Commit b23dbe4b authored by Leonardo Arena's avatar Leonardo Arena

main/linux-vanilla: security fixes (CVE-2016-3157, CVE-2016-3961). Fixes #5489

parent 6280d990
......@@ -7,7 +7,7 @@ case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=$pkgver;;
esac
pkgrel=0
pkgrel=1
pkgdesc="Linux vanilla kernel"
url="http://kernel.org"
depends="mkinitfs linux-firmware"
......@@ -20,6 +20,8 @@ source="http://ftp.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.
config-vanilla.armhf
config-vanilla.x86
config-vanilla.x86_64
xsa174.patch
"
if [ "${pkgver%.0}" = "$pkgver" ]; then
source="$source
......@@ -164,14 +166,17 @@ md5sums="9a78fa2eb6c68ca5a40ed5af08142599 linux-4.4.tar.xz
331267c63d973a1a99105a3d4c9d464f config-vanilla.armhf
7b39fd82ac03ff3a5ac6403b10af0006 config-vanilla.x86
eae91875faa28c1f3ab2672137c22499 config-vanilla.x86_64
14a8a1826416f04ae98918145139cea6 xsa174.patch
c1d8f46e5b2ee7c925fc38f20a3726d3 patch-4.4.8.xz"
sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2 linux-4.4.tar.xz
0fee35a85d9883620b0c9d49c428f371e401a2cb38cfa7eda39b52814570c183 config-vanilla.armhf
daf10b005d5c9b7ebdb76f26090cde613ed4ce0ebaaf590f4356a28f33c579e1 config-vanilla.x86
fb69e1cfd5ba1a798f63312229370b402bea407819bfd8da0302f21364e10d80 config-vanilla.x86_64
cbec70e183f76b4081ebba05c0a8105bd4952d164a2e5c40528c05bf8861ddef xsa174.patch
11ec99ae0600bd831ff8d71b77e64592f4b6918b7857fd9ff0284ea4cf267b4e patch-4.4.8.xz"
sha512sums="13c8459933a8b80608e226a1398e3d1848352ace84bcfb7e6a4a33cb230bbe1ab719d4b58e067283df91ce5311be6d2d595fc8c19e2ae6ecc652499415614b3e linux-4.4.tar.xz
fe2abe917c35f5ebb3e2e07b1cc7c86879eb8a500b8552e9cce9d82b485a5f7458ce32fbb826ae64a3b1e4e33d70b5ac4cf859efc18d2dc40d73a7859b55d678 config-vanilla.armhf
00c3ba594f3c21151bcf156a3bab5bda9118f35782884914ab7f4361dabc2fe9eea8dbd59feebc8a39fc4eca8e5682996bd06f91380da8a670fa45618e2f2aae config-vanilla.x86
038420ba58fe1aba49cbb046f7ae4558c232dcd33388aaeea8d33c614ba956780032a633eb43512d776260f5b9c8fb57996c72e92823313437dacc69a04f7f0c config-vanilla.x86_64
a86f88db750defec35d3afebdde565de2c6bc304f9a110c6091e0d38261a4bdc0ddbdd1df1913a894f57877acacfdb96d98635729f913a7ed344f627e40a9af3 xsa174.patch
d53d6950bc121107fecec91b4cd33473b0b18e7188bd387cd02f3ab4ece0f7dc6f1530ad9b7a44655afb7d823fb94ad8d8710902367c9b12911eb2247a12f2c7 patch-4.4.8.xz"
x86/xen: suppress hugetlbfs in PV guests
Huge pages are not normally available to PV guests. Not suppressing
hugetlbfs use results in an endless loop of page faults when user mode
code tries to access a hugetlbfs mapped area (since the hypervisor
denies such PTEs to be created, but error indications can't be
propagated out of xen_set_pte_at(), just like for various of its
siblings), and - once killed in an oops like this:
kernel BUG at .../fs/hugetlbfs/inode.c:428!
invalid opcode: 0000 [#1] SMP
Modules linked in: ...
Supported: Yes
CPU: 2 PID: 6088 Comm: hugetlbfs Tainted: G W 4.4.0-2016-01-20-pv #2
Hardware name: ...
task: ffff8808059205c0 ti: ffff880803c84000 task.ti: ffff880803c84000
RIP: e030:[<ffffffff811c333b>] [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
RSP: e02b:ffff880803c879a8 EFLAGS: 00010202
RAX: 000000000077a4db RBX: ffffea001acff000 RCX: 0000000078417d38
RDX: 0000000000000000 RSI: 000000007e154fa7 RDI: ffff880805d70960
RBP: 0000000000000960 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffff880807486018 R14: 0000000000000000 R15: ffff880803c87af0
FS: 00007f85fa8b8700(0000) GS:ffff88080b640000(0000) knlGS:0000000000000000
CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
CR2: 00007f85fa000000 CR3: 0000000001a0a000 CR4: 0000000000040660
Stack:
ffff880000000fb0 ffff880803c87a18 ffff880803c87ae8 ffff8808059205c0
ffff880803c87af0 ffff880803c87ae8 ffff880807486018 0000000000000000
ffffffff81bf6e60 ffff880807486168 000003ffffffffff 0000000003c87758
Call Trace:
[<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
[<ffffffff81167b3d>] evict+0xbd/0x1b0
[<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
[<ffffffff81165b0e>] dput+0x1fe/0x220
[<ffffffff81150535>] __fput+0x155/0x200
[<ffffffff81079fc0>] task_work_run+0x60/0xa0
[<ffffffff81063510>] do_exit+0x160/0x400
[<ffffffff810637eb>] do_group_exit+0x3b/0xa0
[<ffffffff8106e8bd>] get_signal+0x1ed/0x470
[<ffffffff8100f854>] do_signal+0x14/0x110
[<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
[<ffffffff814178a5>] retint_user+0x8/0x13
This is XSA-174.
Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Cc: stable@vger.kernel.org
---
v2: Make Xen-inspecific, by using cpu_has_pse.
--- a/arch/x86/include/asm/hugetlb.h
+++ b/arch/x86/include/asm/hugetlb.h
@@ -4,6 +4,7 @@
#include <asm/page.h>
#include <asm-generic/hugetlb.h>
+#define hugepages_supported() cpu_has_pse
static inline int is_hugepage_only_range(struct mm_struct *mm,
unsigned long addr,
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment