Linux v4.18.12

4 files changed, 5 insertions, 207 deletions

diff --git a/arm64_kvm_security.patch b/arm64_kvm_security.patch
deleted file mode 100644
index 71490d969..000000000
--- a/arm64_kvm_security.patch
+++ /dev/null
@@ -1,155 +0,0 @@
-From d26c25a9d19b5976b319af528886f89cf455692d Mon Sep 17 00:00:00 2001
-From: Dave Martin <Dave.Martin@arm.com>
-Date: Thu, 27 Sep 2018 16:53:21 +0100
-Subject: arm64: KVM: Tighten guest core register access from userspace
-
-From: Dave Martin <Dave.Martin@arm.com>
-
-commit d26c25a9d19b5976b319af528886f89cf455692d upstream.
-
-We currently allow userspace to access the core register file
-in about any possible way, including straddling multiple
-registers and doing unaligned accesses.
-
-This is not the expected use of the ABI, and nobody is actually
-using it that way. Let's tighten it by explicitly checking
-the size and alignment for each field of the register file.
-
-Cc: <stable@vger.kernel.org>
-Fixes: 2f4a07c5f9fe ("arm64: KVM: guest one-reg interface")
-Reviewed-by: Christoffer Dall <christoffer.dall@arm.com>
-Reviewed-by: Mark Rutland <mark.rutland@arm.com>
-Signed-off-by: Dave Martin <Dave.Martin@arm.com>
-[maz: rewrote Dave's initial patch to be more easily backported]
-Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
-Signed-off-by: Will Deacon <will.deacon@arm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/arm64/kvm/guest.c |   45 +++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 45 insertions(+)
-
---- a/arch/arm64/kvm/guest.c
-+++ b/arch/arm64/kvm/guest.c
-@@ -57,6 +57,45 @@ static u64 core_reg_offset_from_id(u64 i
- 	return id & ~(KVM_REG_ARCH_MASK | KVM_REG_SIZE_MASK | KVM_REG_ARM_CORE);
- }
- 
-+static int validate_core_offset(const struct kvm_one_reg *reg)
-+{
-+	u64 off = core_reg_offset_from_id(reg->id);
-+	int size;
-+
-+	switch (off) {
-+	case KVM_REG_ARM_CORE_REG(regs.regs[0]) ...
-+	     KVM_REG_ARM_CORE_REG(regs.regs[30]):
-+	case KVM_REG_ARM_CORE_REG(regs.sp):
-+	case KVM_REG_ARM_CORE_REG(regs.pc):
-+	case KVM_REG_ARM_CORE_REG(regs.pstate):
-+	case KVM_REG_ARM_CORE_REG(sp_el1):
-+	case KVM_REG_ARM_CORE_REG(elr_el1):
-+	case KVM_REG_ARM_CORE_REG(spsr[0]) ...
-+	     KVM_REG_ARM_CORE_REG(spsr[KVM_NR_SPSR - 1]):
-+		size = sizeof(__u64);
-+		break;
-+
-+	case KVM_REG_ARM_CORE_REG(fp_regs.vregs[0]) ...
-+	     KVM_REG_ARM_CORE_REG(fp_regs.vregs[31]):
-+		size = sizeof(__uint128_t);
-+		break;
-+
-+	case KVM_REG_ARM_CORE_REG(fp_regs.fpsr):
-+	case KVM_REG_ARM_CORE_REG(fp_regs.fpcr):
-+		size = sizeof(__u32);
-+		break;
-+
-+	default:
-+		return -EINVAL;
-+	}
-+
-+	if (KVM_REG_SIZE(reg->id) == size &&
-+	    IS_ALIGNED(off, size / sizeof(__u32)))
-+		return 0;
-+
-+	return -EINVAL;
-+}
-+
- static int get_core_reg(struct kvm_vcpu *vcpu, const struct kvm_one_reg *reg)
- {
- 	/*
-@@ -76,6 +115,9 @@ static int get_core_reg(struct kvm_vcpu
- 	    (off + (KVM_REG_SIZE(reg->id) / sizeof(__u32))) >= nr_regs)
- 		return -ENOENT;
- 
-+	if (validate_core_offset(reg))
-+		return -EINVAL;
-+
- 	if (copy_to_user(uaddr, ((u32 *)regs) + off, KVM_REG_SIZE(reg->id)))
- 		return -EFAULT;
- 
-@@ -98,6 +140,9 @@ static int set_core_reg(struct kvm_vcpu
- 	    (off + (KVM_REG_SIZE(reg->id) / sizeof(__u32))) >= nr_regs)
- 		return -ENOENT;
- 
-+	if (validate_core_offset(reg))
-+		return -EINVAL;
-+
- 	if (KVM_REG_SIZE(reg->id) > sizeof(tmp))
- 		return -EINVAL;
- 
-From 2a3f93459d689d990b3ecfbe782fec89b97d3279 Mon Sep 17 00:00:00 2001
-From: Marc Zyngier <marc.zyngier@arm.com>
-Date: Thu, 27 Sep 2018 16:53:22 +0100
-Subject: arm64: KVM: Sanitize PSTATE.M when being set from userspace
-
-From: Marc Zyngier <marc.zyngier@arm.com>
-
-commit 2a3f93459d689d990b3ecfbe782fec89b97d3279 upstream.
-
-Not all execution modes are valid for a guest, and some of them
-depend on what the HW actually supports. Let's verify that what
-userspace provides is compatible with both the VM settings and
-the HW capabilities.
-
-Cc: <stable@vger.kernel.org>
-Fixes: 0d854a60b1d7 ("arm64: KVM: enable initialization of a 32bit vcpu")
-Reviewed-by: Christoffer Dall <christoffer.dall@arm.com>
-Reviewed-by: Mark Rutland <mark.rutland@arm.com>
-Reviewed-by: Dave Martin <Dave.Martin@arm.com>
-Signed-off-by: Marc Zyngier <marc.zyngier@arm.com>
-Signed-off-by: Will Deacon <will.deacon@arm.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- arch/arm64/kvm/guest.c |   10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
---- a/arch/arm64/kvm/guest.c
-+++ b/arch/arm64/kvm/guest.c
-@@ -152,17 +152,25 @@ static int set_core_reg(struct kvm_vcpu
- 	}
- 
- 	if (off == KVM_REG_ARM_CORE_REG(regs.pstate)) {
--		u32 mode = (*(u32 *)valp) & COMPAT_PSR_MODE_MASK;
-+		u64 mode = (*(u64 *)valp) & COMPAT_PSR_MODE_MASK;
- 		switch (mode) {
- 		case COMPAT_PSR_MODE_USR:
-+			if (!system_supports_32bit_el0())
-+				return -EINVAL;
-+			break;
- 		case COMPAT_PSR_MODE_FIQ:
- 		case COMPAT_PSR_MODE_IRQ:
- 		case COMPAT_PSR_MODE_SVC:
- 		case COMPAT_PSR_MODE_ABT:
- 		case COMPAT_PSR_MODE_UND:
-+			if (!vcpu_el1_is_32bit(vcpu))
-+				return -EINVAL;
-+			break;
- 		case PSR_MODE_EL0t:
- 		case PSR_MODE_EL1t:
- 		case PSR_MODE_EL1h:
-+			if (vcpu_el1_is_32bit(vcpu))
-+				return -EINVAL;
- 			break;
- 		default:
- 			err = -EINVAL;
diff --git a/kernel.spec b/kernel.spec
index f0963b20c..d02aa4c61 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -54,7 +54,7 @@ Summary: The Linux kernel
 %if 0%{?released_kernel}
 
