Commit 7be5a1ac authored by Leonardo Arena's avatar Leonardo Arena

main/linux-grsec: security fixes (CVE-2016-3157, CVE-2016-3961). Fixes #5489

parent 45b825e3
......@@ -7,7 +7,7 @@ case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=${pkgver};;
esac
pkgrel=1
pkgrel=2
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs"
......@@ -21,6 +21,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v4.x/linux-$_kernver.tar.xz
fix-spi-nor-namespace-clash.patch
imx6q-no-unclocked-sleep.patch
xsa174.patch
config-grsec.x86
config-grsec.x86_64
......@@ -215,6 +216,7 @@ c1d8f46e5b2ee7c925fc38f20a3726d3 patch-4.4.8.xz
c2a6b88b18bc5b54d0d7122a1c692060 grsecurity-3.1-4.4.8-201604252206.patch
c32f1d7517a095a2645fc1c7dec5db8f fix-spi-nor-namespace-clash.patch
b11c29ee88f7f537973191036d48bee7 imx6q-no-unclocked-sleep.patch
14a8a1826416f04ae98918145139cea6 xsa174.patch
af91f128ddf9407bb212cbaebca79354 config-grsec.x86
503656217c0cfb0c481b3804285f0166 config-grsec.x86_64
a453b5ddc5ce5b1ed487747ae785d615 config-grsec.armhf
......@@ -225,6 +227,7 @@ sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2 li
b631b75cf38e08409812e9869f3a8b5b5b5085ba32ab62fd4c03d803f652a57f grsecurity-3.1-4.4.8-201604252206.patch
b8ce28c61663dbd92f7e1c862c042c88c4d0459ce15f6e6ea121e20705b66212 fix-spi-nor-namespace-clash.patch
7e8a954750139a421a76e414e19a3b57645c9ec70e6c14a6b7708a3fa0cfd5e4 imx6q-no-unclocked-sleep.patch
cbec70e183f76b4081ebba05c0a8105bd4952d164a2e5c40528c05bf8861ddef xsa174.patch
c247a003fb358f611d801277f89a13393d1620ad804553ada97433ef52a7706b config-grsec.x86
d2b771f67eecad71745956dc0dea40fc702f39e4caee195b11877307d5ab2622 config-grsec.x86_64
ac8407f225ff6cb6be9ccd69729262241e61455f816cdea3070e30ddf453f7db config-grsec.armhf
......@@ -235,6 +238,7 @@ d53d6950bc121107fecec91b4cd33473b0b18e7188bd387cd02f3ab4ece0f7dc6f1530ad9b7a4465
49ec328ec1a5232af1f370101a64d9b7021bd2cb7744b3db181311d6aa4886ba1ef36457fbf22b97b21b0ad313fbea780c9441778e4d5bb9f8deae76dd6e499d grsecurity-3.1-4.4.8-201604252206.patch
410fe7dae27cb4998d17a441a5b2a19dd350636ead2de97d4ef5317501d9e82e2550bfca0f022c9be6296907c076c381e1e13060d1900ff26ee7d47f234fb104 fix-spi-nor-namespace-clash.patch
9980eb10f529bc5ce482ab0a0037febbc982b528c3e4d02fc4547e6dd45dc529a7b1711d0c89f942b1ae27842c3794b68a6b8959ef80f6fd00183d3a591cea07 imx6q-no-unclocked-sleep.patch
a86f88db750defec35d3afebdde565de2c6bc304f9a110c6091e0d38261a4bdc0ddbdd1df1913a894f57877acacfdb96d98635729f913a7ed344f627e40a9af3 xsa174.patch
d7cb2b8600bd95c25aba5fc21f27a89eb1257d003c6e98bc81989a6027536c15c4c4abbcdc16fadd84383d3e29c6814ddf0c4f8524b53b69eed8763cc2c14e92 config-grsec.x86
900d18cb27b99ca91cb48fa8fc27a74f1b700eb826ef26fcfa18a379e9b7521ddac65edc57757de766e76d1c576a4d6e80a6778afc3c34394b165ab9a707cba0 config-grsec.x86_64
97de0656bbf99b66431587fda8c914aa08950c1865de018ed7a1b5f99b98f91e2e935d2341dbab44af1ca8c2370953fbbeca58c00e201f97e1b15bbec41d52d6 config-grsec.armhf
......
x86/xen: suppress hugetlbfs in PV guests
Huge pages are not normally available to PV guests. Not suppressing
hugetlbfs use results in an endless loop of page faults when user mode
code tries to access a hugetlbfs mapped area (since the hypervisor
denies such PTEs to be created, but error indications can't be
propagated out of xen_set_pte_at(), just like for various of its
siblings), and - once killed in an oops like this:
kernel BUG at .../fs/hugetlbfs/inode.c:428!
invalid opcode: 0000 [#1] SMP
Modules linked in: ...
Supported: Yes
CPU: 2 PID: 6088 Comm: hugetlbfs Tainted: G W 4.4.0-2016-01-20-pv #2
Hardware name: ...
task: ffff8808059205c0 ti: ffff880803c84000 task.ti: ffff880803c84000
RIP: e030:[<ffffffff811c333b>] [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
RSP: e02b:ffff880803c879a8 EFLAGS: 00010202
RAX: 000000000077a4db RBX: ffffea001acff000 RCX: 0000000078417d38
RDX: 0000000000000000 RSI: 000000007e154fa7 RDI: ffff880805d70960
RBP: 0000000000000960 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffff880807486018 R14: 0000000000000000 R15: ffff880803c87af0
FS: 00007f85fa8b8700(0000) GS:ffff88080b640000(0000) knlGS:0000000000000000
CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f85fa000000 CR3: 0000000001a0a000 CR4: 0000000000040660
Stack:
ffff880000000fb0 ffff880803c87a18 ffff880803c87ae8 ffff8808059205c0
ffff880803c87af0 ffff880803c87ae8 ffff880807486018 0000000000000000
ffffffff81bf6e60 ffff880807486168 000003ffffffffff 0000000003c87758
Call Trace:
[<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
[<ffffffff81167b3d>] evict+0xbd/0x1b0
[<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
[<ffffffff81165b0e>] dput+0x1fe/0x220
[<ffffffff81150535>] __fput+0x155/0x200
[<ffffffff81079fc0>] task_work_run+0x60/0xa0
[<ffffffff81063510>] do_exit+0x160/0x400
[<ffffffff810637eb>] do_group_exit+0x3b/0xa0
[<ffffffff8106e8bd>] get_signal+0x1ed/0x470
[<ffffffff8100f854>] do_signal+0x14/0x110
[<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
[<ffffffff814178a5>] retint_user+0x8/0x13
This is XSA-174.
Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: stable@vger.kernel.org
---
v2: Make Xen-inspecific, by using cpu_has_pse.
--- a/arch/x86/include/asm/hugetlb.h
+++ b/arch/x86/include/asm/hugetlb.h
@@ -4,6 +4,7 @@
#include <asm/page.h>
#include <asm-generic/hugetlb.h>
+#define hugepages_supported() cpu_has_pse
static inline int is_hugepage_only_range(struct mm_struct *mm,
unsigned long addr,
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment