Commit Graph

2009 Commits

Author SHA1 Message Date
Tim Steinbach
f130e0027e
linux: Add 4.12 2017-07-03 11:57:40 -04:00
Tim Steinbach
3130f3ed0a
linux-copperhead: 4.11.7.a -> 4.11.8.a
Fixes #26790 by properly including built modules
2017-06-29 23:16:52 -04:00
Tim Steinbach
37bc494949
linux: 4.11.7 -> 4.11.8 2017-06-29 08:29:04 -04:00
Tim Steinbach
d1aff8d2e5
linux: 4.9.34 -> 4.9.35
Also, remove XSA-216 patches, the fixes are now integrated upstream
2017-06-29 08:26:25 -04:00
Tim Steinbach
6b35f22e28
linux: 4.4.74 -> 4.4.75 2017-06-29 08:20:06 -04:00
Tim Steinbach
4cc729644e Merge pull request #26867 from michalpalka/xen-security-2017.06-new
xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
2017-06-28 22:43:46 -04:00
John Ericson
e1faeb574a Merge pull request #26884 from obsidiansystems/purge-stdenv-cross
Purge stdenv cross
2017-06-28 21:39:16 -04:00
hsloan
16781a3892 kernel perf: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan
1e3b45cfdb kernel manual-config: Don't use stdenv.cross 2017-06-28 20:23:09 -04:00
hsloan
459d07d41c kernel generic: Don't use stdenv.cross 2017-06-28 20:22:59 -04:00
Tim Steinbach
d2e199ca3c
linux: 4.4.73 -> 4.4.74 2017-06-27 08:14:47 -04:00
Tim Steinbach
c90a4b8541
linux: 4.12-rc6 -> 4.12-rc7 2017-06-26 09:58:37 -04:00
Michał Pałka
80e0cda7ff xen: patch for XSAs: 216, 217, 218, 219, 220, 221, 222, and 224
XSA-216 Issue Description:

> The block interface response structure has some discontiguous fields.
> Certain backends populate the structure fields of an otherwise
> uninitialized instance of this structure on their stacks, leaking
> data through the (internal or trailing) padding field.

More: https://xenbits.xen.org/xsa/advisory-216.html

XSA-217 Issue Description:

> Domains controlling other domains are permitted to map pages owned by
> the domain being controlled.  If the controlling domain unmaps such a
> page without flushing the TLB, and if soon after the domain being
> controlled transfers this page to another PV domain (via
> GNTTABOP_transfer or, indirectly, XENMEM_exchange), and that third
> domain uses the page as a page table, the controlling domain will have
> write access to a live page table until the applicable TLB entry is
> flushed or evicted.  Note that the domain being controlled is
> necessarily HVM, while the controlling domain is PV.

More: https://xenbits.xen.org/xsa/advisory-217.html

XSA-218 Issue Description:

> We have discovered two bugs in the code unmapping grant references.
>
> * When a grant had been mapped twice by a backend domain, and then
> unmapped by two concurrent unmap calls, the frontend may be informed
> that the page had no further mappings when the first call completed rather
> than when the second call completed.
>
> * A race triggerable by an unprivileged guest could cause a grant
> maptrack entry for grants to be "freed" twice.  The ultimate effect of
> this would be for maptrack entries for a single domain to be re-used.

More: https://xenbits.xen.org/xsa/advisory-218.html

XSA-219 Issue Description:

> When using shadow paging, writes to guest pagetables must be trapped and
> emulated, so the shadows can be suitably adjusted as well.
>
> When emulating the write, Xen maps the guests pagetable(s) to make the final
> adjustment and leave the guest's view of its state consistent.
>
> However, when mapping the frame, Xen drops the page reference before
> performing the write.  This is a race window where the underlying frame can
> change ownership.
>
> One possible attack scenario is for the frame to change ownership and to be
> inserted into a PV guest's pagetables.  At that point, the emulated write will
> be an unaudited modification to the PV pagetables whose value is under guest
> control.

