diff options
| author | Thorsten Leemhuis <fedora@leemhuis.info> | 2018-08-22 07:57:07 +0200 |
|---|---|---|
| committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2018-08-22 07:57:07 +0200 |
| commit | 1c4016de516fb6192ae6698aa50fc654ae5b9e29 (patch) | |
| tree | b0c051180694f006d461e1ef868ee07f21dc2371 | |
| parent | 3848642811a60e4eb39b5371628edc5027b3e1c0 (diff) | |
| parent | ec7eeb8d9547edda935da1265094d07e86168ed8 (diff) | |
| download | kernel-1c4016de516fb6192ae6698aa50fc654ae5b9e29.tar.gz kernel-1c4016de516fb6192ae6698aa50fc654ae5b9e29.tar.xz kernel-1c4016de516fb6192ae6698aa50fc654ae5b9e29.zip | |
Merge remote-tracking branch 'origin/f29' into f29-user-thl-vanilla-fedora
| -rw-r--r-- | configs/fedora/generic/CONFIG_MAXIM_THERMOCOUPLE | 2 | ||||
| -rw-r--r-- | configs/fedora/generic/CONFIG_MLX90614 | 2 | ||||
| -rw-r--r-- | kernel-aarch64-debug.config | 4 | ||||
| -rw-r--r-- | kernel-aarch64.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl-debug.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl-lpae-debug.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl-lpae.config | 4 | ||||
| -rw-r--r-- | kernel-armv7hl.config | 4 | ||||
| -rw-r--r-- | kernel-i686-PAE.config | 4 | ||||
| -rw-r--r-- | kernel-i686-PAEdebug.config | 4 | ||||
| -rw-r--r-- | kernel-i686-debug.config | 4 | ||||
| -rw-r--r-- | kernel-i686.config | 4 | ||||
| -rw-r--r-- | kernel-ppc64le-debug.config | 4 | ||||
| -rw-r--r-- | kernel-ppc64le.config | 4 | ||||
| -rw-r--r-- | kernel-s390x-debug.config | 4 | ||||
| -rw-r--r-- | kernel-s390x.config | 4 | ||||
| -rw-r--r-- | kernel-x86_64-debug.config | 4 | ||||
| -rw-r--r-- | kernel-x86_64.config | 4 | ||||
| -rw-r--r-- | kernel.spec | 9 | ||||
| -rw-r--r-- | xsa270.patch | 55 |
20 files changed, 98 insertions, 34 deletions
diff --git a/configs/fedora/generic/CONFIG_MAXIM_THERMOCOUPLE b/configs/fedora/generic/CONFIG_MAXIM_THERMOCOUPLE index 442d4efa6..11732db98 100644 --- a/configs/fedora/generic/CONFIG_MAXIM_THERMOCOUPLE +++ b/configs/fedora/generic/CONFIG_MAXIM_THERMOCOUPLE @@ -1 +1 @@ -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m diff --git a/configs/fedora/generic/CONFIG_MLX90614 b/configs/fedora/generic/CONFIG_MLX90614 index 886455c5d..66d32f1e3 100644 --- a/configs/fedora/generic/CONFIG_MLX90614 +++ b/configs/fedora/generic/CONFIG_MLX90614 @@ -1 +1 @@ -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index 185a2f0c0..db1869032 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -3119,7 +3119,7 @@ CONFIG_MAX30100=m CONFIG_MAX77620_THERMAL=m CONFIG_MAX77620_WATCHDOG=m # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 CONFIG_MAXSMP=y # CONFIG_MC3230 is not set @@ -3358,7 +3358,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set CONFIG_MLX5_INFINIBAND=m CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-aarch64.config b/kernel-aarch64.config index a64beb6d2..3cc50ed3a 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -3099,7 +3099,7 @@ CONFIG_MAX30100=m CONFIG_MAX77620_THERMAL=m CONFIG_MAX77620_WATCHDOG=m # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 # CONFIG_MC3230 is not set # CONFIG_MCB is not set @@ -3337,7 +3337,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set CONFIG_MLX5_INFINIBAND=m CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 320bd0f01..7b520eba4 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -3287,7 +3287,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 CONFIG_MAXSMP=y # CONFIG_MC3230 is not set @@ -3529,7 +3529,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set # CONFIG_MLX5_INFINIBAND is not set CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index e63f929e6..e777b7606 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -3139,7 +3139,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 CONFIG_MAXSMP=y # CONFIG_MC3230 is not set @@ -3376,7 +3376,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set # CONFIG_MLX5_INFINIBAND