mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-21 14:31:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

sys-kernel/coreos-sources: bump to 4.14.6

Browse Source
This commit is contained in:
Jenkins OS 2017-12-14 17:41:13 +00:00
parent 6abd7cc783
commit bcd6403953
10 changed files with 15 additions and 97 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.5.ebuild → sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.6.ebuild vendored
View File

0
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.5.ebuild → sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.6.ebuild vendored
View File

2
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest vendored
View File

@ -1,2 +1,2 @@
DIST linux-4.14.tar.xz 100770500 SHA256 f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 SHA512 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 WHIRLPOOL fee10d54ecb210156aa55364ecc15867127819e9f7ff9ec5f6ef159b1013e2ae3d3a28d35c62d663886cbe826b996a1387671766093be002536309045a8e4d10
DIST patch-4.14.5.xz 128724 SHA256 d86eb2fd1c424fec9fbb12afacf7b783756651f5d7d0cf7ac71c3fbbbedddc9c SHA512 45a6adcc928babe53dd55a444aaae6280f57f844508a9799aada9f70b9fd6160b92b710986810c422ec3a20740f582acb3040f6d6aa883eecb58bf4c4d5918ca WHIRLPOOL e6130e986cc9a42c8ce14fc8a665e994f71a3b6be85d56c30b5fa2c629e5292bc056da98790614c5afaf4878141dca0a1fb3dd2ebdacfe829c86554b84d6dbd1
DIST patch-4.14.6.xz 163536 SHA256 c75b40f450f147014a08987949aafb71d9fcd3e91e443f5c8e4edbf1bbc386c6 SHA512 c37b437f740fbb480766149ca1c6ddb5ee763b88b034b9b4eaf3ce000f299545ee19a93638d1a4161ab0c76ec73e1a53b2264b94213d53d6ad7dcda6bee45b8c WHIRLPOOL 7af853f4bcbc3d6d23343aa1401afcea1786c3e1978d021f48f29e7af34d27f397b2d352c78383affc2c17c82be812df9ff5b9c7626da04d4a8cc0bd53cfa41e

7
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.5.ebuild → sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.6.ebuild vendored
View File

@ -33,8 +33,7 @@ IUSE=""
UNIPATCH_LIST="
${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
${PATCH_DIR}/z0002-Add-arm64-coreos-verity-hash.patch \
${PATCH_DIR}/z0003-KVM-Remove-I-O-port-0x80-bypass-on-intel-hosts.patch \
${PATCH_DIR}/z0004-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch \
${PATCH_DIR}/z0005-block-factor-out-__blkdev_issue_zero_pages.patch \
${PATCH_DIR}/z0006-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch \
${PATCH_DIR}/z0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch \
${PATCH_DIR}/z0004-block-factor-out-__blkdev_issue_zero_pages.patch \
${PATCH_DIR}/z0005-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch \
"

6
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch vendored
View File

@ -1,7 +1,7 @@
From 7c292474f4ccc7c58b05f812870b2cd2e9d61f48 Mon Sep 17 00:00:00 2001
From 511dc8e4ea2d5bb0e8bc191a747630b6c7024183 Mon Sep 17 00:00:00 2001
From: Vito Caputo <vito.caputo@coreos.com>
Date: Wed, 25 Nov 2015 02:59:45 -0800
Subject: [PATCH 1/6] kbuild: derive relative path for KBUILD_SRC from CURDIR
Subject: [PATCH 1/5] kbuild: derive relative path for KBUILD_SRC from CURDIR
This enables relocating source and build trees to different roots,
provided they stay reachable relative to one another. Useful for
@ -12,7 +12,7 @@ by some undesirable path component.
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 43ac7bdb10ad..91a49af766d5 100644
index eabbd7748a24..c4232d5614e2 100644
--- a/Makefile
+++ b/Makefile
@@ -143,7 +143,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make

4
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch vendored
View File

@ -1,7 +1,7 @@
From f6b7a9ffa6790d12f7b68ffbf8ab47d795daebb3 Mon Sep 17 00:00:00 2001
From 7134f9e6fc44063f515ce8cdac107fbdf22ce5f6 Mon Sep 17 00:00:00 2001
From: Geoff Levand <geoff@infradead.org>
Date: Fri, 11 Nov 2016 17:28:52 -0800
Subject: [PATCH 2/6] Add arm64 coreos verity hash
Subject: [PATCH 2/5] Add arm64 coreos verity hash
Signed-off-by: Geoff Levand <geoff@infradead.org>
---

81
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-KVM-Remove-I-O-port-0x80-bypass-on-intel-hosts.patch vendored
View File

