aboutsummaryrefslogtreecommitdiffstats
path: root/main
diff options
context:
space:
mode:
authorLeonardo Arena <rnalrd@alpinelinux.org>2016-05-09 14:24:21 +0000
committerLeonardo Arena <rnalrd@alpinelinux.org>2016-05-09 14:24:21 +0000
commitb23dbe4b3fa4109d375d6e95f249a1528219b6fb (patch)
tree1ae364eafe56dcd7390842fb801ef5fcc87c303f /main
parent6280d9903265f279d32393fa22fecf18e752c635 (diff)
downloadaports-b23dbe4b3fa4109d375d6e95f249a1528219b6fb.tar.bz2
aports-b23dbe4b3fa4109d375d6e95f249a1528219b6fb.tar.xz
main/linux-vanilla: security fixes (CVE-2016-3157, CVE-2016-3961). Fixes #5489
Diffstat (limited to 'main')
-rw-r--r--main/linux-vanilla/APKBUILD7
-rw-r--r--main/linux-vanilla/xsa174.patch62
2 files changed, 68 insertions, 1 deletions
diff --git a/main/linux-vanilla/APKBUILD b/main/linux-vanilla/APKBUILD
index 121d708a38..958c111c69 100644
--- a/main/linux-vanilla/APKBUILD
+++ b/main/linux-vanilla/APKBUILD
@@ -7,7 +7,7 @@ case $pkgver in
*.*.*) _kernver=${pkgver%.*};;
*.*) _kernver=$pkgver;;
esac
-pkgrel=0
+pkgrel=1
pkgdesc="Linux vanilla kernel"
url="http://kernel.org"
depends="mkinitfs linux-firmware"
@@ -20,6 +20,8 @@ source="http://ftp.kernel.org/pub/linux/kernel/v${pkgver%%.*}.x/linux-$_kernver.
config-vanilla.armhf
config-vanilla.x86
config-vanilla.x86_64
+
+ xsa174.patch
"
if [ "${pkgver%.0}" = "$pkgver" ]; then
source="$source
@@ -164,14 +166,17 @@ md5sums="9a78fa2eb6c68ca5a40ed5af08142599 linux-4.4.tar.xz
331267c63d973a1a99105a3d4c9d464f config-vanilla.armhf
7b39fd82ac03ff3a5ac6403b10af0006 config-vanilla.x86
eae91875faa28c1f3ab2672137c22499 config-vanilla.x86_64
+14a8a1826416f04ae98918145139cea6 xsa174.patch
c1d8f46e5b2ee7c925fc38f20a3726d3 patch-4.4.8.xz"
sha256sums="401d7c8fef594999a460d10c72c5a94e9c2e1022f16795ec51746b0d165418b2 linux-4.4.tar.xz
0fee35a85d9883620b0c9d49c428f371e401a2cb38cfa7eda39b52814570c183 config-vanilla.armhf
daf10b005d5c9b7ebdb76f26090cde613ed4ce0ebaaf590f4356a28f33c579e1 config-vanilla.x86
fb69e1cfd5ba1a798f63312229370b402bea407819bfd8da0302f21364e10d80 config-vanilla.x86_64
+cbec70e183f76b4081ebba05c0a8105bd4952d164a2e5c40528c05bf8861ddef xsa174.patch
11ec99ae0600bd831ff8d71b77e64592f4b6918b7857fd9ff0284ea4cf267b4e patch-4.4.8.xz"
sha512sums="13c8459933a8b80608e226a1398e3d1848352ace84bcfb7e6a4a33cb230bbe1ab719d4b58e067283df91ce5311be6d2d595fc8c19e2ae6ecc652499415614b3e linux-4.4.tar.xz
fe2abe917c35f5ebb3e2e07b1cc7c86879eb8a500b8552e9cce9d82b485a5f7458ce32fbb826ae64a3b1e4e33d70b5ac4cf859efc18d2dc40d73a7859b55d678 config-vanilla.armhf
00c3ba594f3c21151bcf156a3bab5bda9118f35782884914ab7f4361dabc2fe9eea8dbd59feebc8a39fc4eca8e5682996bd06f91380da8a670fa45618e2f2aae config-vanilla.x86
038420ba58fe1aba49cbb046f7ae4558c232dcd33388aaeea8d33c614ba956780032a633eb43512d776260f5b9c8fb57996c72e92823313437dacc69a04f7f0c config-vanilla.x86_64
+a86f88db750defec35d3afebdde565de2c6bc304f9a110c6091e0d38261a4bdc0ddbdd1df1913a894f57877acacfdb96d98635729f913a7ed344f627e40a9af3 xsa174.patch
d53d6950bc121107fecec91b4cd33473b0b18e7188bd387cd02f3ab4ece0f7dc6f1530ad9b7a44655afb7d823fb94ad8d8710902367c9b12911eb2247a12f2c7 patch-4.4.8.xz"
diff --git a/main/linux-vanilla/xsa174.patch b/main/linux-vanilla/xsa174.patch
new file mode 100644
index 0000000000..9c15d57c30
--- /dev/null
+++ b/main/linux-vanilla/xsa174.patch
@@ -0,0 +1,62 @@
+x86/xen: suppress hugetlbfs in PV guests
+
+Huge pages are not normally available to PV guests. Not suppressing
+hugetlbfs use results in an endless loop of page faults when user mode
+code tries to access a hugetlbfs mapped area (since the hypervisor
+denies such PTEs to be created, but error indications can't be
+propagated out of xen_set_pte_at(), just like for various of its
+siblings), and - once killed in an oops like this:
+
+kernel BUG at .../fs/hugetlbfs/inode.c:428!
