diff options
author | Laura Abbott <labbott@redhat.com> | 2019-04-17 09:17:13 -0700 |
---|---|---|
committer | Laura Abbott <labbott@redhat.com> | 2019-04-17 09:18:51 -0700 |
commit | c66ca1b31f180e5559fdd060ab75600bb6476fbd (patch) | |
tree | 0fc16ce01f4182bc5f30c743cad3c4360677948e | |
parent | 24416b46798ee9a53c81faad67021a5df90dff30 (diff) | |
download | kernel-c66ca1b31f180e5559fdd060ab75600bb6476fbd.tar.gz kernel-c66ca1b31f180e5559fdd060ab75600bb6476fbd.tar.xz kernel-c66ca1b31f180e5559fdd060ab75600bb6476fbd.zip |
Linux v5.0.8
-rw-r--r-- | 0001-KVM-x86-nVMX-close-leak-of-L0-s-x2APIC-MSRs-CVE-2019.patch | 134 | ||||
-rw-r--r-- | 0001-KVM-x86-nVMX-fix-x2APIC-VTPR-read-intercept.patch | 46 | ||||
-rw-r--r-- | 0001-drm-i915-dp-revert-back-to-max-link-rate-and-lane-co.patch | 132 | ||||
-rw-r--r-- | kernel-aarch64-debug.config | 1 | ||||
-rw-r--r-- | kernel-aarch64.config | 1 | ||||
-rw-r--r-- | kernel-armv7hl-debug.config | 1 | ||||
-rw-r--r-- | kernel-armv7hl-lpae-debug.config | 1 | ||||
-rw-r--r-- | kernel-armv7hl-lpae.config | 1 | ||||
-rw-r--r-- | kernel-armv7hl.config | 1 | ||||
-rw-r--r-- | kernel-i686-debug.config | 1 | ||||
-rw-r--r-- | kernel-i686.config | 1 | ||||
-rw-r--r-- | kernel-ppc64le-debug.config | 1 | ||||
-rw-r--r-- | kernel-ppc64le.config | 1 | ||||
-rw-r--r-- | kernel-s390x-debug.config | 1 | ||||
-rw-r--r-- | kernel-s390x.config | 1 | ||||
-rw-r--r-- | kernel-x86_64-debug.config | 1 | ||||
-rw-r--r-- | kernel-x86_64.config | 1 | ||||
-rw-r--r-- | kernel.spec | 12 | ||||
-rw-r--r-- | sources | 2 |
19 files changed, 19 insertions, 321 deletions
diff --git a/0001-KVM-x86-nVMX-close-leak-of-L0-s-x2APIC-MSRs-CVE-2019.patch b/0001-KVM-x86-nVMX-close-leak-of-L0-s-x2APIC-MSRs-CVE-2019.patch deleted file mode 100644 index f8e81e7af..000000000 --- a/0001-KVM-x86-nVMX-close-leak-of-L0-s-x2APIC-MSRs-CVE-2019.patch +++ /dev/null @@ -1,134 +0,0 @@ -From acff78477b9b4f26ecdf65733a4ed77fe837e9dc Mon Sep 17 00:00:00 2001 -From: Marc Orr <marcorr@google.com> -Date: Mon, 1 Apr 2019 23:55:59 -0700 -Subject: [PATCH] KVM: x86: nVMX: close leak of L0's x2APIC MSRs - (CVE-2019-3887) - -The nested_vmx_prepare_msr_bitmap() function doesn't directly guard the -x2APIC MSR intercepts with the "virtualize x2APIC mode" MSR. As a -result, we discovered the potential for a buggy or malicious L1 to get -access to L0's x2APIC MSRs, via an L2, as follows. - -1. L1 executes WRMSR(IA32_SPEC_CTRL, 1). This causes the spec_ctrl -variable, in nested_vmx_prepare_msr_bitmap() to become true. -2. L1 disables "virtualize x2APIC mode" in VMCS12. -3. L1 enables "APIC-register virtualization" in VMCS12. - -Now, KVM will set VMCS02's x2APIC MSR intercepts from VMCS12, and then -set "virtualize x2APIC mode" to 0 in VMCS02. Oops. - -This patch closes the leak by explicitly guarding VMCS02's x2APIC MSR -intercepts with VMCS12's "virtualize x2APIC mode" control. - -The scenario outlined above and fix prescribed here, were verified with -a related patch in kvm-unit-tests titled "Add leak scenario to -virt_x2apic_mode_test". - -Note, it looks like this issue may have been introduced inadvertently -during a merge---see 15303ba5d1cd. - -Signed-off-by: Marc Orr <marcorr@google.com> -Reviewed-by: Jim Mattson <jmattson@google.com> -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> ---- - arch/x86/kvm/vmx/nested.c | 72 ++++++++++++++++++++++++--------------- - 1 file changed, 44 insertions(+), 28 deletions(-) - -diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c -index 153e539c29c9..897d70e3d291 100644 ---- a/arch/x86/kvm/vmx/nested.c -+++ b/arch/x86/kvm/vmx/nested.c -@@ -500,6 +500,17 @@ static void nested_vmx_disable_intercept_for_msr(unsigned long *msr_bitmap_l1, - } - } - -+static inline void enable_x2apic_msr_intercepts(unsigned long *msr_bitmap) { -+ int msr; -+ -+ for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) { -+ unsigned word = msr / BITS_PER_LONG; -+ -+ msr_bitmap[word] = ~0; -+ msr_bitmap[word + (0x800 / sizeof(long))] = ~0; -+ } -+} -+ - /* - * Merge L0's and L1's MSR bitmap, return false to indicate that - * we do not use the hardware. -@@ -541,39 +552,44 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, - return false; - - msr_bitmap_l1 = (unsigned long *)kmap(page); -- if (nested_cpu_has_apic_reg_virt(vmcs12)) { -- /* -- * L0 need not intercept reads for MSRs between 0x800 and 0x8ff, it -- * just lets the processor take the value from the virtual-APIC page; -- * take those 256 bits directly from the L1 bitmap. -- */ -- for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) { -- unsigned word = msr / BITS_PER_LONG; -- msr_bitmap_l0[word] = msr_bitmap_l1[word]; -- msr_bitmap_l0[word + (0x800 / sizeof(long))] = ~0; -- } -- } else { -- for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) { -- unsigned word = msr / BITS_PER_LONG; -- msr_bitmap_l0[word] = ~0; -- msr_bitmap_l0[word + (0x800 / sizeof(long))] = ~0; -- } -- } - -- nested_vmx_disable_intercept_for_msr( -- msr_bitmap_l1, msr_bitmap_l0, -- X2APIC_MSR(APIC_TASKPRI), -- MSR_TYPE_W); -+ /* -+ * To keep the control flow simple, pay eight 8-byte writes (sixteen -+ * 4-byte writes on 32-bit systems) up front to enable intercepts for -+ * the x2APIC MSR range and selectively disable them below. -+ */ -+ enable_x2apic_msr_intercepts(msr_bitmap_l0); -+ -+ if (nested_cpu_has_virt_x2apic_mode(vmcs12)) { -+ if (nested_cpu_has_apic_reg_virt(vmcs12)) { -+ /* -+ * L0 need not intercept reads for MSRs between 0x800 -+ * and 0x8ff, it just lets the processor take the value -+ * from the virtual-APIC page; take those 256 bits -+ * directly from the L1 bitmap. -+ */ -+ for (msr = 0x800; msr <= 0x8ff; msr += BITS_PER_LONG) { -+ unsigned word = msr / BITS_PER_LONG; -+ -+ msr_bitmap_l0[word] = msr_bitmap_l1[word]; -+ } -+ } - -- if (nested_cpu_has_vid(vmcs12)) { -- nested_vmx_disable_intercept_for_msr( -- msr_bitmap_l1, msr_bitmap_l0, -- X2APIC_MSR(APIC_EOI), -- MSR_TYPE_W); - nested_vmx_disable_intercept_for_msr( - msr_bitmap_l1, msr_bitmap_l0, -- X2APIC_MSR(APIC_SELF_IPI), -+ X2APIC_MSR(APIC_TASKPRI), - MSR_TYPE_W); -+ -+ if (nested_cpu_has_vid(vmcs12)) { -+ nested_vmx_disable_intercept_for_msr( -+ msr_bitmap_l1, msr_bitmap_l0, -+ X2APIC_MSR(APIC_EOI), -+ MSR_TYPE_W); -+ nested_vmx_disable_intercept_for_msr( -+ msr_bitmap_l1, msr_bitmap_l0, -+ X2APIC_MSR(APIC_SELF_IPI), -+ MSR_TYPE_W); -+ } - } - - if (spec_ctrl) --- -2.20.1 - diff --git a/0001-KVM-x86-nVMX-fix-x2APIC-VTPR-read-intercept.patch b/0001-KVM-x86-nVMX-fix-x2APIC-VTPR-read-intercept.patch deleted file mode 100644 index