------------------------------------------------------------------- Wed Sep 12 17:17:38 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 0c12e14 ------------------------------------------------------------------- Tue Sep 11 11:20:27 CEST 2018 - nstange@suse.de - Fix for CVE-2018-5390 ('denial of service conditions with low rates of specially modified packets aka "SegmentSmack"') Live patch for CVE-2018-5390. Upstream commits 72cd43ba64fc ("tcp: free batches of packets in tcp_prune_ofo_queue()") f4a3313d8e2c ("tcp: avoid collapses in tcp_prune_queue() if possible") 3d4bf93ac120 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") 8541b21e781a ("tcp: call tcp_drop() from tcp_data_queue_ofo()") 58152ecbbcc6 ("tcp: add tcp_ooo_try_coalesce() helper") KLP: CVE-2018-5390 References: bsc#1102682 CVE-2018-5390 - commit 39ca4cb ------------------------------------------------------------------- Wed Sep 5 14:08:43 CEST 2018 - nstange@suse.de - Fix for CVE-2018-10902 ("double free in midi subsystem") Live patch for CVE-2018-10902. Upstream commit 39675f7a7c7e ("ALSA: rawmidi: Change resized buffers atomically"). KLP: CVE-2018-10902 References: bsc#1105323 CVE-2018-10902 - commit 1499778 ------------------------------------------------------------------- Thu Aug 9 16:24:59 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 3d8e68c ------------------------------------------------------------------- Wed Aug 8 16:21:56 CEST 2018 - nstange@suse.de - Fix CVE-2018-3646 ('kvm: L1 Terminal Fault -VMM aka "Foreshadow" aka "Ocean Breeze" aka "Project Ocean"') Live patch for CVE-2018-3646. No upstream commit yet. KLP: CVE-2018-3646 References: bsc#1099306 CVE-2018-3646 - commit 8f4450a ------------------------------------------------------------------- Wed Aug 8 15:07:59 CEST 2018 - nstange@suse.de - Provide common kallsyms wrapper API With bsc#1103203, the need for disambiguating between a multiply defined symbol arose. This is something the kallsyms_lookup_name() based code snippet we used to copy&paste to every individual CVE fix can't handle. Implement a proper wrapper API for doing the kallsyms lookups. - commit 4aed7d2 ------------------------------------------------------------------- Fri Jul 13 14:20:13 CEST 2018 - nstange@suse.de - Fix for CVE-2017-11600 ("net/xfrm/xfrm_policy.c does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less") Live patch for CVE-2017-11600. Upstream commit 7bab09631c2a ("xfrm: policy: check policy direction value"). KLP: CVE-2017-11600 References: bsc#1096564 CVE-2017-11600 - commit 9a7d910 ------------------------------------------------------------------- Wed Jul 11 13:50:50 CEST 2018 - nstange@suse.de - Fix CVE-2018-10853 ("kvm: guest userspace to guest kernel write") Live patch for CVE-2018-10853. Upstream commit 3c9fa24ca7c9 ("kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access"). KLP: CVE-2018-10853 References: bsc#1097108 CVE-2018-10853 - commit e0e825b ------------------------------------------------------------------- Tue Jun 26 12:31:41 CEST 2018 - nstange@suse.de - bsc#1090338: fix __kernel_fpu_end() Miroslav found an issue where the live patched __kernel_fpu_end() causes the WARN_ON_ONCE(!irq_fpu_usable()) in kernel_fpu_begin() to trigger if in interrupt from kernel mode. Currently, the patched __kernel_fpu_end() would simply switch the FPU to the current task's math state, if it has one. But this means that another kernel_fpu_begin() issued thereafter will find the FPU to be owned now. Fix this by not restoring current's math state if in interrupt from kernel mode. References: bsc#1090338 CVE-2018-3665 - commit 55a6f57 ------------------------------------------------------------------- Mon Jun 25 15:05:55 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit aa7b8c7 ------------------------------------------------------------------- Fri Jun 15 16:26:38 CEST 2018 - nstange@suse.de - Fix CVE-2018-3665 ("kvm: Lazy FP Save/Restore") Live patch for CVE-2018-3665. Upstream commit 653f52c316a4 ("kvm,x86: load guest FPU context more eagerly"). KLP: CVE-2018-3665 References: bsc#1096740 CVE-2018-3665 - commit 2445d79 ------------------------------------------------------------------- Thu Jun 14 11:15:09 CEST 2018 - nstange@suse.de - Fix CVE-2018-3665 ("kernel: Lazy FP Save/Restore") Live patch for CVE-2018-3665. Upstream commit 58122bf1d856 ("x86/fpu: Default eagerfpu=on on all CPUs"). KLP: CVE-2018-3665 References: bsc#1090338 CVE-2018-3665 - commit 34bae5b ------------------------------------------------------------------- Wed May 16 12:21:28 CEST 2018 - nstange@suse.de - bsc#1085447: fix raw __user access in put_v4l2_window32() put_v4l2_window32() loads kp->clips directly, but kp is in userspace and this load can oops. This has already been fixed upstream in commit 85ea29f19eab ("media: v4l2-compat-ioctl32: don't oops on overlay"). Backport it. References: bsc#1085447 CVE-2017-13166 - commit 8f09350 ------------------------------------------------------------------- Tue May 15 17:24:47 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit dbf4999 ------------------------------------------------------------------- Tue May 15 12:54:11 CEST 2018 - nstange@suse.de - bsc#1090368: make ->post_patch() restore the fixmap IDT table on error If the trace_idt_descr has an unexpected address, ->post_patch() attempts to undo previous changes made to the idt_descr. However, that code patch errorneously sets idt_descr.address to the non-fixmap address from kgr_orig_idt_table. Fix this. - commit f5d8bd5 ------------------------------------------------------------------- Tue May 15 12:54:10 CEST 2018 - nstange@suse.de - bsc#1090368: make ->pre_revert() return early if ->post_patch() failed ->post_patch() does a number of sanity checks and bails out if it finds anything unexpected. ->pre_revert() must only undo changes actually installed by ->post_patch(), which is currently not the case. Introduce a flag, idt_replaced, and set it to true from ->post_patch iff the IDT replacement had been installed. Make ->pre_revert return early if that flag is not set. - commit 14c12ed ------------------------------------------------------------------- Mon May 14 08:30:01 CEST 2018 - nstange@suse.de - Fix CVE-2018-8897 (kernel: "POP SS") Live patch for CVE-2018-8897. Upstream commit d8ba61ba58c8 ("x86/entry/64: Don't use IST entry for #BP stack"). KLP: CVE-2018-8897 References: bsc#1090368 CVE-2018-8897 - commit 66598a3 ------------------------------------------------------------------- Mon May 14 08:30:00 CEST 2018 - nstange@suse.de - scrips/create-makefile.sh: add support for assembly files - commit cf2464a ------------------------------------------------------------------- Fri May 11 16:30:10 CEST 2018 - nstange@suse.de - callbacks: kgr_subpatch_register(): always set ->parent In case kgr_subpatch_register() finds an existing instance of that subpatch ID, the to be registered subpatch's ->parent is not set. This causes a NULL pointer dereference from kgr_subpatch_unregister() later on. Fix this by making kgr_patch_register() always set ->parent. - commit 424474c ------------------------------------------------------------------- Wed May 9 16:40:49 CEST 2018 - nstange@suse.de - Fix CVE-2018-8781 ("Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap()...") Live patch for CVE-2018-8781. Upstream commit 3b82a4db8eac ("drm: udl: Properly check framebuffer mmap offsets"). KLP: CVE-2018-8781 References: CVE-2018-8781 bsc#1090646 - commit 07cd0ae ------------------------------------------------------------------- Wed May 2 15:38:55 CEST 2018 - nstange@suse.de - kGraft callbacks: provide patch state abstraction Now that the kGraft core has been live patched to invoke the kgr_patch_state_pre_replace_cb(), kgr_patch_state_pre_revert_cb() and kgr_patch_state_post_patch_cb() callbacks, let's add an abstraction API on top to make this functionality accessible in sane ways from live patches. In general, the live patching callbacks are used for achieving global consistency. As such, they provide a means for getting notifications for events such as or global patching completement or an about to happen revert. However, a kGraft patch is usually made up from several independent subpatches, one for each issue or CVE to be fixed. In general, newly applied kGraft patches will provide a different set of fixes than what has been there before. This set usually grows with higher kGraft patch versions, but note that downgrades are also possible. What we really want to do is to track the global state on a per-subpatch basis and the abstraction API introduced by this patch provides this. Fixes are identified by a globally unique ID to be assigned by the patch author. These could be derived from a bsc# or CVE number. See the KGR_SUBPATCH_ID_BSC() and KGR_SUBPATCH_ID_CVE() helpers. The basic tracking entity is a struct kgr_subpatch. A kGraft module can register one of those for each issue ID it needs to have callback functionality for. Each kgr_subpatch instance can have a number of callbacks: - post_patch() Called for a subpatch whithout a precedessor after the kGraft transition has finished. - pre_migrate_to() Called for a subpatch with a precedessor before the kGraft transition starts. - post_migrate_to() Called for a subpatch with a precedessor after the kGraft transition has finished. - pre_revert() Called for a subpatch without a successor before the kGraft transition starts. - pre_migrate_away() Called for a subpatch with a successor before the kGraft transition starts. - post_migrate_away() Called for a subpatch with a successor after the kGraft transition has finished. To further facilite communication between subpatch precedessors and successors, each subpatch instance can have some data associated with it. The callback abstraction API manages these in entities of struct kgr_subpatch_data instances. It is expected that these are in general embedded in some larger structures. A kgr_subpatch's ->alloc_data() and ->free_data() callbacks will be used to allocate and free those. A kgr_subpatch's associated data is accessible at its ->data member. It is guaranteed to remain stable for the subpatch's complete lifetime, i.e. it may be accessed from any of its kGraft-patched replacement functions, regardless of any global patch state. Associated with each kgr_subpatch_data instance is a version whose meaning is to be defined by the patch author. Upon replacement of a subpatch with a matching successor, the ->prepare_migration() callback can inspect the preexisting data and still prevent a handover from taking place. If ->prepare_migration() returns false, the replacement will be treated as if the precedessor had been reverted and the successor been applied without a precedessor. In particular, ->pre_revert() and ->post_patch() will be called rather than any of the ->{pre,post}_migrate_{away,to}(). If ->prepare_migration() returns true, it must somehow take ownership of the previous subpatch's data. It can either 1. replace its own ->data initialized with the preallocated data or 2. store a pointer to the old data somewhere within its preallocated data. In the first case, the preallocated data will be automatically freed, so ->prepare_migration() must not do it. - commit 66fa1df ------------------------------------------------------------------- Wed May 2 15:38:54 CEST 2018 - nstange@suse.de - Fix bsc#1083125 ("KGraft: small race in reversion code") Live patches relying on callback functionality will likely be more sensitive to kGraft's otherwise quite harmless reversion race. Fix it if callbacks are used. References: bsc#1083125 - commit 4612c12 ------------------------------------------------------------------- Wed May 2 15:38:52 CEST 2018 - nstange@suse.de - Add callback functionality In order to reach global consistency, certain kGraft patches need to get notfications of patch transition events like pre-revert, pre-replace and post-patch. The kGraft core does not provide such a mechanism but fortunately it can still be implemented by livepatching kGraft itself. This works because once kGraft concludes that everything has been transitioned and calls its kgr_finalize(), in particular that call's context will also have been transitioned. It follows that the kgr_finalize() invocation will be redirected to a live patched implementation, if any. This way kgr_finalize() can be amended from a live patch to call a post-patch callback. The same line of reasoning applies to kgr_modify_kernel() and pre-replace or -revert callbacks. Right now, the callbacks are only placeholder stubs which will be filled in by a later patch adding some abstraction API on top. This upcoming API will also implement a kgr_subpatch_register() function and subpatches making any use of callbacks will call it. Make register-patches.sh grep for 'kgr_subpatch_register' and enable the callbacks patch if and only if found. - commit 58393dc ------------------------------------------------------------------- Tue Apr 24 15:19:50 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit f1d792a ------------------------------------------------------------------- Fri Apr 20 11:07:10 CEST 2018 - nstange@suse.de - Fix for CVE-2018-1000199 ("ptrace() bug leading to DoS or possibly corruption") Live patch for CVE-2018-1000199. Upstream commit f67b15037a7a ("perf/hwbp: Simplify the perf-hwbp code, fix documentation"). KLP: CVE-2018-1000199 References: bsc#1090036 CVE-2018-1000199 - commit 8585644 ------------------------------------------------------------------- Mon Apr 9 12:55:18 CEST 2018 - nstange@suse.de - Fix for CVE-2017-0861 ("Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation") Live patch for CVE-2017-0861. Upstream 362bca57f5d7 commit ("ALSA: pcm: prevent UAF in snd_pcm_info"). KLP: CVE-2017-0861 References: bsc#1088268 CVE-2017-0861 - commit 318b1ed ------------------------------------------------------------------- Tue Apr 3 15:48:18 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit f4f39e9 ------------------------------------------------------------------- Tue Mar 27 16:25:19 CEST 2018 - nstange@suse.de - Fix for CVE-2017-13166 ("An elevation of privilege vulnerability in the kernel v4l2 video driver") Live patch for CVE-2017-13166. Upstream commit a1dfb4c48cc1 ("media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic"). KLP: CVE-2017-13166 References: bsc#1085447 CVE-2017-13166 - commit 4b19e97 ------------------------------------------------------------------- Wed Mar 21 11:47:17 CET 2018 - nstange@suse.de - Fix for CVE-2018-1068 ("netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets") Live patch for CVE-2018-1068. Upstream commit b71812168571 ("netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets") and follow-up commit 932909d9b28d ("netfilter: ebtables: fix erroneous reject of last rule"). KLP: CVE-2018-1068 References: bsc#1085114 CVE-2018-1068 - commit 49c848e ------------------------------------------------------------------- Fri Mar 16 15:45:28 CET 2018 - nstange@suse.de - Fix for CVE-2018-7566 ("race condition in snd_seq_write() may lead to UAF or OOB-access") Live patch for CVE-2018-7566. Upstream commits d15d662e89fc ("ALSA: seq: Fix racy pool initializations"), d15d662e89fc ("ALSA: seq: Fix racy pool initializations") and 7bd800915677 ("ALSA: seq: More protection for concurrent write and ioctl races"). As a prerequisite, fix CVE-2018-1000004 ("ALSA: sequencer use-after-free / deadlock"), upstream commit b3defb791b26 ("ALSA: seq: Make ioctls race-free"), too. KLP: CVE-2018-7566 CVE-2018-1000004 References: bsc#1083488 CVE-2018-7566 bsc#1076017 CVE-2018-1000004 - commit 9367e5d ------------------------------------------------------------------- Mon Mar 5 15:44:31 CET 2018 - nstange@suse.de - shadow variables: allow for dynamic initialization Currently, the only shadow variable initialization scheme exposed by the allocation API is to let klp_shadow_alloc() resp. klp_shadow_get_or_alloc() memcpy some user provided buffer to the freshly allocated shadow variable. This is too limited for shadow structures containing pointers into themselves like list_heads or mutexes. Change the internal __klp_shadow_get_or_alloc() to take a pointer to an initializer functions and call that in place of the memcpy() operation. In order to retain former functionality of klp_shadow_alloc() and klp_shadow_get_or_alloc(), make them pass the new __klp_shadow_memcpy_init() wrapper to __klp_shadow_get_or_alloc(). Finally, introduce the new klp_shadow_alloc_with_init() and klp_shadow_get_or_alloc_with_init() which pass a user provided initializer function pointer onwards to __klp_shadow_get_or_alloc(). - commit 843c6fa ------------------------------------------------------------------- Thu Jan 18 17:11:03 CET 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit a26dbcd ------------------------------------------------------------------- Mon Dec 18 10:44:08 CET 2017 - nstange@suse.de - Fix for CVE-2017-15868 ("The bnep_add_connection function does not ensure that an l2cap socket is available, which allows local users to gain privileges") -- cmtp part Live patch for cmtp part of CVE-2017-15868. Upstream commit 96c26653ce65 ("Bluetooth: cmtp: cmtp_add_connection() should verify that it's dealing with l2cap socket") Fixes: CVE-2017-15868 References: bsc#1071471, CVE-2017-15868 - commit 1e368d0 ------------------------------------------------------------------- Mon Dec 18 10:44:07 CET 2017 - nstange@suse.de - Fix for CVE-2017-15868 ("The bnep_add_connection function does not ensure that an l2cap socket is available, which allows local users to gain privileges") -- bnep part Live patch for bnep part of CVE-2017-15868. Upstream commit 71bb99a02b32 ("Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket"). Fixes: CVE-2017-15868 References: bsc#1071471, CVE-2017-15868 - commit e99aa1c ------------------------------------------------------------------- Fri Dec 15 09:52:49 CET 2017 - mbenes@suse.cz - bsc#1069708: Add kernel-source commit hashes References: bsc#1069708 CVE-2017-16939 - commit 7e789ab ------------------------------------------------------------------- Tue Dec 5 16:42:04 CET 2017 - mbenes@suse.cz - uname_patch: fix UNAME26 for 4.0 Backport upstream commit 39afb5ee4640 ("kernel/sys.c: fix UNAME26 for 4.0"). - commit 5988feb ------------------------------------------------------------------- Mon Dec 4 15:25:24 CET 2017 - mbenes@suse.cz - Revert "Add compat.h to deal with changes of KGR_PATCH macro" This reverts commit 4186bef35862029a2fd36ba4a73d5fa538992709. All currently supported kernels (that is, everything since SLE12_Update_14 and SLE12-SP1_Update_5) have sympos support. We can drop compat, because we don't need it anymore. - commit 11e3220 ------------------------------------------------------------------- Fri Dec 1 16:44:54 CET 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 5c020c7 ------------------------------------------------------------------- Thu Nov 30 15:15:20 CET 2017 - mbenes@suse.cz - scripts: Generate ExclusiveArch in spec file dynamically ppc64le architecture kernel support is not present in all currently supported branches. It may cause problem for the maintenance team. Generate ExclusiveArch dynamically. It should be 'ppc64le x86_64' for SLE12-SP3 and 'x86_64' for the rest. - commit 95ed856 ------------------------------------------------------------------- Mon Nov 27 14:15:47 CET 2017 - nstange@suse.de - Fix for CVE-2017-16939 ("local privilege escalation with XFRM sockets") Live patch for CVE-2017-16939. Upstream commit 1137b5e2529a ("ipsec: Fix aborted xfrm policy dump crash"). Fixes: CVE-2017-16939 References: bsc#1069708, CVE-2017-16939 - commit dc21dcf ------------------------------------------------------------------- Fri Nov 17 12:55:04 CET 2017 - nstange@suse.de - Fix for CVE-2017-10661 ("timerfd: missing locking in cancel might cause races and use-after-free") Live patch for CVE-2017-10661. Upstream commit 1e38da300e1e ("timerfd: Protect the might cancel mechanism proper"). Fixes: CVE-2017-10661 References: bsc#1053153 CVE-2017-10661 - commit b97f246 ------------------------------------------------------------------- Thu Nov 16 14:27:46 CET 2017 - mbenes@suse.cz - rpm/kgraft-patch.spec: Add ppc64le as a supported arch ppc64le is about to be supported in Live Patching product. Add it to ExclusiveArch tag. - commit 8437c94 ------------------------------------------------------------------- Thu Nov 16 14:26:35 CET 2017 - mbenes@suse.cz - rpm/kgraft-patch.spec: Remove s390x from supported archs s390x is not supported in Live Patching product. Remove it from ExclusiveArch. - commit f9614f2 ------------------------------------------------------------------- Fri Nov 10 15:50:53 CET 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 5f2e6b0 ------------------------------------------------------------------- Mon Nov 6 16:52:09 CET 2017 - mbenes@suse.cz - bsc#1063671: Backport upstream commit cfbb0d90a7ab ("mac80211: don't compare TKIP TX MIC key in reinstall prevention") References: bsc#1066472 - commit e41fb70 ------------------------------------------------------------------- Mon Nov 6 16:40:28 CET 2017 - mbenes@suse.cz - bsc#1063671: Backport upstream commit 2bdd713b92a9 ("mac80211: use constant time comparison with keys") References: bsc#1066471 - commit ba9b403 ------------------------------------------------------------------- Tue Oct 31 18:56:38 CET 2017 - nstange@suse.de - Fix for CVE-2017-15649 ("net/packet/af_packet.c allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures") Live patch for CVE-2017-15649. Upstream commits 4971613c1639 ("packet: in packet_do_bind, test fanout with bind_lock held") and 008ba2a13f2d ("packet: hold bind lock when rebinding to fanout hook"). Fixes: CVE-2017-15649 References: bsc#1064392, CVE-2017-15649 - commit 7941d5e ------------------------------------------------------------------- Thu Oct 19 15:30:32 CEST 2017 - nstange@suse.de - Fix for CVE-2017-13080 ("Reinstallation of the group key (GTK) in the group key handshake") Live patch for CVE-2017-13080. Upstream commit fdf7cb4185b6 ("mac80211: accept key reinstall without changing anything"). Note: this addresses _only_ CVE-2017-13080 which is a minor part of "KRACK" related to WoWLAN. All the remaining CVE's associated with "KRACK" refer to userspace and thus, are _not_ fixed by this live patch! Fixes: CVE-2017-13080 References: bsc#1063671, CVE-2017-13080 - commit 0daf594 ------------------------------------------------------------------- Wed Oct 11 15:43:57 CEST 2017 - nstange@suse.de - Fix for bsc#1062471 ("add_key syscall causes NULL pointer dereference") Live patch for bsc#1062471. Upstream commit 5649645d725c ("KEYS: fix dereferencing NULL payload with nonzero length"). Fixes: CVE-2017-15274 References: bsc#1062471 CVE-2017-15274 [ mb: CVE and commit hashes ] - commit 69cb2dd ------------------------------------------------------------------- Fri Oct 6 14:20:11 CEST 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit b71045f ------------------------------------------------------------------- Thu Oct 5 12:12:29 CEST 2017 - nstange@suse.de - shadow variables: add KGR_SHADOW_ID helper As shadow variables are supposed to be shared among different KGraft modules their id's must be compile time constants. Introduce the KGR_SHADOW_ID helper macro for generating them in a uniform manner based on the bsc# number and a local id. - commit 237c8f3 ------------------------------------------------------------------- Thu Oct 5 12:12:28 CEST 2017 - nstange@suse.de - shadow variables: share shadow data among KGraft modules As it stands, each KGraft module maintains its own set of shadow variable management structures and thus, shadow variables are not sharable between livepatch modules. This behaviour is different from the upstream implementation and, as pointed out by Miroslav Benes, it also opens up an opportunity for a small window where the system might become vulnerable again during transition as we stack new livepatches on top. Let all KGraft patches share the shadow data. Sharing is implemented by moving the management structures from a KGraft module's .data to dynamically allocated memory. Each KGraft module will have specifically named pointers, 'kgr_shadow_hash12' and 'kgr_shadow_lock12', referencing them. Upon initialization, a KGraft module will discover already existing such shadow data by kallsyms-searching all loaded modules for these pointer symbols. If none is found, a new instance is allocated. The newly introduced kgr_shadow_init() implementing this is idempotent and can thus be called from the bsc# subpatches' initializers if needed. Upon KGraft module removal, the new kgr_shadow_cleanup() will conduct another kallsyms search and deallocate the shadow data in case there are no more users. kgr_shadow_cleanup() is also idempotent. Initialization