+invalid opcode: 0000 [#1] SMP
+Modules linked in: ...
+Supported: Yes
+CPU: 2 PID: 6088 Comm: hugetlbfs Tainted: G W 4.4.0-2016-01-20-pv #2
+Hardware name: ...
+task: ffff8808059205c0 ti: ffff880803c84000 task.ti: ffff880803c84000
+RIP: e030:[<ffffffff811c333b>] [<ffffffff811c333b>] remove_inode_hugepages+0x25b/0x320
+RSP: e02b:ffff880803c879a8 EFLAGS: 00010202
+RAX: 000000000077a4db RBX: ffffea001acff000 RCX: 0000000078417d38
+RDX: 0000000000000000 RSI: 000000007e154fa7 RDI: ffff880805d70960
+RBP: 0000000000000960 R08: 0000000000000000 R09: 0000000000000000
+R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
+R13: ffff880807486018 R14: 0000000000000000 R15: ffff880803c87af0
+FS: 00007f85fa8b8700(0000) GS:ffff88080b640000(0000) knlGS:0000000000000000
+CS: e033 DS: 0000 ES: 0000 CR0: 000000008005003b
+CR2: 00007f85fa000000 CR3: 0000000001a0a000 CR4: 0000000000040660
+Stack:
+ ffff880000000fb0 ffff880803c87a18 ffff880803c87ae8 ffff8808059205c0
+ ffff880803c87af0 ffff880803c87ae8 ffff880807486018 0000000000000000
+ ffffffff81bf6e60 ffff880807486168 000003ffffffffff 0000000003c87758
+Call Trace:
+ [<ffffffff811c3415>] hugetlbfs_evict_inode+0x15/0x40
+ [<ffffffff81167b3d>] evict+0xbd/0x1b0
+ [<ffffffff8116514a>] __dentry_kill+0x19a/0x1f0
+ [<ffffffff81165b0e>] dput+0x1fe/0x220
+ [<ffffffff81150535>] __fput+0x155/0x200
+ [<ffffffff81079fc0>] task_work_run+0x60/0xa0
+ [<ffffffff81063510>] do_exit+0x160/0x400
+ [<ffffffff810637eb>] do_group_exit+0x3b/0xa0
+ [<ffffffff8106e8bd>] get_signal+0x1ed/0x470
+ [<ffffffff8100f854>] do_signal+0x14/0x110
+ [<ffffffff810030e9>] prepare_exit_to_usermode+0xe9/0xf0
+ [<ffffffff814178a5>] retint_user+0x8/0x13
+
+This is XSA-174.
+
+Reported-by: Vitaly Kuznetsov <vkuznets@redhat.com>
+Signed-off-by: Jan Beulich <jbeulich@suse.com>
+Cc: stable@vger.kernel.org
+---
+v2: Make Xen-inspecific, by using cpu_has_pse.
+
+--- a/arch/x86/include/asm/hugetlb.h
++++ b/arch/x86/include/asm/hugetlb.h
+@@ -4,6 +4,7 @@
+ #include <asm/page.h>
+ #include <asm-generic/hugetlb.h>
+
++#define hugepages_supported() cpu_has_pse
+
+ static inline int is_hugepage_only_range(struct mm_struct *mm,
+ unsigned long addr,