f73a7f336..000000000 --- a/0001-KVM-x86-nVMX-fix-x2APIC-VTPR-read-intercept.patch +++ /dev/null @@ -1,46 +0,0 @@ -From c73f4c998e1fd4249b9edfa39e23f4fda2b9b041 Mon Sep 17 00:00:00 2001 -From: Marc Orr <marcorr@google.com> -Date: Mon, 1 Apr 2019 23:56:00 -0700 -Subject: [PATCH] KVM: x86: nVMX: fix x2APIC VTPR read intercept - -Referring to the "VIRTUALIZING MSR-BASED APIC ACCESSES" chapter of the -SDM, when "virtualize x2APIC mode" is 1 and "APIC-register -virtualization" is 0, a RDMSR of 808H should return the VTPR from the -virtual APIC page. - -However, for nested, KVM currently fails to disable the read intercept -for this MSR. This means that a RDMSR exit takes precedence over -"virtualize x2APIC mode", and KVM passes through L1's TPR to L2, -instead of sourcing the value from L2's virtual APIC page. - -This patch fixes the issue by disabling the read intercept, in VMCS02, -for the VTPR when "APIC-register virtualization" is 0. - -The issue described above and fix prescribed here, were verified with -a related patch in kvm-unit-tests titled "Test VMX's virtualize x2APIC -mode w/ nested". - -Signed-off-by: Marc Orr <marcorr@google.com> -Reviewed-by: Jim Mattson <jmattson@google.com> -Fixes: c992384bde84f ("KVM: vmx: speed up MSR bitmap merge") -Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> ---- - arch/x86/kvm/vmx/nested.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/x86/kvm/vmx/nested.c b/arch/x86/kvm/vmx/nested.c -index 897d70e3d291..7ec9bb1dd723 100644 ---- a/arch/x86/kvm/vmx/nested.c -+++ b/arch/x86/kvm/vmx/nested.c -@@ -578,7 +578,7 @@ static inline bool nested_vmx_prepare_msr_bitmap(struct kvm_vcpu *vcpu, - nested_vmx_disable_intercept_for_msr( - msr_bitmap_l1, msr_bitmap_l0, - X2APIC_MSR(APIC_TASKPRI), -- MSR_TYPE_W); -+ MSR_TYPE_R | MSR_TYPE_W); - - if (nested_cpu_has_vid(vmcs12)) { - nested_vmx_disable_intercept_for_msr( --- -2.20.1 - diff --git a/0001-drm-i915-dp-revert-back-to-max-link-rate-and-lane-co.patch b/0001-drm-i915-dp-revert-back-to-max-link-rate-and-lane-co.patch deleted file mode 100644 index ab16d1aa0..000000000 --- a/0001-drm-i915-dp-revert-back-to-max-link-rate-and-lane-co.patch +++ /dev/null @@ -1,132 +0,0 @@ -From 1b58e7d454035355aaa0f29d31366669c13643e7 Mon Sep 17 00:00:00 2001 -From: Jani Nikula <jani.nikula@intel.com> -Date: Fri, 5 Apr 2019 10:19:31 +0300 -Subject: [PATCH] drm/i915/dp: revert back to max link rate and lane count on - eDP -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit -Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo -Cc: Jani Nikula <jani.nikula@intel.com> - -Commit 7769db588384 ("drm/i915/dp: optimize eDP 1.4+ link config fast -and narrow") started to optize the eDP 1.4+ link config, both per spec -and as preparation for display stream compression support. - -Sadly, we again face panels that flat out fail with parameters they -claim to support. Revert, and go back to the drawing board. - -Bugzilla: https://bugs.freedesktop.org/show_bug.cgi?id=109959 -Fixes: 7769db588384 ("drm/i915/dp: optimize eDP 1.4+ link config fast and narrow") -Cc: Ville Syrjälä <ville.syrjala@linux.intel.com> -Cc: Manasi Navare <manasi.d.navare@intel.com> -Cc: Rodrigo Vivi <rodrigo.vivi@intel.com> -Cc: Matt Atwood <matthew.s.atwood@intel.com> -Cc: "Lee, Shawn