diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.60-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.61.ebuild similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.60-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.61.ebuild index b66d13b93c..77eaa0bc62 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.60-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-4.14.61.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=5 -COREOS_SOURCE_REVISION="-r1" +COREOS_SOURCE_REVISION="" inherit coreos-kernel DESCRIPTION="CoreOS Linux kernel" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.60-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.61.ebuild similarity index 98% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.60-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.61.ebuild index 6c70281dca..685aa802e6 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.60-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-4.14.61.ebuild @@ -2,7 +2,7 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=5 -COREOS_SOURCE_REVISION="-r1" +COREOS_SOURCE_REVISION="" inherit coreos-kernel savedconfig DESCRIPTION="CoreOS Linux kernel modules" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest index 338f246ff9..3c24c4c942 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest @@ -1,4 +1,4 @@ DIST linux-4.14.tar.xz 100770500 SHA256 f81d59477e90a130857ce18dc02f4fbe5725854911db1e7ba770c7cd350f96a7 SHA512 77e43a02d766c3d73b7e25c4aafb2e931d6b16e870510c22cef0cdb05c3acb7952b8908ebad12b10ef982c6efbe286364b1544586e715cf38390e483927904d8 WHIRLPOOL fee10d54ecb210156aa55364ecc15867127819e9f7ff9ec5f6ef159b1013e2ae3d3a28d35c62d663886cbe826b996a1387671766093be002536309045a8e4d10 DIST linux-4.17.tar.xz 102165892 SHA256 9faa1dd896eaea961dc6e886697c0b3301277102e5bc976b2758f9a62d3ccd13 SHA512 4d9de340a26155a89ea8773131c76220cc2057f2b5d031b467b60e8b14c1842518e2d60a863d8c695f0f7640f3f18d43826201984a238dade857b6cef79837db WHIRLPOOL 60573a6837a5daae91ea8d36f7aea0439a398d47810524df378b37df20ebb6fa83d518380348ec66cfe8f94b2405de59f884d52ac879cb4ff78f6674ad322077 -DIST patch-4.14.60.xz 1559132 SHA256 4cca9c6dfc779dff6dbefa5b7dea8874eb76f0131ab271b7d2f9d1d627d84b88 SHA512 884975454aac5cb69dcb0db68ab05a41a51f8ca9da7bf27bc012ef65b1020a71ed661feed80a9b9ee94b32bfc55bc9c563e0acb1023da46a3240565816673b4b WHIRLPOOL b8c1b2189936cb79cd2771f53e4dda4b6465dcaea8c3261760e0d3fccfd5dbe8c124c42ef54459eded39c77313180c142dfb8ab7087dfdc459cb4fd8a4e3d3e5 +DIST patch-4.14.61.xz 1563008 SHA256 d15db64311d874f2e27927dc1f96e2dfea2899b104fd6af873c39fe50a1f2e29 SHA512 ef649ffed6c45ccd1b163649cc4cf1a281220cdd3227f4336fcf715e282b312a2068e5d69188ec28185e4a67d4a688c88eaf6030c4ec1460b7d601772f3527da WHIRLPOOL 964553a60140265d15d27a1dda29907a0018cf42e3887df33345d1073d713550cad5146769c2deed35fffc803c62f12ccea615c0aefaaf8bfb996c838bb02e20 DIST patch-4.17.13.xz 329540 SHA256 5dbfce6d7ea2118919f98493136a9d8c7a09b87e11c2f7d66556d2d4127aff5c SHA512 8f77239c6c0393aa6e854f98d0ef0832e0a3e936251805ca1fcde2b5d24e0b086582f68e3f494a4a287b404573c26a867170958d53f3c1bf4c46c4c5697188b2 WHIRLPOOL 76fad83c04dba67db402f21e95a6960f03f3ca0fac204d04d43e3fc818c9bb82062ade65f2ce9e746067037e10b4d77688effd42117b8fd8703afbd1941d470a diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.60-r1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.61.ebuild similarity index 94% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.60-r1.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.61.ebuild index bbebbba39c..637435320a 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.60-r1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.14.61.ebuild @@ -37,5 +37,4 @@ UNIPATCH_LIST=" ${PATCH_DIR}/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch \ ${PATCH_DIR}/z0005-xen-netfront-Update-features-after-registering-netde.patch \ ${PATCH_DIR}/z0006-ext4-fix-false-negatives-and-false-positives-in-ext4.patch \ - ${PATCH_DIR}/z0007-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch index 23dcc4aa53..b729eca76b 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0001-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch @@ -1,7 +1,7 @@ -From 741a20d2c9ab8fe50df1fbb1d3fd95b22f77065b Mon Sep 17 00:00:00 2001 +From 4b4a02b29057e300c1ed74e24ea4abbb102638af Mon Sep 17 00:00:00 2001 From: Vito Caputo Date: Wed, 25 Nov 2015 02:59:45 -0800 -Subject: [PATCH 1/7] kbuild: derive relative path for KBUILD_SRC from CURDIR +Subject: [PATCH 1/6] kbuild: derive relative path for KBUILD_SRC from CURDIR This enables relocating source and build trees to different roots, provided they stay reachable relative to one another. Useful for @@ -12,7 +12,7 @@ by some undesirable path component. 