------------------------------------------------------------------- Wed Sep 12 17:18:08 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit dcec0dc ------------------------------------------------------------------- Tue Sep 11 11:20:28 CEST 2018 - nstange@suse.de - Fix for CVE-2018-5390 ('denial of service conditions with low rates of specially modified packets aka "SegmentSmack"') Live patch for CVE-2018-5390. Upstream commits 72cd43ba64fc ("tcp: free batches of packets in tcp_prune_ofo_queue()") f4a3313d8e2c ("tcp: avoid collapses in tcp_prune_queue() if possible") 3d4bf93ac120 ("tcp: detect malicious patterns in tcp_collapse_ofo_queue()") 8541b21e781a ("tcp: call tcp_drop() from tcp_data_queue_ofo()") 58152ecbbcc6 ("tcp: add tcp_ooo_try_coalesce() helper") KLP: CVE-2018-5390 References: bsc#1102682 CVE-2018-5390 - commit df03489 ------------------------------------------------------------------- Fri Sep 7 12:40:38 CEST 2018 - nstange@suse.de - Fix for CVE-2018-1000026 ("Improper validation in bnx2x network card driver can allow for DoS attacks via crafted packet") Live patch for CVE-2018-1000026. Upstream commit 8914a595110a ("bnx2x: disable GSO where gso_size is too big for hardware"). KLP: CVE-2018-1000026 References: bsc#1096723 CVE-2018-1000026 [ mb: make kgr_skb_gso_validate_mac_len() static ] - commit 7c947cd ------------------------------------------------------------------- Fri Sep 7 06:22:47 CEST 2018 - nstange@suse.de - Fix for CVE-2018-10938 ("infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows for DoS") Live patch for CVE-2018-10938. Upstream commit 40413955ee26 ("Cipso: cipso_v4_optptr enter infinite loop"). KLP: CVE-2018-10938 References: bsc#1106191 CVE-2018-10938 - commit 018b0ab ------------------------------------------------------------------- Wed Sep 5 14:08:43 CEST 2018 - nstange@suse.de - Fix for CVE-2018-10902 ("double free in midi subsystem") Live patch for CVE-2018-10902. Upstream commit 39675f7a7c7e ("ALSA: rawmidi: Change resized buffers atomically"). KLP: CVE-2018-10902 References: bsc#1105323 CVE-2018-10902 - commit 1499778 ------------------------------------------------------------------- Fri Aug 10 09:07:40 CEST 2018 - mbenes@suse.cz - scripts/register-patches.sh: Amend S variable for Source enumeration Fixes bad merge commit. - commit 7a019d8 ------------------------------------------------------------------- Thu Aug 9 16:25:25 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 2b40a4f ------------------------------------------------------------------- Wed Aug 8 16:22:07 CEST 2018 - nstange@suse.de - Fix CVE-2018-3646 ('kvm: L1 Terminal Fault -VMM aka "Foreshadow" aka "Ocean Breeze" aka "Project Ocean"') Live patch for CVE-2018-3646. No upstream commit yet. KLP: CVE-2018-3646 References: bsc#1099306 CVE-2018-3646 - commit 17fe293 ------------------------------------------------------------------- Wed Aug 8 15:18:35 CEST 2018 - nstange@suse.de - Fix for CVE-2017-18344 ("The timer_create syscall implementation doesn't properly validate the sigevent->sigev_notifyfield, which leads to out-of-bounds access") Live patch for CVE-2017-18344. Upstream commit cef31d9af9082 ("posix-timer: Properly check sigevent->sigev_notify"). KLP: CVE-2017-18344 References: bsc#1103203 CVE-2017-18344 - commit 67c3fd6 ------------------------------------------------------------------- Wed Aug 8 15:07:59 CEST 2018 - nstange@suse.de - Provide common kallsyms wrapper API With bsc#1103203, the need for disambiguating between a multiply defined symbol arose. This is something the kallsyms_lookup_name() based code snippet we used to copy&paste to every individual CVE fix can't handle. Implement a proper wrapper API for doing the kallsyms lookups. - commit 4aed7d2 ------------------------------------------------------------------- Tue Jul 17 12:47:40 CEST 2018 - nstange@suse.de - Fix for CVE-2017-17053 ("The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation ...") Live patch for CVE-2017-17053. Upstream commit ccd5b3235180 ("x86/mm: Fix use-after-free of ldt_struct"). KLP: CVE-2017-17053 References: bsc#1096679 CVE-2017-17053 - commit 06ca1d5 ------------------------------------------------------------------- Fri Jul 13 14:20:14 CEST 2018 - nstange@suse.de - Fix for CVE-2017-11600 ("net/xfrm/xfrm_policy.c does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less") Live patch for CVE-2017-11600. Upstream commit 7bab09631c2a ("xfrm: policy: check policy direction value"). KLP: CVE-2017-11600 References: bsc#1096564 CVE-2017-11600 - commit 75352c0 ------------------------------------------------------------------- Wed Jul 11 13:50:51 CEST 2018 - nstange@suse.de - Fix CVE-2018-10853 ("kvm: guest userspace to guest kernel write") Live patch for CVE-2018-10853. Upstream commit 3c9fa24ca7c9 ("kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access"). KLP: CVE-2018-10853 References: bsc#1097108 CVE-2018-10853 - commit e30fc39 ------------------------------------------------------------------- Mon Jun 25 15:07:10 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit b3a0394 ------------------------------------------------------------------- Fri Jun 15 16:26:39 CEST 2018 - nstange@suse.de - Fix CVE-2018-3665 ("kvm: Lazy FP Save/Restore") Live patch for CVE-2018-3665. Upstream commit 653f52c316a4 ("kvm,x86: load guest FPU context more eagerly"). KLP: CVE-2018-3665 References: bsc#1096740 CVE-2018-3665 - commit a208a16 ------------------------------------------------------------------- Thu Jun 14 11:15:12 CEST 2018 - nstange@suse.de - Fix CVE-2018-3665 ("kernel: Lazy FP Save/Restore") Live patch for CVE-2018-3665. Upstream commit 58122bf1d856 ("x86/fpu: Default eagerfpu=on on all CPUs"). KLP: CVE-2018-3665 References: bsc#1090338 CVE-2018-3665 - commit 056ea65 ------------------------------------------------------------------- Wed May 16 12:21:28 CEST 2018 - nstange@suse.de - bsc#1085447: fix raw __user access in put_v4l2_window32() put_v4l2_window32() loads kp->clips directly, but kp is in userspace and this load can oops. This has already been fixed upstream in commit 85ea29f19eab ("media: v4l2-compat-ioctl32: don't oops on overlay"). Backport it. References: bsc#1085447 CVE-2017-13166 - commit 93c3ee9 ------------------------------------------------------------------- Tue May 15 17:25:41 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 059751f ------------------------------------------------------------------- Mon May 14 08:30:02 CEST 2018 - nstange@suse.de - Fix CVE-2018-8897 (kernel: "POP SS") Live patch for CVE-2018-8897. Upstream commit d8ba61ba58c8 ("x86/entry/64: Don't use IST entry for #BP stack"). KLP: CVE-2018-8897 References: bsc#1090368 CVE-2018-8897 - commit dcfa955 ------------------------------------------------------------------- Mon May 14 08:30:00 CEST 2018 - nstange@suse.de - scrips/create-makefile.sh: add support for assembly files - commit cf2464a ------------------------------------------------------------------- Fri May 11 16:30:10 CEST 2018 - nstange@suse.de - callbacks: kgr_subpatch_register(): always set ->parent In case kgr_subpatch_register() finds an existing instance of that subpatch ID, the to be registered subpatch's ->parent is not set. This causes a NULL pointer dereference from kgr_subpatch_unregister() later on. Fix this by making kgr_patch_register() always set ->parent. - commit 1ff8a8c ------------------------------------------------------------------- Wed May 9 16:40:49 CEST 2018 - nstange@suse.de - Fix CVE-2018-8781 ("Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap()...") Live patch for CVE-2018-8781. Upstream commit 3b82a4db8eac ("drm: udl: Properly check framebuffer mmap offsets"). KLP: CVE-2018-8781 References: CVE-2018-8781 bsc#1090646 - commit 07cd0ae ------------------------------------------------------------------- Thu May 3 13:41:30 CEST 2018 - nstange@suse.de - bsc#1090869: fix indirect call to kgr_kvm_spurious_fault() The inline asm of kgr____kvm_handle_fault_on_reboot() is broken in that it doesn't do a call to the address stored in kgr_kvm_spurious_fault, but a jmp. Fix this. - commit 97a0682 ------------------------------------------------------------------- Wed May 2 15:38:55 CEST 2018 - nstange@suse.de - kGraft callbacks: provide patch state abstraction Now that the kGraft core has been live patched to invoke the kgr_patch_state_pre_replace_cb(), kgr_patch_state_pre_revert_cb() and kgr_patch_state_post_patch_cb() callbacks, let's add an abstraction API on top to make this functionality