C" <shawn.c.lee@intel.com> -Cc: Dave Airlie <airlied@gmail.com> -Cc: intel-gfx@lists.freedesktop.org -Cc: <stable@vger.kernel.org> # v5.0+ -Signed-off-by: Jani Nikula <jani.nikula@intel.com> ---- - drivers/gpu/drm/i915/intel_dp.c | 69 +++++---------------------------- - 1 file changed, 10 insertions(+), 59 deletions(-) - -diff --git a/drivers/gpu/drm/i915/intel_dp.c b/drivers/gpu/drm/i915/intel_dp.c -index 22a746..dcd1df 100644 ---- a/drivers/gpu/drm/i915/intel_dp.c -+++ b/drivers/gpu/drm/i915/intel_dp.c -@@ -1845,42 +1845,6 @@ intel_dp_compute_link_config_wide(struct intel_dp *intel_dp, - return false; - } - --/* Optimize link config in order: max bpp, min lanes, min clock */ --static bool --intel_dp_compute_link_config_fast(struct intel_dp *intel_dp, -- struct intel_crtc_state *pipe_config, -- const struct link_config_limits *limits) --{ -- struct drm_display_mode *adjusted_mode = &pipe_config->base.adjusted_mode; -- int bpp, clock, lane_count; -- int mode_rate, link_clock, link_avail; -- -- for (bpp = limits->max_bpp; bpp >= limits->min_bpp; bpp -= 2 * 3) { -- mode_rate = intel_dp_link_required(adjusted_mode->crtc_clock, -- bpp); -- -- for (lane_count = limits->min_lane_count; -- lane_count <= limits->max_lane_count; -- lane_count <<= 1) { -- for (clock = limits->min_clock; clock <= limits->max_clock; clock++) { -- link_clock = intel_dp->common_rates[clock]; -- link_avail = intel_dp_max_data_rate(link_clock, -- lane_count); -- -- if (mode_rate <= link_avail) { -- pipe_config->lane_count = lane_count; -- pipe_config->pipe_bpp = bpp; -- pipe_config->port_clock = link_clock; -- -- return true; -- } -- } -- } -- } -- -- return false; --} -- - static int intel_dp_dsc_compute_bpp(struct intel_dp *intel_dp, u8 dsc_max_bpc) - { - int i, num_bpc; -@@ -2013,15 +1977,13 @@ intel_dp_compute_link_config(struct intel_encoder *encoder, - limits.min_bpp = 6 * 3; - limits.max_bpp = intel_dp_compute_bpp(intel_dp, pipe_config); - -- if (intel_dp_is_edp(intel_dp) && intel_dp->edp_dpcd[0] < DP_EDP_14) { -+ if (intel_dp_is_edp(intel_dp)) { - /* - * Use the maximum clock and number of lanes the eDP panel -- * advertizes being capable of. The eDP 1.3 and earlier panels -- * are generally designed to support only a single clock and -- * lane configuration, and typically these values correspond to -- * the native resolution of the panel. With eDP 1.4 rate select -- * and DSC, this is decreasingly the case, and we need to be -- * able to select less than maximum link config. -+ * advertizes being capable of. The panels are generally -+ * designed to support only a single clock and lane -+ * configuration, and typically these values correspond to the -+ * native resolution of the panel. - */ - limits.min_lane_count = limits.max_lane_count; - limits.min_clock = limits.max_clock; -@@ -2035,22 +1997,11 @@ intel_dp_compute_link_config(struct intel_encoder *encoder, - intel_dp->common_rates[limits.max_clock], - limits.max_bpp, adjusted_mode->crtc_clock); - -- if (intel_dp_is_edp(intel_dp)) -- /* -- * Optimize for fast and narrow. eDP 1.3 section 3.3 and eDP 1.4 -- * section A.1: "It is recommended that the minimum number of -- * lanes be used, using the minimum link rate allowed for that -- * lane configuration." -- * -- * Note that we use the max clock and lane count for eDP 1.3 and -- * earlier, and fast vs. wide is irrelevant. -- */ -- ret = intel_dp_compute_link_config_fast(intel_dp, pipe_config, -- &limits); -- else -- /* Optimize for slow and wide. */ -- ret = intel_dp_compute_link_config_wide(intel_dp, pipe_config, -- &limits); -+ /* -+ * Optimize for slow and wide. This is the place to add alternative -+ * optimization policy. -+ */ -+ ret = intel_dp_compute_link_config_wide(intel_dp, pipe_config, &limits); - - /* enable compression if the mode doesn't fit available BW */ - if (!ret) { --- -2.20.1 - diff --git a/kernel-aarch64-debug.config b/kernel-aarch64-debug.config index 0e9483912..b141418d6 100644 --- a/kernel-aarch64-debug.config +++ b/kernel-aarch64-debug.config @@ -2882,6 +2882,7 @@ CONFIG_LCD_CLASS_DEVICE=m CONFIG_LCD_PLATFORM=m # CONFIG_LCD_TDO24M is not set # CONFIG_LCD_VGG2432A4 is not set +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-aarch64.config b/kernel-aarch64.config index 485abfaae..b39fa28ba 100644 --- a/kernel-aarch64.config +++ b/kernel-aarch64.config @@ -2864,6 +2864,7 @@ CONFIG_LCD_CLASS_DEVICE=m CONFIG_LCD_PLATFORM=m # CONFIG_LCD_TDO24M is not set # CONFIG_LCD_VGG2432A4 is not set +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-armv7hl-debug.config b/kernel-armv7hl-debug.config index 5ab95bed2..be9635e80 100644 --- a/kernel-armv7hl-debug.config +++ b/kernel-armv7hl-debug.config @@ -2957,6 +2957,7 @@ CONFIG_LCD_LTV350QV=m CONFIG_LCD_PLATFORM=m CONFIG_LCD_TDO24M=m CONFIG_LCD_VGG2432A4=m +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-armv7hl-lpae-debug.config b/kernel-armv7hl-lpae-debug.config index cb7f7fc20..49fdd43aa 100644 --- a/kernel-armv7hl-lpae-debug.config +++ b/kernel-armv7hl-lpae-debug.config @@ -2840,6 +2840,7 @@ CONFIG_LCD_LTV350QV=m CONFIG_LCD_PLATFORM=m CONFIG_LCD_TDO24M=m CONFIG_LCD_VGG2432A4=m +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-armv7hl-lpae.config b/kernel-armv7hl-lpae.config index 8d50206d7..d15161e23 100644 --- a/kernel-armv7hl-lpae.config +++ b/kernel-armv7hl-lpae.config @@ -2823,6 +2823,7 @@ CONFIG_LCD_LTV350QV=m CONFIG_LCD_PLATFORM=m CONFIG_LCD_TDO24M=m CONFIG_LCD_VGG2432A4=m +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-armv7hl.config b/kernel-armv7hl.config index 01c667a48..eabbc4e1c 100644 --- a/kernel-armv7hl.config +++ b/kernel-armv7hl.config @@ -2940,6 +2940,7 @@ CONFIG_LCD_LTV350QV=m CONFIG_LCD_PLATFORM=m CONFIG_LCD_TDO24M=m CONFIG_LCD_VGG2432A4=m +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-i686-debug.config b/kernel-i686-debug.config index 9c0b17f5b..12e824481 100644 --- a/kernel-i686-debug.config +++ b/kernel-i686-debug.config @@ -2697,6 +2697,7 @@ CONFIG_LCD_CLASS_DEVICE=m CONFIG_LCD_PLATFORM=m # CONFIG_LCD_TDO24M is not set # CONFIG_LCD_VGG2432A4 is not set +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-i686.config b/kernel-i686.config index 3ae262491..72b3f5d29 100644 --- a/kernel-i686.config +++ b/kernel-i686.config @@ -2678,6 +2678,7 @@ CONFIG_LCD_CLASS_DEVICE=m CONFIG_LCD_PLATFORM=m # CONFIG_LCD_TDO24M is not set # CONFIG_LCD_VGG2432A4 is not set +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-ppc64le-debug.config b/kernel-ppc64le-debug.config index 328ac18d2..d30344da6 100644 --- a/kernel-ppc64le-debug.config +++ b/kernel-ppc64le-debug.config @@ -2458,6 +2458,7 @@ CONFIG_LCD_CLASS_DEVICE=m CONFIG_LCD_PLATFORM=m # CONFIG_LCD_TDO24M is not set # CONFIG_LCD_VGG2432A4 is not set +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-ppc64le.config b/kernel-ppc64le.config index 2eb7ac949..352449a8e 100644 --- a/kernel-ppc64le.config +++ b/kernel-ppc64le.config @@ -2439,6 +2439,7 @@ CONFIG_LCD_CLASS_DEVICE=m CONFIG_LCD_PLATFORM=m # CONFIG_LCD_TDO24M is not set # CONFIG_LCD_VGG2432A4 is not set +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-s390x-debug.config b/kernel-s390x-debug.config index f175bd115..975aa5463 100644 --- a/kernel-s390x-debug.config +++ b/kernel-s390x-debug.config @@ -2434,6 +2434,7 @@ CONFIG_LATENCYTOP=y # CONFIG_LCD_TDO24M is not set # CONFIG_LCD_VGG2432A4 is not set CONFIG_LCS=m +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-s390x.config b/kernel-s390x.config index c401340cf..11d73bd78 100644 --- a/kernel-s390x.config +++ b/kernel-s390x.config @@ -2415,6 +2415,7 @@ CONFIG_LATENCYTOP=y # CONFIG_LCD_TDO24M is not set # CONFIG_LCD_VGG2432A4 is not set CONFIG_LCS=m +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-x86_64-debug.config b/kernel-x86_64-debug.config index 072e8fc8d..e284e6c6e 100644 --- a/kernel-x86_64-debug.config +++ b/kernel-x86_64-debug.config @@ -2743,6 +2743,7 @@ CONFIG_LCD_CLASS_DEVICE=m CONFIG_LCD_PLATFORM=m # CONFIG_LCD_TDO24M is not set # CONFIG_LCD_VGG2432A4 is not set +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel-x86_64.config b/kernel-x86_64.config index 1f85a3d02..982edb713 100644 --- a/kernel-x86_64.config +++ b/kernel-x86_64.config @@ -2724,6 +2724,7 @@ CONFIG_LCD_CLASS_DEVICE=m CONFIG_LCD_PLATFORM=m # CONFIG_LCD_TDO24M is not set # CONFIG_LCD_VGG2432A4 is not set +CONFIG_LDISC_AUTOLOAD=y # CONFIG_LDM_DEBUG is not set CONFIG_LDM_PARTITION=y # CONFIG_LEDS_AAT1290 is not set diff --git a/kernel.spec b/kernel.spec index 321fdba31..f74adc8d0 100644 --- a/kernel.spec +++ b/kernel.spec @@ -54,7 +54,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 7 +%define stable_update 8 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -617,13 +617,6 @@ Patch516: 0001-inotify-Fix-fsnotify_mark-refcount-leak-in-inotify_u.patch # CVE-2019-3882 rhbz 1689426 1695571 Patch517: vfio-type1-limit-dma-mappings-per-container.patch -# CVE-2019 rhbz 1695044 1697187 -Patch518: 0001-KVM-x86-nVMX-close-leak-of-L0-s-x2APIC-MSRs-CVE-2019.patch -Patch519: 0001-KVM-x86-nVMX-fix-x2APIC-VTPR-read-intercept.patch - -# drm fix -Patch520: 0001-drm-i915-dp-revert-back-to-max-link-rate-and-lane-co.patch - # END OF PATCH DEFINITIONS %endif @@ -1897,6 +1890,9 @@ fi # # %changelog +* Wed Apr 17 2019 Laura Abbott <labbott@redhat.com> - 5.0.8-200 +- Linux v5.0.8 + * Mon Apr 08 2019 Laura Abbott <labbott@redhat.com> - 5.0.7-200 - Linux v5.0.7 @@ -1,2 +1,2 @@ SHA512 (linux-5.0.tar.xz) = 3fbab70c7b03b1a10e9fa14d1e2e1f550faba4f5792b7699ca006951da74ab86e7d7f19c6a67849ab99343186e7d6f2752cd910d76222213b93c1eab90abf1b0 -SHA512 (patch-5.0.7.xz) = 301ac04ea4462536a6c5bd4f45f19473b4ad798134b81221fc9d03f86be4b004a2e194ba79b19d4d8c728a5b198a6341ab88b53f8355904a88bd87fc4668dc2e +SHA512 (patch-5.0.8.xz) = b6b4be8f85e879a21d98bff1515be6432f71d13f894125398e55a5a2acf55d9fb2fe9a0081f257418290edb48219e048de786ccc916c48cc3d3a32d3009478b0 |