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile -index 5b48ec630990..7ba527640db3 100644 +index 4bd65eabd298..25f92146ae1c 100644 --- a/Makefile +++ b/Makefile @@ -143,7 +143,8 @@ $(filter-out _all sub-make $(CURDIR)/Makefile, $(MAKECMDGOALS)) _all: sub-make diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch index 5d49c953b1..e0c00bc628 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0002-Add-arm64-coreos-verity-hash.patch @@ -1,7 +1,7 @@ -From 0e0d8f76240259b590047c39768ddbfe1695d313 Mon Sep 17 00:00:00 2001 +From d1daad1551c22635c0b185be6242186fddc2e111 Mon Sep 17 00:00:00 2001 From: Geoff Levand Date: Fri, 11 Nov 2016 17:28:52 -0800 -Subject: [PATCH 2/7] Add arm64 coreos verity hash +Subject: [PATCH 2/6] Add arm64 coreos verity hash Signed-off-by: Geoff Levand --- diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch index 6d82620337..0cfa508bf9 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0003-tools-objtool-Makefile-Don-t-fail-on-fallthrough-wit.patch @@ -1,7 +1,7 @@ -From d14e8b24ed70176794ab95521cc62f5cb14175de Mon Sep 17 00:00:00 2001 +From 3bbb0203d38748870cfe5e6729f035f5c9e27853 Mon Sep 17 00:00:00 2001 From: David Michael Date: Thu, 8 Feb 2018 21:23:12 -0500 -Subject: [PATCH 3/7] tools/objtool/Makefile: Don't fail on fallthrough with +Subject: [PATCH 3/6] tools/objtool/Makefile: Don't fail on fallthrough with new GCCs --- diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch index 4c7780f20c..d4c13b44ae 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0004-xen-netfront-Fix-mismatched-rtnl_unlock.patch @@ -1,7 +1,7 @@ -From b65e40359a4d927c704ad7170dd7b6e77d3aaaa4 Mon Sep 17 00:00:00 2001 +From 80f99295b0056628cad1a94b5e5f7e0ba529e24a Mon Sep 17 00:00:00 2001 From: Ross Lagerwall Date: Thu, 21 Jun 2018 14:00:20 +0100 -Subject: [PATCH 4/7] xen-netfront: Fix mismatched rtnl_unlock +Subject: [PATCH 4/6] xen-netfront: Fix mismatched rtnl_unlock Fixes: f599c64fdf7d ("xen-netfront: Fix race between device setup and open") Reported-by: Ben Hutchings diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-xen-netfront-Update-features-after-registering-netde.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-xen-netfront-Update-features-after-registering-netde.patch index 633a8efea4..1119182878 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-xen-netfront-Update-features-after-registering-netde.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0005-xen-netfront-Update-features-after-registering-netde.patch @@ -1,7 +1,7 @@ -From db8a5080561668bdd8cc989c8c02e2dddb42e7b8 Mon Sep 17 00:00:00 2001 +From 54dce3fb3edcefa80e6007a5ee6a612272adff79 Mon Sep 17 00:00:00 2001 From: Ross Lagerwall Date: Thu, 21 Jun 2018 14:00:21 +0100 -Subject: [PATCH 5/7] xen-netfront: Update features after registering netdev +Subject: [PATCH 5/6] xen-netfront: Update features after registering netdev Update the features after calling register_netdev() otherwise the device features are not set up correctly and it not possible to change diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-ext4-fix-false-negatives-and-false-positives-in-ext4.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-ext4-fix-false-negatives-and-false-positives-in-ext4.patch index a3bc3934b0..8d28c039cf 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-ext4-fix-false-negatives-and-false-positives-in-ext4.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0006-ext4-fix-false-negatives-and-false-positives-in-ext4.patch @@ -1,7 +1,7 @@ -From 9768a3646f317194d886fd7369d265f3907ddb73 Mon Sep 17 00:00:00 2001 +From 2a32248fe5410a7c051d7676732001193e23cc31 Mon Sep 17 00:00:00 2001 From: Theodore Ts'o Date: Sun, 8 Jul 2018 19:35:02 -0400 -Subject: [PATCH 6/7] ext4: fix false negatives *and* false positives in +Subject: [PATCH 6/6] ext4: fix false negatives *and* false positives in ext4_check_descriptors() commit 44de022c4382541cebdd6de4465d1f4f465ff1dd upstream. diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch deleted file mode 100644 index 6216e67edf..0000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/4.14/z0007-x86-entry-64-Remove-ebx-handling-from-error_entry-ex.