accessible in sane ways from live patches. In general, the live patching callbacks are used for achieving global consistency. As such, they provide a means for getting notifications for events such as or global patching completement or an about to happen revert. However, a kGraft patch is usually made up from several independent subpatches, one for each issue or CVE to be fixed. In general, newly applied kGraft patches will provide a different set of fixes than what has been there before. This set usually grows with higher kGraft patch versions, but note that downgrades are also possible. What we really want to do is to track the global state on a per-subpatch basis and the abstraction API introduced by this patch provides this. Fixes are identified by a globally unique ID to be assigned by the patch author. These could be derived from a bsc# or CVE number. See the KGR_SUBPATCH_ID_BSC() and KGR_SUBPATCH_ID_CVE() helpers. The basic tracking entity is a struct kgr_subpatch. A kGraft module can register one of those for each issue ID it needs to have callback functionality for. Each kgr_subpatch instance can have a number of callbacks: - post_patch() Called for a subpatch whithout a precedessor after the kGraft transition has finished. - pre_migrate_to() Called for a subpatch with a precedessor before the kGraft transition starts. - post_migrate_to() Called for a subpatch with a precedessor after the kGraft transition has finished. - pre_revert() Called for a subpatch without a successor before the kGraft transition starts. - pre_migrate_away() Called for a subpatch with a successor before the kGraft transition starts. - post_migrate_away() Called for a subpatch with a successor after the kGraft transition has finished. To further facilite communication between subpatch precedessors and successors, each subpatch instance can have some data associated with it. The callback abstraction API manages these in entities of struct kgr_subpatch_data instances. It is expected that these are in general embedded in some larger structures. A kgr_subpatch's ->alloc_data() and ->free_data() callbacks will be used to allocate and free those. A kgr_subpatch's associated data is accessible at its ->data member. It is guaranteed to remain stable for the subpatch's complete lifetime, i.e. it may be accessed from any of its kGraft-patched replacement functions, regardless of any global patch state. Associated with each kgr_subpatch_data instance is a version whose meaning is to be defined by the patch author. Upon replacement of a subpatch with a matching successor, the ->prepare_migration() callback can inspect the preexisting data and still prevent a handover from taking place. If ->prepare_migration() returns false, the replacement will be treated as if the precedessor had been reverted and the successor been applied without a precedessor. In particular, ->pre_revert() and ->post_patch() will be called rather than any of the ->{pre,post}_migrate_{away,to}(). If ->prepare_migration() returns true, it must somehow take ownership of the previous subpatch's data. It can either 1. replace its own ->data initialized with the preallocated data or 2. store a pointer to the old data somewhere within its preallocated data. In the first case, the preallocated data will be automatically freed, so ->prepare_migration() must not do it. - commit fbe8e8e ------------------------------------------------------------------- Wed May 2 15:38:54 CEST 2018 - nstange@suse.de - Fix bsc#1083125 ("KGraft: small race in reversion code") Live patches relying on callback functionality will likely be more sensitive to kGraft's otherwise quite harmless reversion race. Fix it if callbacks are used. References: bsc#1083125 - commit 67b1efe ------------------------------------------------------------------- Wed May 2 15:38:53 CEST 2018 - nstange@suse.de - Add callback functionality In order to reach global consistency, certain kGraft patches need to get notfications of patch transition events like pre-revert, pre-replace and post-patch. The kGraft core does not provide such a mechanism but fortunately it can still be implemented by livepatching kGraft itself. This works because once kGraft concludes that everything has been transitioned and calls its kgr_finalize(), in particular that call's context will also have been transitioned. It follows that the kgr_finalize() invocation will be redirected to a live patched implementation, if any. This way kgr_finalize() can be amended from a live patch to call a post-patch callback. The same line of reasoning applies to kgr_modify_kernel() and pre-replace or -revert callbacks. Right now, the callbacks are only placeholder stubs which will be filled in by a later patch adding some abstraction API on top. This upcoming API will also implement a kgr_subpatch_register() function and subpatches making any use of callbacks will call it. Make register-patches.sh grep for 'kgr_subpatch_register' and enable the callbacks patch if and only if found. - commit 306c337 ------------------------------------------------------------------- Tue May 1 14:32:32 CEST 2018 - nstange@suse.de - Fix CVE-2018-1087 ("kvm: POP SS") Live patch for CVE-2018-1087. Upstream commit 32d43cd391ba ("kvm/x86: fix icebp instruction handling"). KLP: CVE-2018-1087 References: bsc#1090869 CVE-2018-1087 [ mb: s/CONFIG_SND_PCM/CONFIG_KVM_INTEL/ ] - commit 75a5884 ------------------------------------------------------------------- Tue Apr 24 15:20:33 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 2ae106d ------------------------------------------------------------------- Fri Apr 20 11:07:10 CEST 2018 - nstange@suse.de - Fix for CVE-2018-1000199 ("ptrace() bug leading to DoS or possibly corruption") Live patch for CVE-2018-1000199. Upstream commit f67b15037a7a ("perf/hwbp: Simplify the perf-hwbp code, fix documentation"). KLP: CVE-2018-1000199 References: bsc#1090036 CVE-2018-1000199 - commit 8585644 ------------------------------------------------------------------- Mon Apr 9 12:55:19 CEST 2018 - nstange@suse.de - Fix for CVE-2017-0861 ("Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation") Live patch for CVE-2017-0861. Upstream 362bca57f5d7 commit ("ALSA: pcm: prevent UAF in snd_pcm_info"). KLP: CVE-2017-0861 References: bsc#1088268 CVE-2017-0861 - commit 1f010ed ------------------------------------------------------------------- Tue Apr 3 15:48:47 CEST 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 76cb327 ------------------------------------------------------------------- Tue Mar 27 16:25:20 CEST 2018 - nstange@suse.de - Fix for CVE-2017-13166 ("An elevation of privilege vulnerability in the kernel v4l2 video driver") Live patch for CVE-2017-13166. Upstream commit a1dfb4c48cc1 ("media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic"). KLP: CVE-2017-13166 References: bsc#1085447 CVE-2017-13166 - commit 4d56679 ------------------------------------------------------------------- Wed Mar 21 11:47:17 CET 2018 - nstange@suse.de - Fix for CVE-2018-1068 ("netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets") Live patch for CVE-2018-1068. Upstream commit b71812168571 ("netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets") and follow-up commit 932909d9b28d ("netfilter: ebtables: fix erroneous reject of last rule"). KLP: CVE-2018-1068 References: bsc#1085114 CVE-2018-1068 - commit 49c848e ------------------------------------------------------------------- Fri Mar 16 15:45:30 CET 2018 - nstange@suse.de - Fix for CVE-2018-7566 ("race condition in snd_seq_write() may lead to UAF or OOB-access") Live patch for CVE-2018-7566. Upstream commits d15d662e89fc ("ALSA: seq: Fix racy pool initializations"), d15d662e89fc ("ALSA: seq: Fix racy pool initializations") and 7bd800915677 ("ALSA: seq: More protection for concurrent write and ioctl races"). As a prerequisite, fix CVE-2018-1000004 ("ALSA: sequencer use-after-free / deadlock"), upstream commit b3defb791b26 ("ALSA: seq: Make ioctls race-free"), too. KLP: CVE-2018-7566 CVE-2018-1000004 References: bsc#1083488 CVE-2018-7566 bsc#1076017 CVE-2018-1000004 - commit 70cd4fd ------------------------------------------------------------------- Mon Mar 5 16:21:09 CET 2018 - mbenes@suse.cz - bsc#1073230: Add commit hashes - commit dc8e1fb ------------------------------------------------------------------- Mon Mar 5 15:44:31 CET 2018 - nstange@suse.de - shadow variables: allow for dynamic initialization Currently, the only shadow variable initialization scheme