@ -1,81 +0,0 @@
From f6557bee7caf4685b57f2be35f4032955816f2c7 Mon Sep 17 00:00:00 2001
From: Andrew Honig <ahonig@google.com>
Date: Wed, 29 Nov 2017 10:54:24 -0800
Subject: [PATCH 3/6] KVM: Remove I/O port 0x80 bypass on intel hosts.
KVM allows guests to directly access I/O port 0x80 on intel hosts. If
the guest floods this port with writes it generates exceptions and
instability in the host kernel, leading to a crash. With this change
guest writes to port 0x80 on intel will behave the same as they
currently behave on AMD systems.
Prevent the flooding by removing the code that sets port 0x80 as a
passthrough port. This is essentially the same as upstream patch
99f85a28a78e96d28907fe036e1671a218fee597, except that patch was
for AMD chipsets and this patch is for intel.
Signed-off-by: Andrew Honig <ahonig@google.com>
Signed-off-by: Jim Mattson <jmattson@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
arch/x86/kvm/vmx.c | 20 +++++---------------
1 file changed, 5 insertions(+), 15 deletions(-)
diff --git a/arch/x86/kvm/vmx.c b/arch/x86/kvm/vmx.c
index b21113bcf227..7242184fd8fd 100644
--- a/arch/x86/kvm/vmx.c
+++ b/arch/x86/kvm/vmx.c
@@ -935,8 +935,7 @@ static DEFINE_PER_CPU(struct list_head, blocked_vcpu_on_cpu);
static DEFINE_PER_CPU(spinlock_t, blocked_vcpu_on_cpu_lock);
enum {
- VMX_IO_BITMAP_A,
- VMX_IO_BITMAP_B,
+ VMX_IO_BITMAP,
VMX_MSR_BITMAP_LEGACY,
VMX_MSR_BITMAP_LONGMODE,
VMX_MSR_BITMAP_LEGACY_X2APIC_APICV,
@@ -950,8 +949,7 @@ enum {
static unsigned long *vmx_bitmap[VMX_BITMAP_NR];
-#define vmx_io_bitmap_a (vmx_bitmap[VMX_IO_BITMAP_A])
-#define vmx_io_bitmap_b (vmx_bitmap[VMX_IO_BITMAP_B])
+#define vmx_io_bitmap (vmx_bitmap[VMX_IO_BITMAP])
#define vmx_msr_bitmap_legacy (vmx_bitmap[VMX_MSR_BITMAP_LEGACY])
#define vmx_msr_bitmap_longmode (vmx_bitmap[VMX_MSR_BITMAP_LONGMODE])
#define vmx_msr_bitmap_legacy_x2apic_apicv (vmx_bitmap[VMX_MSR_BITMAP_LEGACY_X2APIC_APICV])
@@ -5438,8 +5436,8 @@ static int vmx_vcpu_setup(struct vcpu_vmx *vmx)
int i;
/* I/O */
- vmcs_write64(IO_BITMAP_A, __pa(vmx_io_bitmap_a));
- vmcs_write64(IO_BITMAP_B, __pa(vmx_io_bitmap_b));
+ vmcs_write64(IO_BITMAP_A, __pa(vmx_io_bitmap));
+ vmcs_write64(IO_BITMAP_B, __pa(vmx_io_bitmap));
if (enable_shadow_vmcs) {
vmcs_write64(VMREAD_BITMAP, __pa(vmx_vmread_bitmap));
@@ -6746,18 +6744,10 @@ static __init int hardware_setup(void)
goto out;
}
- vmx_io_bitmap_b = (unsigned long *)__get_free_page(GFP_KERNEL);
memset(vmx_vmread_bitmap, 0xff, PAGE_SIZE);
memset(vmx_vmwrite_bitmap, 0xff, PAGE_SIZE);
- /*
- * Allow direct access to the PC debug port (it is often used for I/O
- * delays, but the vmexits simply slow things down).
- */
- memset(vmx_io_bitmap_a, 0xff, PAGE_SIZE);
- clear_bit(0x80, vmx_io_bitmap_a);
-
- memset(vmx_io_bitmap_b, 0xff, PAGE_SIZE);
+ memset(vmx_io_bitmap, 0xff, PAGE_SIZE);
memset(vmx_msr_bitmap_legacy, 0xff, PAGE_SIZE);
memset(vmx_msr_bitmap_longmode, 0xff, PAGE_SIZE);
--
2.14.1

4
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch → sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch vendored
View File

@ -1,7 +1,7 @@
From 04ee2f5bf99b4da6539e151e5386c70e9b77da9c Mon Sep 17 00:00:00 2001
From 10a718b6168cc15fd1ff100905888539c09102b0 Mon Sep 17 00:00:00 2001
From: Mohamed Ghannam <simo.ghannam@gmail.com>
Date: Tue, 5 Dec 2017 12:23:04 -0800
Subject: [PATCH 4/6] dccp: CVE-2017-8824: use-after-free in DCCP code
Subject: [PATCH 3/5] dccp: CVE-2017-8824: use-after-free in DCCP code
Whenever the sock object is in DCCP_CLOSED state, dccp_disconnect()
must free dccps_hc_tx_ccid and dccps_hc_rx_ccid and set to NULL.

4
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-factor-out-__blkdev_issue_zero_pages.patch → sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-block-factor-out-__blkdev_issue_zero_pages.patch vendored
View File

@ -1,7 +1,7 @@
From 05fd8881133594f99500427da4ea4e367af86555 Mon Sep 17 00:00:00 2001
From 91d9cee0ee7a009867cc63f1abb65ac4a8544124 Mon Sep 17 00:00:00 2001
From: Ilya Dryomov <idryomov@gmail.com>
Date: Mon, 16 Oct 2017 15:59:09 +0200
Subject: [PATCH 5/6] block: factor out __blkdev_issue_zero_pages()
Subject: [PATCH 4/5] block: factor out __blkdev_issue_zero_pages()
blkdev_issue_zeroout() will use this in !BLKDEV_ZERO_NOFALLBACK case.

4
sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch → sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-block-cope-with-WRITE-ZEROES-failing-in-blkdev_issue.patch vendored
View File

@ -1,7 +1,7 @@
From 3f0172c2d2b789f746854d136d186e0b06731b1a Mon Sep 17 00:00:00 2001
From 590ab1f613b6b0dd4465709223ba4032a191b4a2 Mon Sep 17 00:00:00 2001
From: Ilya Dryomov <idryomov@gmail.com>
Date: Mon, 16 Oct 2017 15:59:10 +0200
Subject: [PATCH 6/6] block: cope with WRITE ZEROES failing in
Subject: [PATCH 5/5] block: cope with WRITE ZEROES failing in
blkdev_issue_zeroout()
sd_config_write_same() ignores ->max_ws_blocks == 0 and resets it to