is not set CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index 6ec5d8ef2..080ae37e8 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -3119,7 +3119,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 # CONFIG_MC3230 is not set # CONFIG_MCB is not set @@ -3355,7 +3355,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set # CONFIG_MLX5_INFINIBAND is not set CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 9e86f4a7d..17d17d286 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -3267,7 +3267,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 # CONFIG_MC3230 is not set # CONFIG_MCB is not set @@ -3508,7 +3508,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set # CONFIG_MLX5_INFINIBAND is not set CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-i686-PAE.config b/kernel-i686-PAE.config index ed60a211c..4df33ecab 100644 --- a/kernel-i686-PAE.config +++ b/kernel-i686-PAE.config @@ -2978,7 +2978,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 # CONFIG_MAXSMP is not set # CONFIG_MC3230 is not set @@ -3204,7 +3204,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set # CONFIG_MLX5_INFINIBAND is not set CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-i686-PAEdebug.config b/kernel-i686-PAEdebug.config index 2f4cee4a6..eeebe7911 100644 --- a/kernel-i686-PAEdebug.config +++ b/kernel-i686-PAEdebug.config @@ -3001,7 +3001,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 CONFIG_MAXSMP=y # CONFIG_MC3230 is not set @@ -3227,7 +3227,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set # CONFIG_MLX5_INFINIBAND is not set CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index 5f7d71850..485f38cc8 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -3001,7 +3001,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 CONFIG_MAXSMP=y # CONFIG_MC3230 is not set @@ -3227,7 +3227,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set # CONFIG_MLX5_INFINIBAND is not set CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-i686.config b/kernel-i686.config index 0eb643d82..355359352 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -2978,7 +2978,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 # CONFIG_MAXSMP is not set # CONFIG_MC3230 is not set @@ -3204,7 +3204,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set # CONFIG_MLX5_INFINIBAND is not set CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 083b29b8f..183eba1da 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -2780,7 +2780,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 CONFIG_MAXSMP=y # CONFIG_MC3230 is not set @@ -3000,7 +3000,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set CONFIG_MLX5_INFINIBAND=m CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 0922b461d..b48434f3e 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -2757,7 +2757,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 # CONFIG_MC3230 is not set # CONFIG_MCB is not set @@ -2976,7 +2976,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set CONFIG_MLX5_INFINIBAND=m CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index c6aed3217..1a2147560 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -2724,7 +2724,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_PHYSMEM_BITS=46 CONFIG_MAX_RAW_DEVS=8192 CONFIG_MAXSMP=y @@ -2943,7 +2943,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set CONFIG_MLX5_INFINIBAND=m CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-s390x.config b/kernel-s390x.config index 0e2680bdf..697f5d9cd 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -2701,7 +2701,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_PHYSMEM_BITS=46 CONFIG_MAX_RAW_DEVS=8192 # CONFIG_MC3230 is not set @@ -2919,7 +2919,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set CONFIG_MLX5_INFINIBAND=m CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index c9bb95933..fe46a50ae 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -3055,7 +3055,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 CONFIG_MAXSMP=y # CONFIG_MC3230 is not set @@ -3281,7 +3281,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set CONFIG_MLX5_INFINIBAND=m CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 1a0494e8c..a33ff6b59 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -3032,7 +3032,7 @@ CONFIG_MAX30100=m # CONFIG_MAX5821 is not set # CONFIG_MAX63XX_WATCHDOG is not set # CONFIG_MAX9611 is not set -# CONFIG_MAXIM_THERMOCOUPLE is not set +CONFIG_MAXIM_THERMOCOUPLE=m CONFIG_MAX_RAW_DEVS=8192 # CONFIG_MAXSMP is not set # CONFIG_MC3230 is not set @@ -3258,7 +3258,7 @@ CONFIG_MLX5_ESWITCH=y # CONFIG_MLX5_FPGA is not set CONFIG_MLX5_INFINIBAND=m CONFIG_MLX5_MPFS=y -# CONFIG_MLX90614 is not set +CONFIG_MLX90614=m CONFIG_MLX90632=m CONFIG_MLX_CPLD_PLATFORM=m CONFIG_MLXFW=m diff --git a/kernel.spec b/kernel.spec index 7daf6af0d..f4c5441f5 100644 --- a/kernel.spec +++ b/kernel.spec @@ -664,6 +664,9 @@ Patch528: 0008-console-dummycon-export-dummycon_-un-register_output.patch Patch529: 0009-fbcon-Only-defer-console-takeover-if-the-current-con.patch Patch530: 0010-fbcon-Do-not-takeover-the-console-from-atomic-contex.patch +# CVE-2018-15471 rhbz 1610555 1618414 +Patch531: xsa270.patch + # END OF PATCH DEFINITIONS %endif @@ -1926,6 +1929,12 @@ fi # # %changelog +* Mon Aug 20 2018 Laura Abbott <labbott@redhat.com> - 4.18.3-300 +- Linux v4.18.3 + +* Mon Aug 20 2018 Justin M. Forbes <jforbes@fedoraproject.org> +- Fix CVE-2018-15471 (rhbz 1610555 1618414) + * Fri Aug 17 2018 Peter Robinson <pbrobinson@fedoraproject.org> - Add fix and re-enable BPF JIT on ARMv7 diff --git a/xsa270.patch b/xsa270.patch new file mode 100644 index 000000000..867896f9d --- /dev/null +++ b/xsa270.patch @@ -0,0 +1,55 @@ +From: Jan Beulich <jbeulich@suse.com> +Subject: xen-netback: fix input validation in xenvif_set_hash_mapping() + +Both len and off are frontend specified values, so we need to make +sure there's no overflow when adding the two for the bounds check. We +also want to avoid undefined behavior and hence use off to index into +->hash.mapping[] only after bounds checking. This at the same time +allows to take care of not applying off twice for the bounds checking +against vif->num_queues. + +It is also insufficient to bounds check copy_op.len, as this is len +truncated to 16 bits. + +This is XSA-270. + +Reported-by: Felix Wilhelm <fwilhelm@google.com> +Signed-off-by: Jan Beulich <jbeulich@suse.com> +Reviewed-by: Paul Durrant <paul.durrant@citrix.com> +Tested-by: Paul Durrant <paul.durrant@citrix.com> +--- +The bounds checking against vif->num_queues also occurs too early afaict +(it should be done after the grant copy). I have patches ready as public +follow-ups for both this and the (at least latent) issue of the mapping +array crossing a page boundary. + +--- a/drivers/net/xen-netback/hash.c ++++ b/drivers/net/xen-netback/hash.c +@@ -332,20 +332,22 @@ u32 xenvif_set_hash_mapping_size(struct + u32 xenvif_set_hash_mapping(struct xenvif *vif, u32 gref, u32 len, + u32 off) + { +- u32 *mapping = &vif->hash.mapping[off]; ++ u32 *mapping = vif->hash.mapping; + struct gnttab_copy copy_op = { + .source.u.ref = gref, + .source.domid = vif->domid, +- .dest.u.gmfn = virt_to_gfn(mapping), + .dest.domid = DOMID_SELF, +- .dest.offset = xen_offset_in_page(mapping), +- .len = len * sizeof(u32), ++ .len = len * sizeof(*mapping), + .flags = GNTCOPY_source_gref + }; + +- if ((off + len > vif->hash.size) || copy_op.len > XEN_PAGE_SIZE) ++ if ((off + len < off) || (off + len > vif->hash.size) || ++ len > XEN_PAGE_SIZE / sizeof(*mapping)) + return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER; + ++ copy_op.dest.u.gmfn = virt_to_gfn(mapping + off); ++ copy_op.dest.offset = xen_offset_in_page(mapping + off); ++ + while (len-- != 0) + if (mapping[off++] >= vif->num_queues) + return XEN_NETIF_CTRL_STATUS_INVALID_PARAMETER; |