More: https://xenbits.xen.org/xsa/advisory-219.html

XSA-220 Issue Description:

> Memory Protection Extensions (MPX) and Protection Key (PKU) are features in
> newer processors, whose state is intended to be per-thread and context
> switched along with all other XSAVE state.
>
> Xen's vCPU context switch code would save and restore the state only
> if the guest had set the relevant XSTATE enable bits.  However,
> surprisingly, the use of these features is not dependent (PKU) or may
> not be dependent (MPX) on having the relevant XSTATE bits enabled.
>
> VMs which use MPX or PKU, and context switch the state manually rather
> than via XSAVE, will have the state leak between vCPUs (possibly,
> between vCPUs in different guests).  This in turn corrupts state in
> the destination vCPU, and hence may lead to weakened protections
>
> Experimentally, MPX appears not to make any interaction with BND*
> state if BNDCFGS.EN is set but XCR0.BND{CSR,REGS} are clear.  However,
> the SDM is not clear in this case; therefore MPX is included in this
> advisory as a precaution.

More: https://xenbits.xen.org/xsa/advisory-220.html

XSA-221 Issue Description:

> When polling event channels, in general arbitrary port numbers can be
> specified.  Specifically, there is no requirement that a polled event
> channel ports has ever been created.  When the code was generalised
> from an earlier implementation, introducing some intermediate
> pointers, a check should have been made that these intermediate
> pointers are non-NULL.  However, that check was omitted.

More: https://xenbits.xen.org/xsa/advisory-221.html

XSA-222 Issue Description:

> Certain actions require removing pages from a guest's P2M
> (Physical-to-Machine) mapping.  When large pages are in use to map
> guest pages in the 2nd-stage page tables, such a removal operation may
> incur a memory allocation (to replace a large mapping with individual
> smaller ones).  If this allocation fails, these errors are ignored by
> the callers, which would then continue and (for example) free the
> referenced page for reuse.  This leaves the guest with a mapping to a
> page it shouldn't have access to.
>
> The allocation involved comes from a separate pool of memory created
> when the domain is created; under normal operating conditions it never
> fails, but a malicious guest may be able to engineer situations where
> this pool is exhausted.

More: https://xenbits.xen.org/xsa/advisory-222.html

XSA-224 Issue Description:

> We have discovered a number of bugs in the code mapping and unmapping
> grant references.
>
> * If a grant is mapped with both the GNTMAP_device_map and
> GNTMAP_host_map flags, but unmapped only with host_map, the device_map
> portion remains but the page reference counts are lowered as though it
> had been removed. This bug can be leveraged cause a page's reference
> counts and type counts to fall to zero while retaining writeable
> mappings to the page.
>
> * Under some specific conditions, if a grant is mapped with both the
> GNTMAP_device_map and GNTMAP_host_map flags, the operation may not
> grab sufficient type counts.  When the grant is then unmapped, the
> type count will be erroneously reduced.  This bug can be leveraged
> cause a page's reference counts and type counts to fall to zero while
> retaining writeable mappings to the page.
>
> * When a grant reference is given to an MMIO region (as opposed to a
> normal guest page), if the grant is mapped with only the
> GNTMAP_device_map flag set, a mapping is created at host_addr anyway.
> This does *not* cause reference counts to change, but there will be no
> record of this mapping, so it will not be considered when reporting
> whether the grant is still in use.