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 127c328736c4a8a91faf7845e99e7bbfdd248cf2 Mon Sep 17 00:00:00 2001 -From: Andy Lutomirski -Date: Sun, 22 Jul 2018 11:05:09 -0700 -Subject: [PATCH 7/7] x86/entry/64: Remove %ebx handling from error_entry/exit - -error_entry and error_exit communicate the user vs. kernel status of -the frame using %ebx. This is unnecessary -- the information is in -regs->cs. Just use regs->cs. - -This makes error_entry simpler and makes error_exit more robust. - -It also fixes a nasty bug. Before all the Spectre nonsense, the -xen_failsafe_callback entry point returned like this: - - ALLOC_PT_GPREGS_ON_STACK - SAVE_C_REGS - SAVE_EXTRA_REGS - ENCODE_FRAME_POINTER - jmp error_exit - -And it did not go through error_entry. This was bogus: RBX -contained garbage, and error_exit expected a flag in RBX. - -Fortunately, it generally contained *nonzero* garbage, so the -correct code path was used. As part of the Spectre fixes, code was -added to clear RBX to mitigate certain speculation attacks. Now, -depending on kernel configuration, RBX got zeroed and, when running -some Wine workloads, the kernel crashes. This was introduced by: - - commit 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") - -With this patch applied, RBX is no longer needed as a flag, and the -problem goes away. - -I suspect that malicious userspace could use this bug to crash the -kernel even without the offending patch applied, though. - -[ Historical note: I wrote this patch as a cleanup before I was aware - of the bug it fixed. ] - -[ Note to stable maintainers: this should probably get applied to all - kernels. If you're nervous about that, a more conservative fix to - add xorl %ebx,%ebx; incl %ebx before the jump to error_exit should - also fix the problem. ] - -Reported-and-tested-by: M. Vefa Bicakci -Signed-off-by: Andy Lutomirski -Cc: Boris Ostrovsky -Cc: Borislav Petkov -Cc: Brian Gerst -Cc: Dave Hansen -Cc: Denys Vlasenko -Cc: Dominik Brodowski -Cc: Greg KH -Cc: H. Peter Anvin -Cc: Josh Poimboeuf -Cc: Juergen Gross -Cc: Linus Torvalds -Cc: Peter Zijlstra -Cc: Thomas Gleixner -Cc: stable@vger.kernel.org -Cc: xen-devel@lists.xenproject.org -Fixes: 3ac6d8c787b8 ("x86/entry/64: Clear registers for exceptions/interrupts, to reduce speculation attack surface") -Link: http://lkml.kernel.org/r/b5010a090d3586b2d6e06c7ad3ec5542d1241c45.1532282627.git.luto@kernel.org -Signed-off-by: Ingo Molnar ---- - arch/x86/entry/entry_64.S | 18 ++++-------------- - 1 file changed, 4 insertions(+), 14 deletions(-) - -diff --git a/arch/x86/entry/entry_64.S b/arch/x86/entry/entry_64.S -index f7bfa701219b..0fae7096ae23 100644 ---- a/arch/x86/entry/entry_64.S -+++ b/arch/x86/entry/entry_64.S -@@ -933,7 +933,7 @@ ENTRY(\sym) - - call \do_sym - -- jmp error_exit /* %ebx: no swapgs flag */ -+ jmp error_exit - .endif - END(\sym) - .endm -@@ -1166,7 +1166,6 @@ END(paranoid_exit) - - /* - * Save all registers in pt_regs, and switch GS if needed. -- * Return: EBX=0: came from user mode; EBX=1: otherwise - */ - ENTRY(error_entry) - UNWIND_HINT_FUNC -@@ -1213,7 +1212,6 @@ ENTRY(error_entry) - * for these here too. - */ - .Lerror_kernelspace: -- incl %ebx - leaq native_irq_return_iret(%rip), %rcx - cmpq %rcx, RIP+8(%rsp) - je .Lerror_bad_iret -@@ -1247,28 +1245,20 @@ ENTRY(error_entry) - - /* - * Pretend that the exception came from user mode: set up pt_regs -- * as if we faulted immediately after IRET and clear EBX so that -- * error_exit knows that we will be returning to user mode. -+ * as if we faulted immediately after IRET. - */ - mov %rsp, %rdi - call fixup_bad_iret - mov %rax, %rsp -- decl %ebx - jmp .Lerror_entry_from_usermode_after_swapgs - END(error_entry) - -- --/* -- * On entry, EBX is a "return to kernel mode" flag: -- * 1: already in kernel mode, don't need SWAPGS -- * 0: user gsbase is loaded, we need SWAPGS and standard preparation for return to usermode -- */ - ENTRY(error_exit) - UNWIND_HINT_REGS - DISABLE_INTERRUPTS(CLBR_ANY) - TRACE_IRQS_OFF -- testl %ebx, %ebx -- jnz retint_kernel -+ testb $3, CS(%rsp) -+ jz retint_kernel - jmp retint_user - END(error_exit) - --- -2.17.1 -