exposed by the allocation API is to let klp_shadow_alloc() resp. klp_shadow_get_or_alloc() memcpy some user provided buffer to the freshly allocated shadow variable. This is too limited for shadow structures containing pointers into themselves like list_heads or mutexes. Change the internal __klp_shadow_get_or_alloc() to take a pointer to an initializer functions and call that in place of the memcpy() operation. In order to retain former functionality of klp_shadow_alloc() and klp_shadow_get_or_alloc(), make them pass the new __klp_shadow_memcpy_init() wrapper to __klp_shadow_get_or_alloc(). Finally, introduce the new klp_shadow_alloc_with_init() and klp_shadow_get_or_alloc_with_init() which pass a user provided initializer function pointer onwards to __klp_shadow_get_or_alloc(). - commit 843c6fa ------------------------------------------------------------------- Mon Feb 26 10:11:35 CET 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 528ecbc ------------------------------------------------------------------- Mon Jan 29 15:59:34 CET 2018 - nstange@suse.de - Fix for CVE-2017-18075 ("crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing instances ...") Live patch for CVE-2017-18075. Upstream commit d76c68109f37 ("crypto: pcrypt - fix freeing pcrypt instances"). KLP: CVE-2017-18075 References: bsc#1077404 CVE-2017-18075 [ commit hashes added ] - commit 9610360 ------------------------------------------------------------------- Thu Jan 18 17:11:40 CET 2018 - mbenes@suse.cz - Bump up the version number in spec file - commit 18b623c ------------------------------------------------------------------- Tue Jan 16 11:22:25 CET 2018 - nstange@suse.de - Fix for CVE-2017-17712 ("The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6 has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allows a local user to execute code and gain privileges") Live patch for CVE-2017-17712. Upstream commits 8f659a03a0ba ("net: ipv4: fix for a race condition in raw_sendmsg") and 20b50d79974e ("net: ipv4: emulate READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()"). KLP: CVE-2017-17712 References: bsc#1073230 CVE-2017-17712 - commit b40e83b ------------------------------------------------------------------- Fri Dec 15 09:52:49 CET 2017 - mbenes@suse.cz - bsc#1069708: Add kernel-source commit hashes References: bsc#1069708 CVE-2017-16939 - commit 9bf8977 ------------------------------------------------------------------- Tue Dec 5 16:42:04 CET 2017 - mbenes@suse.cz - uname_patch: fix UNAME26 for 4.0 Backport upstream commit 39afb5ee4640 ("kernel/sys.c: fix UNAME26 for 4.0"). - commit 5988feb ------------------------------------------------------------------- Mon Dec 4 15:36:44 CET 2017 - nstange@suse.de - bsc#1070307: fix ppc64le build failures Currently, the build on ppc64le fails because - CONFIG_ZONE_DEVICE is not set and the #ifdef protecting the kallsyms lookup of find_dev_pagemap() #errors out. Fix this by providing the trivial find_dev_pagemap() implementation in the !CONFIG_ZONE_DEVICE case. - pmd_page() and update_mmu_cache_pmd() are not defined in headers but in *.c files. Fix this by doing a kallsyms lookup for these if on __powerpc64__. - commit 3bf35d6 ------------------------------------------------------------------- Mon Dec 4 15:36:43 CET 2017 - nstange@suse.de - bsc#1070307: amend commit ids Both, upstream and our kernel-source seem to have settled wrt. to this issue. Amend the commit ids referenced from the file header comment. - commit bc82a57 ------------------------------------------------------------------- Mon Dec 4 15:25:24 CET 2017 - mbenes@suse.cz - Revert "Add compat.h to deal with changes of KGR_PATCH macro" This reverts commit 4186bef35862029a2fd36ba4a73d5fa538992709. All currently supported kernels (that is, everything since SLE12_Update_14 and SLE12-SP1_Update_5) have sympos support. We can drop compat, because we don't need it anymore. - commit 11e3220 ------------------------------------------------------------------- Fri Dec 1 16:45:23 CET 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit d540b25 ------------------------------------------------------------------- Fri Dec 1 11:42:06 CET 2017 - nstange@suse.de - Fix for CVE-2017-1000405 ("huge dirty cow in THP