More: https://xenbits.xen.org/xsa/advisory-224.html
2017-06-26 07:01:24 +00:00
Tim Steinbach
03aed4cfcf
linux-copperhead: 4.11.6.d -> 4.11.7.a 2017-06-24 14:50:41 -04:00
Tim Steinbach
b06cb59fc1
linux: 4.9.33 -> 4.9.34 2017-06-24 11:22:56 -04:00
Tim Steinbach
3a68f0bb78
linux: 4.11.6 -> 4.11.7 2017-06-24 11:20:32 -04:00
Tim Steinbach
4e08459f9b
linux-hardened-copperhead: 4.11.6c -> 4.11.6d 2017-06-22 21:12:20 -04:00
Franz Pletz
dd3f2e648a
linux_hardened_copperhead: init at 4.11.6.c 2017-06-21 23:49:00 +02:00
Jörg Thalheim
e89e96a755 linux_4_11: renable CONFIG_UPROBE_EVENTS
CONFIG_UPROBE_EVENT was renamed to CONFIG_UPROBE_EVENTS.
2017-06-21 17:16:46 +01:00
Tim Steinbach
2764961b87
linux: 4.12-rc5 -> 4.12-rc6 2017-06-19 21:21:15 -04:00
Franz Pletz
bbb9182cbc
linux: 4.9.32 -> 4.9.33 2017-06-17 18:45:29 +02:00
Franz Pletz
a470aa0924
linux: 4.4.72 -> 4.4.73 2017-06-17 18:45:29 +02:00
Franz Pletz
c973a4a887
linux: 4.11.5 -> 4.11.6 2017-06-17 18:45:29 +02:00
Tim Steinbach
b4576c5108
linux: 4.11.4 -> 4.11.5 2017-06-15 08:54:55 -04:00
Tim Steinbach
a7efc9f0cd
linux: 4.9.31 -> 4.9.32 2017-06-15 08:53:35 -04:00
Tim Steinbach
07edb44d15
linux: 4.4.71 -> 4.4.72 2017-06-15 08:52:26 -04:00
timor
d74f8351a5 kernel: enable audio jack reconfiguration
Change kernel config to allow for changing the functions of the audio
jacks at run-time as well as at boot time.
2017-06-13 08:50:34 +03:00
Eelco Dolstra
63e9d1c51e
perf: Fix perf annotate
This command requires objdump, so make sure it can find it.
2017-06-12 13:23:18 +02:00
Tim Steinbach
5fbab5dfb3
linux: 4.12-rc4 -> 4.12-rc5 2017-06-11 21:37:46 -04:00
Tuomas Tynkkynen
370ace4cf0 kernel: Don't build self-test modules 2017-06-11 19:33:24 +03:00
Tim Steinbach
c7abd6943e
linux: 4.9.30 -> 4.9.31 2017-06-07 08:09:37 -04:00
Tim Steinbach
01fc1a80b3
linux: 4.4.70 -> 4.4.71 2017-06-07 08:07:53 -04:00
Tim Steinbach
66faa421c9
linux: 4.11.3 -> 4.11.4 2017-06-07 08:05:45 -04:00
Tim Steinbach
7c476b98df
linux: 4.12-rc3 -> 4.12-rc4 2017-06-05 10:01:53 -04:00
Tim Steinbach
a78af5196c
linux: 4.12-rc2 -> 4.12-rc3 2017-05-29 09:32:52 -04:00
Tim Steinbach
690a83091b
linux: FS_ENCRYPTION only for >= 4.9 kernels 2017-05-25 18:25:08 -04:00
Tim Steinbach
8f0ca4f44a
linux: 4.4.69 -> 4.4.70 2017-05-25 18:21:54 -04:00
Tim Steinbach
446c57fdb2
linux: 4.9.29 -> 4.9.30 2017-05-25 18:19:16 -04:00
Tim Steinbach
f618a6caa1
linux: 4.11.2 -> 4.11.3 2017-05-25 18:16:57 -04:00
Tim Steinbach
aa73b7df30
linux: 4.12-rc1 -> 4.12-rc2 2017-05-22 11:40:04 -04:00
Tim Steinbach
a42c54057f
linux: 4.11.1 -> 4.11.2 2017-05-20 17:17:35 -04:00
Tim Steinbach
a551ca61b7
linux: 4.9.28 -> 4.9.29 2017-05-20 17:17:34 -04:00
Tim Steinbach
82852ac60e
linux: 4.4.68 -> 4.4.69 2017-05-20 17:17:33 -04:00
Tuomas Tynkkynen
de263072b5 kernel: 4.10 is end-of-life
https://lkml.org/lkml/2017/5/20/75
2017-05-20 19:54:18 +03:00
Joachim Fasting
77ed860114
linux_hardened: enable checks on scatter-gather tables
Recommended by kspp
2017-05-18 12:33:42 +02:00
Tim Steinbach
8eb302d6d7 Merge pull request #25792 from NeQuissimus/linux_4_12_rc1
linux-testing: 4.11-rc7 -> 4.12-rc1
2017-05-17 08:30:10 -04:00
Tuomas Tynkkynen
a35ec5dda6 linux_rpi: 1.20170303 -> 1.20170427 2017-05-15 11:14:59 +03:00
Tim Steinbach
336b044dcb
linux-testing: 4.11-rc7 -> 4.12-rc1 2017-05-14 22:03:14 -04:00
Tuomas Tynkkynen
ba585648e7 kernel: 4.9.27 -> 4.9.28 2017-05-15 01:28:01 +03:00
Tuomas Tynkkynen
8de08ff145 kernel: 4.4.67 -> 4.4.68 2017-05-15 01:27:50 +03:00