+-- 
+2.15.1
+
--- a/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
+++ b/0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
@ -1,42 +0,0 @@
-From 51786b65797aed683ca72293a3cb86a2cab987c0 Mon Sep 17 00:00:00 2001
-Message-Id: <51786b65797aed683ca72293a3cb86a2cab987c0.1514959852.git.jan.steffens@gmail.com>
-In-Reply-To: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-References: <fb89d912d5f7289d3a922c77b671e36e1c740f5e.1514959852.git.jan.steffens@gmail.com>
-From: Tom Lendacky <thomas.lendacky@amd.com>
-Date: Tue, 26 Dec 2017 23:43:54 -0600
-Subject: [PATCH 7/7] x86/cpu, x86/pti: Do not enable PTI on AMD processors
-
-AMD processors are not subject to the types of attacks that the kernel
-page table isolation feature protects against.  The AMD microarchitecture
-does not allow memory references, including speculative references, that
-access higher privileged data when running in a lesser privileged mode
-when that access would result in a page fault.
-
-Disable page table isolation by default on AMD processors by not setting
-the X86_BUG_CPU_INSECURE feature, which controls whether X86_FEATURE_PTI
-is set.
-
-Signed-off-by: Tom Lendacky <thomas.lendacky@amd.com>
-Reviewed-by: Borislav Petkov <bp@suse.de>
---
- arch/x86/kernel/cpu/common.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/arch/x86/kernel/cpu/common.c b/arch/x86/kernel/cpu/common.c
-index f2a94dfb434e9a7c..b1be494ab4e8badf 100644
--- a/arch/x86/kernel/cpu/common.c
-+++ b/arch/x86/kernel/cpu/common.c
-@@ -899,8 +899,8 @@ static void __init early_identify_cpu(struct cpuinfo_x86 *c)
- 
- 	setup_force_cpu_cap(X86_FEATURE_ALWAYS);
- 
-	/* Assume for now that ALL x86 CPUs are insecure */
-	setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
-+	if (c->x86_vendor != X86_VENDOR_AMD)
-+		setup_force_cpu_bug(X86_BUG_CPU_INSECURE);
- 
- 	fpu__init_system(c);
- 
-- 
-2.15.1
-
--- a/33
+++ b/33
@ -4,7 +4,7 @@
 pkgbase=linux               # Build stock -ARCH kernel
 #pkgbase=linux-custom       # Build kernel with a different name
 _srcname=linux-4.14
-pkgver=4.14.11
+pkgver=4.14.12
 pkgrel=1
 arch=('x86_64')
 url="https://www.kernel.org/"
@ -23,10 +23,9 @@ source=(
  0001-add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by.patch
  0002-e1000e-Fix-e1000_check_for_copper_link_ich8lan-retur.patch
  0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch
-  0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
-  0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
-  0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
-  0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
+  0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+  0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+  0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch
 )
 validpgpkeys=(
  'ABAF11C65A2970B130ABE3C479BE3E4300411886'  # Linus Torvalds
@ -34,19 +33,18 @@ validpgpkeys=(
 )
 sha256sums=('f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7'
            'SKIP'
-            'f588b62d7ee1d2ebdc24afa0e256ff2f8812d5cab3bf572bf02e7c4525922bf9'
+            'da5d8db44b0988e4c45346899d3f5a51f8bd6c25f14e729615ca9ff9f17bdefd'
            'SKIP'
            '24b8cf6829dafcb2b5c76cffaae6438ad2d432f13d6551fa1c8f25e66b751ed4'
            'ae2e95db94ef7176207c690224169594d49445e04249d2499e9d2fbc117a0b21'
            '75f99f5239e03238f88d1a834c50043ec32b1dc568f2cc291b07d04718483919'
            'ad6344badc91ad0630caacde83f7f9b97276f80d26a20619a87952be65492c65'
-            '06bc1d8b1cd153c3146a4376d833f5769b980e5ef5eae99ddaaeb48bf514dae2'
-            'b90bef87574f30ec66c0f10d089bea56a9e974b6d052fee3071b1ff21360724b'
-            'f38531dee9fd8a59202ce96ac5b40446f1f035b89788ea9ecb2fb3909f703a25'
-            '705d5fbfce00ccc20490bdfb5853d67d86ac00c845de6ecb13e414214b48daeb'
-            '0a249248534a17f14fab7e14994811ae81fe324668a82ff41f3bcabeeae1460f'
-            '8e1b303957ddd829c0c9ad7c012cd32f2354ff3c8c1b85da3d7f8a54524f3711'
-            '914a0a019545ad7d14ed8d5c58d417eb0a8ec12a756beec79a545aabda343b31')
+            'd8a865a11665424b21fe6be9265eb287ee6d5646261a486954ddf3a4ee87e78f'
+            '9251c03da9d4b64591d77f490ff144d4ba514e66e74294ada541bf827306c9c4'
+            '6ce57b8dba43db4c6ee167a8891167b7d1e1e101d5112e776113eb37de5c37d8'
+            '1c1f5792c98369c546840950e6569a690cd88e33d4f0931d2b0b5b88f705aa4d'
+            'c3d743a0e193294bc5fbae65e7ba69fd997cd8b2ded9c9a45c5151d71d9cfb95'
+            'ec7342aab478af79a17ff65cf65bbd6744b0caee8f66c77a39bba61a78e6576d')

 _kernelname=${pkgbase#linux}

@ -72,14 +70,13 @@ prepare() {
  patch -Np1 -i ../0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch

  # https://bugs.archlinux.org/task/56605
-  patch -Np1 -i ../0004-Revert-xfrm-Fix-stack-out-of-bounds-read-in-xfrm_sta.patch
-  patch -Np1 -i ../0005-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch
+  patch -Np1 -i ../0004-xfrm-Fix-stack-out-of-bounds-read-on-socket-policy-l.patch

  # https://bugs.archlinux.org/task/56846
-  patch -Np1 -i ../0006-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch
+  patch -Np1 -i ../0005-cgroup-fix-css_task_iter-crash-on-CSS_TASK_ITER_PROC.patch

-  # For AMD processors, keep PTI off by default
-  patch -Np1 -i ../0007-x86-cpu-x86-pti-Do-not-enable-PTI-on-AMD-processors.patch
+  # https://bugs.archlinux.org/task/56711
+  patch -Np1 -i ../0006-drm-i915-edp-Only-use-the-alternate-fixed-mode-if-it.patch

  cp -Tf ../config .config