and teardown of the common shadow data is serialized with the module_mutex which has to be taken for the kallsyms search anyway. - commit 8e1e705 ------------------------------------------------------------------- Thu Oct 5 12:12:27 CEST 2017 - nstange@suse.de - shadow variables: drop EXPORT_SYMBOL()s The shadow variable API will only ever get used by the KGraft module itself and thus, there's no need for exporting it. Drop all EXPORT_SYMBOL annotations. - commit ac6cfeb ------------------------------------------------------------------- Thu Oct 5 12:12:26 CEST 2017 - nstange@suse.de - shadow variables: introduce upstream patch Joe Lawrence posted the sixth version of his shadow variable patch [1] implementing the association of additional out-of-band data members to existing structure instances from livepatches. Jiri Kosina has applied this to his git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git for-4.15/shadow-variables tree and thus, it's queued up and close to getting merged. The plan is to eventually backport this shadow variable support to SLE kernels, but we also want to have it usable from KGraft modules by now. Port the implementation to the kraft-patches module. Namely, - dump shadow.c in it's current upstream state as it is after commits 439e7271dc2b ("livepatch: introduce shadow variable API") 5d9da759f758 ("livepatch: __klp_shadow_get_or_alloc() is local to shadow.c") 19205da6a0da ("livepatch: Small shadow variable documentation fixes") - add a shadow.h header and declare the newly introduced functions there - and incorporate the new files into the KGraft module's build system. [1] 1504211861-19899-2-git-send-email-joe.lawrence@redhat.com ("[PATCH v6] livepatch: introduce shadow variable API") - commit e899c4f ------------------------------------------------------------------- Wed Sep 13 14:17:26 CEST 2017 - mbenes@suse.cz - Update IBS_PROJECT to correct maintenance incident after initial submission - commit 0803251 ------------------------------------------------------------------- Wed Sep 13 08:12:46 CEST 2017 - mbenes@suse.cz - New branch for SLE12-SP1_Update_21 - commit c8e4f19 ------------------------------------------------------------------- Wed Aug 16 15:45:14 CEST 2017 - nstange@suse.de - Complete the fix for CVE-2017-1000112 ("udp: consistently apply ufo or fragmentation") The embargoed patch distributed early for CVE-2017-1000112, suse-commit 526d3cae71ec, differs slightly from the corresponding upstream commit 85f1bd9a7b5a ("udp: consistently apply ufo or fragmentation") in that the latter also touches udp_send_skb(). The kernels for SLE12_Update_25 and SLE12-SP1_Update_19 contain the embargoed patch only and thus, lack that change. In order to provide consistency with other livepatches addressing this CVE as well as to yet to come newer kernels, implement a livepatch replacing udp_send_skb() for these two kernels. References: bsc#1052368 bsc#1052311 CVE-2017-1000112 - commit 41968d4 ------------------------------------------------------------------- Wed Aug 16 15:45:12 CEST 2017 - nstange@suse.de - Fix for CVE-2017-9242 ("Incorrect overwrite check in __ip6_append_data()") Live patch for CVE-2017-9242. Upstream commit 232cd35d0804 ("ipv6: fix out of bound writes in __ip6_append_data()"). Fixes: CVE-2017-9242 References: bsc#1042892 CVE-2017-9242 - commit d662821 ------------------------------------------------------------------- Tue Jul 11 13:18:26 CEST 2017 - mbenes@suse.cz - bsc#1038564: Prepare for dynamic patch registration In order to prepare for the merge of 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically"), kgr_patch_bsc1038564.h must declare kgr_patch_bsc1038564_cleanup() and define KGR_PATCH_BSC1038564_FUNCS. Add an empty kgr_patch_bsc1038564_cleanup() implementation. Define KGR_PATCH_BSC1038564_FUNCS in accordance to the KGR_PATCH*() enumeration currently found in kgr_patch_main.c. - commit 513b649 ------------------------------------------------------------------- Tue Jun 13 15:54:27 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: register subpatch sources in rpm spec In order to reduce the manual merging work upon addition of new (sub)patches, commit 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") introduced the register-patches.sh helper. It discovers those and tweaks the main entry point, kgr_patch_main.c, as needed. However, a remaining manual merging task is to list a (sub)patch's source archive in rpm/kgraft-patch.spec and to %setup it. Make scripts/register-patches.sh do this. Namely, - introduce the @@KGR_PATCHES_SOURCES@@ and @@KGR_PATCHES_SETUP_SOURCES@@ placeholders in rpm/kgraft-patch.spec - and make scripts/register-patches.sh expand those within a spec file to be given as an additional command line argument. Finally, adjust scripts/tar-up.sh accordingly. - commit 9eafc8a ------------------------------------------------------------------- Tue Jun 13 15:51:42 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: don't add ','s to @@KGR_PATCHES_FUNCS@@ register-patches.sh expands kgr_patch_main.c's @@KGR_PATCHES_FUNCS@@ placeholder by concatenating all available patches' KGR_PATCH__FUNCS together, separating them by commas. The KGR_PATCH__FUNCS are CPP macros supposed to be provided by each patch. If one of these happens to be empty, the preprocessed expansion will contain two consecutive commas which gcc doesn't like in array initializers. Do not add any commas to the @@KGR_PATCHES_FUNCS@@ expansion but require the individual KGR_PATCH__FUNCS macros to already contain trailing ones as needed. Fixes: 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") - commit ba41416 ------------------------------------------------------------------- Wed Jun 7 12:05:41 CEST 2017 - nstange@suse.de - scripts: create kgr_patch_main.c dynamically The kgraft-patches repository has got many branches, each corresponding to a supported codestream. Each of those carries a potentially different set of live (sub)patches which are controlled through the entry points in kgr_patch_main.c. According to Miroslav, merging of a new (sub)patch based on the pristine master is a pita due to conflicts. Since all (sub)patches stick to certain conventions already, the required modifications of the merging-hotspot kgr_patch_main.c are quite mechanic. Let a script do the work. Namely, - insert some special @@-embraced placeholders at the few places depending on the actual set of (sub)patches, - let register-patches.sh discover the available (sub)patches by searching for directories - and let register-patches.sh replace those placeholders in kgr_patch_main.c Finally, add a register-patches.sh invocation to tar-up.sh. This procedure requires that a SUBPATCH located in directory SUBPATCH/ adheres to the following conventions: - It must provide a provide a SUBPATCH/kgr_patch_SUBPATCH.h header. - This header must provide declarations for kgr_patch_SUBPATCH_init() and kgr_patch_SUBPATCH_cleanup(). - This header must also #define a KGR_PATCH_SUBPATCH_FUNCS macro. It should expand to a comma separated list of KGR_PATCH*() entries, each corresponding to a function the subpatch wants to replace. [mbenes: fixed typos, empty line removed] - commit 4e8dc88 ------------------------------------------------------------------- Thu Jun 1 17:59:47 CEST 2017 - mbenes@suse.cz - Fix for CVE-2017-8890 (denial of service (double free) by leveraging use of the accept system call) Live patch for CVE-2017-8890. Upstream commit 657831ffc38e ("dccp/tcp: do not inherit mc_list from parent"). Fixes: CVE-2017-8890 References: bsc#1038564 CVE-2017-8890 - commit ee5daf3 ------------------------------------------------------------------- Mon Apr 24 16:00:54 CEST 2017 - mbenes@suse.cz - Replace $(PWD) with $(CURDIR) in Makefile CURDIR is an internal variable of make and more suitable. - commit 03bf1d5 ------------------------------------------------------------------- Wed Apr 19 14:02:27 CEST 2017 - mbenes@suse.cz - Create Makefile automatically Introduce scripts/create-makefile.sh script to automatically create a makefile. The scripts is called from tar-up.sh or could be called manually. - commit 1af6c29 ------------------------------------------------------------------- Mon Oct 24 13:26:09 CEST 2016 - mbenes@suse.cz - Better to use SUSE:SLE-12:Update than Devel:kGraft:SLE12 project - commit bdc7598 ------------------------------------------------------------------- Tue May 10 15:43:59 CEST 2016 - mbenes@suse.cz - Add compat.h to deal with changes of KGR_PATCH macro Sympos patch set for kGraft redefined KGR_PATCH macro and added two new ones. Add new compat.h which contains macro magic so that all kGraft patches would work on both old and new kernels with the patch set merged. - commit 4186bef ------------------------------------------------------------------- Fri May 6 17:01:17 CEST 2016 - mbenes@suse.cz - Fix the number of parameters of KGR_PATCH macro New kernels contain kGraft's sympos patch set which changed number of paramaters of KGR_PATCH macro and introduced new macros. Fix it in master so it will be ok for new branches. - commit 78cf676 ------------------------------------------------------------------- Tue Sep 1 13:00:23 CEST 2015 - mmarek@suse.com - Include the RPM version number in the module name - commit 8fa02c6 ------------------------------------------------------------------- Wed Aug 26 11:29:44 CEST 2015 - mbenes@suse.cz - Remove forgotten debug option in the Makefile - commit 9c24ab8 ------------------------------------------------------------------- Mon Aug 17 13:42:04 CEST 2015 - mbenes@suse.cz - Add license and copyright notices - commit d42d3aa ------------------------------------------------------------------- Wed Jul 15 15:58:35 CEST 2015 - mbenes@suse.cz - Remove immediate flag Fake signal was merged to kGraft and immediate feature removed. Remove it in kGraft patches from now on too. - commit c767ad2 ------------------------------------------------------------------- Wed May 20 16:32:17 CEST 2015 - mbenes@suse.cz - Set immediate flag to false Using immediate set to true can lead to BUGs and oopses when downgrading, reverting or applying replace_all patches. There is no way how to find out if there is a process in the old code which is being removed. The module would be put, removed and the process will crash. The consistency model guarantees that there is no one in the old code when the finalization ends. Thus use it for all case to be safe. - commit 830e1a3 ------------------------------------------------------------------- Tue May 12 15:48:07 CEST 2015 - mbenes@suse.cz - Fix description in rpm spec file Spec file description mentions initial kGraft patch which is only true for real initial patch. Make it more neutral. References: bsc#930408 - commit a55e023 ------------------------------------------------------------------- Wed Apr 1 15:36:24 CEST 2015 - mbenes@suse.cz - Generate archives names automatically in tar-up.sh - commit 1f34f18 ------------------------------------------------------------------- Wed Apr 1 13:39:26 CEST 2015 - mbenes@suse.cz - Automatically generate .changes file from git log Also add comments to tar-up.sh script to distinguish between sections. - commit 212a7ae ------------------------------------------------------------------- Thu Mar 26 14:24:21 CET 2015 - mmarek@suse.cz - Revert "Require exact kernel version in the patch" This needs to be done differently, so that modprobe --force works as expected. References: bnc#920615 This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a. - commit bc88dd7 ------------------------------------------------------------------- Wed Mar 25 13:10:24 CET 2015 - mmarek@suse.cz - Require exact kernel version in the patch References: bnc#920615 - commit c62c11a ------------------------------------------------------------------- Tue Mar 24 12:15:41 CET 2015 - mmarek@suse.cz - Add the git commit and branch to the package description References: bnc#920633 - commit 1ff4e48 ------------------------------------------------------------------- Wed Nov 26 10:09:14 CET 2014 - mbenes@suse.cz - Set immediate flag for the initial patch Setting immediate to true will simplify installation of the initial patch and possibly also of the further updates. References: bnc#907150 - commit 391b810 ------------------------------------------------------------------- Tue Nov 25 16:26:40 CET 2014 - mbenes@suse.cz - Add .replace_all set to true Add .replace_all flag set to true even to the initial patch. Thus we will not forget to add that later. Also .immediate is there as a comment. - commit 933e15e ------------------------------------------------------------------- Mon Nov 24 15:02:33 CET 2014 - mmarek@suse.cz - Drop the hardcoded kernel release string The updated kgraft-devel macros set this during build time, so we do not need to know the kernel release string beforehand. As a name suffix for the source packages, let's use SLE12_Test in the master branch and SLE12_Update_ in the update branches. - commit 65f7a25 ------------------------------------------------------------------- Fri Nov 21 15:48:48 CET 2014 - mmarek@suse.cz - Check that we are building against the set kernel version - commit 689e44a ------------------------------------------------------------------- Wed Nov 12 04:11:14 CET 2014 - mmarek@suse.cz - Mark the module as supported References: bnc#904970 - commit 6249314 ------------------------------------------------------------------- Tue Nov 11 17:11:28 CET 2014 - mmarek@suse.cz - Build the test packages against Devel:kGraft:SLE12 - commit c952fbb ------------------------------------------------------------------- Thu Nov 6 13:55:43 CET 2014 - mbenes@suse.cz - Add top git commit hash to uname -v Add top git commit hash to version part of uname. This makes the identification of current patch level easy (even in crash: p kgr_tag). References: fate#317769 - commit 54c9595 ------------------------------------------------------------------- Tue Nov 4 16:23:50 CET 2014 - mbenes@suse.cz - Replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ We need to replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ due to sysfs tree. @@RELEASE@@ changes with each new version of package. - commit 51fd9dd ------------------------------------------------------------------- Mon Nov 3 17:27:24 CET 2014 - mmarek@suse.cz - Add a source-timestamp file with the git commit hash and branch This is required by the bs-upload-kernel script to upload packages to the BS. It can also be used by the specfile in the future. - commit feab4f1 ------------------------------------------------------------------- Mon Nov 3 16:56:31 CET 2014 - mbenes@suse.cz - Initial commit - commit 600de9d ------------------------------------------------------------------- Mon Nov 3 14:59:46 CET 2014 - mmarek@suse.cz - Add config.sh script This tells the automatic builder which IBS project to use. - commit aa7f1cb