 # Do we have a -stable update to apply?
-%define stable_update 11
+%define stable_update 12
 # Set rpm version accordingly
 %if 0%{?stable_update}
 %define stablerev %{stable_update}
@@ -624,15 +624,9 @@ Patch504: xsa270.patch
 Patch506: 0001-random-add-a-config-option-to-trust-the-CPU-s-hwrng.patch
 Patch507: 0001-random-make-CPU-trust-a-boot-parameter.patch
 
-# rhbz 1628394
-Patch509: powerpc-ipv6.patch
-
 # rhbz 1634250
 Patch510: HID-intel-ish-hid-Enable-Sunrise-Point-H-ish-driver.patch
 
-# rhbz 1635475 1635476
-Patch511: arm64_kvm_security.patch
-
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1882,6 +1876,9 @@ fi
 #
 #
 %changelog
+* Thu Oct 04 2018 Laura Abbott <labbott@redhat.com> - 4.18.12-100
+- Linux v4.18.12
+
 * Wed Oct 03 2018 Justin M. Forbes <jforbes@fedoraproject.org>
 - Fix arm64 kvm priv escalation (rhbz 1635475 1635476)
 
diff --git a/powerpc-ipv6.patch b/powerpc-ipv6.patch
deleted file mode 100644
index 44988bd43..000000000
--- a/powerpc-ipv6.patch
+++ /dev/null
@@ -1,44 +0,0 @@
-From 85682a7e3b9c664995ad477520f917039afdc330 Mon Sep 17 00:00:00 2001
-From: Christophe Leroy <christophe.leroy@c-s.fr>
-Date: Mon, 10 Sep 2018 06:09:04 +0000
-Subject: powerpc: fix csum_ipv6_magic() on little endian platforms
-
-On little endian platforms, csum_ipv6_magic() keeps len and proto in
-CPU byte order. This generates a bad results leading to ICMPv6 packets
-from other hosts being dropped by powerpc64le platforms.
-
-In order to fix this, len and proto should be converted to network
-byte order ie bigendian byte order. However checksumming 0x12345678
-and 0x56341278 provide the exact same result so it is enough to
-rotate the sum of len and proto by 1 byte.
-
-PPC32 only support bigendian so the fix is needed for PPC64 only
-
-Fixes: e9c4943a107b ("powerpc: Implement csum_ipv6_magic in assembly")
-Reported-by: Jianlin Shi <jishi@redhat.com>
-Reported-by: Xin Long <lucien.xin@gmail.com>
-Cc: <stable@vger.kernel.org> # 4.18+
-Signed-off-by: Christophe Leroy <christophe.leroy@c-s.fr>
-Tested-by: Xin Long <lucien.xin@gmail.com>
-Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
----
- arch/powerpc/lib/checksum_64.S | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/arch/powerpc/lib/checksum_64.S b/arch/powerpc/lib/checksum_64.S
-index 886ed94b9c13..d05c8af4ac51 100644
---- a/arch/powerpc/lib/checksum_64.S
-+++ b/arch/powerpc/lib/checksum_64.S
-@@ -443,6 +443,9 @@ _GLOBAL(csum_ipv6_magic)
- 	addc	r0, r8, r9
- 	ld	r10, 0(r4)
- 	ld	r11, 8(r4)
-+#ifdef CONFIG_CPU_LITTLE_ENDIAN
-+	rotldi	r5, r5, 8
-+#endif
- 	adde	r0, r0, r10
- 	add	r5, r5, r7
- 	adde	r0, r0, r11
--- 
-cgit 1.2-0.3.lf.el7
-
diff --git a/sources b/sources
index 37528b63e..f42b4a61f 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
 SHA512 (linux-4.18.tar.xz) = 950eb85ac743b291afe9f21cd174d823e25f11883ee62cecfbfff8fe8c5672aae707654b1b8f29a133b1f2e3529e63b9f7fba4c45d6dacccc8000b3a9a9ae038
-SHA512 (patch-4.18.11.xz) = a1cfab9c4fb7bec8da33fa95da0986ed7605ff9953fd425f5122978c462a6024886955827ce52a87f93312d5e17a4533606bbabf3e6ad6a5dd353d430db92e7e
+SHA512 (patch-4.18.12.xz) = 26d739fd52d4017666bc4f3203cc71ed48ed92a6b42e683421dfbffd67cddab0ebdeccc3a46d1e8e1e6b7fe22a7881c0c08c87936e2fc19238d25f09f1b494e3