pages") Live patch for CVE-2017-1000405. No upstream commit yet. Fixes: CVE-2017-1000405 References: bsc#1070307, CVE-2017-1000405 - commit a9a119c ------------------------------------------------------------------- Thu Nov 30 15:15:20 CET 2017 - mbenes@suse.cz - scripts: Generate ExclusiveArch in spec file dynamically ppc64le architecture kernel support is not present in all currently supported branches. It may cause problem for the maintenance team. Generate ExclusiveArch dynamically. It should be 'ppc64le x86_64' for SLE12-SP3 and 'x86_64' for the rest. - commit 95ed856 ------------------------------------------------------------------- Mon Nov 27 14:15:48 CET 2017 - nstange@suse.de - Fix for CVE-2017-16939 ("local privilege escalation with XFRM sockets") Live patch for CVE-2017-16939. Upstream commit 1137b5e2529a ("ipsec: Fix aborted xfrm policy dump crash"). Fixes: CVE-2017-16939 References: bsc#1069708, CVE-2017-16939 - commit bd00d45 ------------------------------------------------------------------- Wed Nov 22 14:10:48 CET 2017 - nstange@suse.de - Livepatch for bsc#1062847 ("Server does not shut down correctly if NIC teaming is enabled") Livepatch for bsc#1062847. Upstream commit 16cf72bb0856 ("team: call netdev_change_features out of team lock"). Fixes: bsc#1062847 References: bsc#1062847, bsc#1055567 [ mb: note added wrt team_compute_features() ] [ mb: s/if (err)/if (!err)/ in Fix sections ] - commit 9c4d9af ------------------------------------------------------------------- Thu Nov 16 14:27:46 CET 2017 - mbenes@suse.cz - rpm/kgraft-patch.spec: Add ppc64le as a supported arch ppc64le is about to be supported in Live Patching product. Add it to ExclusiveArch tag. - commit 8437c94 ------------------------------------------------------------------- Thu Nov 16 14:26:35 CET 2017 - mbenes@suse.cz - rpm/kgraft-patch.spec: Remove s390x from supported archs s390x is not supported in Live Patching product. Remove it from ExclusiveArch. - commit f9614f2 ------------------------------------------------------------------- Fri Nov 10 15:51:52 CET 2017 - mbenes@suse.cz - Bump up the version number in spec file - commit 3f965d3 ------------------------------------------------------------------- Mon Nov 6 16:52:09 CET 2017 - mbenes@suse.cz - bsc#1063671: Backport upstream commit cfbb0d90a7ab ("mac80211: don't compare TKIP TX MIC key in reinstall prevention") References: bsc#1066472 - commit 102a48a ------------------------------------------------------------------- Mon Nov 6 16:40:28 CET 2017 - mbenes@suse.cz - bsc#1063671: Backport upstream commit 2bdd713b92a9 ("mac80211: use constant time comparison with keys") References: bsc#1066471 - commit 13fd89e ------------------------------------------------------------------- Mon Nov 6 14:51:51 CET 2017 - mbenes@suse.cz - bsc#1063671: increment_tailroom_need_count() is not inlined in SLE12-SP{2,3} Remove it and kgr_assert_key_lock() and kgr_update_vlan_tailroom_need_count() along with it. - commit 5a25b61 ------------------------------------------------------------------- Tue Oct 31 18:56:42 CET 2017 - nstange@suse.de - Fix for CVE-2017-15649 ("net/packet/af_packet.c allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures") Live patch for CVE-2017-15649. Upstream commits 4971613c1639 ("packet: in packet_do_bind, test fanout with bind_lock held") and 008ba2a13f2d ("packet: hold bind lock when rebinding to fanout hook"). Fixes: CVE-2017-15649 References: bsc#1064392, CVE-2017-15649 - commit 4840070 ------------------------------------------------------------------- Thu Oct 19 15:30:33 CEST 2017 - nstange@suse.de - Fix for CVE-2017-13080 ("Reinstallation of the group key (GTK) in the group key handshake") Live patch for CVE-2017-13080. Upstream commit fdf7cb4185b6 ("mac80211: accept key reinstall without changing anything"). Note: this addresses _only_ CVE-2017-13080 which is a minor part of "KRACK" related to WoWLAN. All the remaining CVE's associated with "KRACK" refer to userspace and thus, are _not_ fixed by this live patch! Fixes: CVE-2017-13080 References: bsc#1063671, CVE-2017-13080 - commit 8be6a04 ------------------------------------------------------------------- Thu Oct 5 12:12:29 CEST 2017 - nstange@suse.de - shadow variables: add KGR_SHADOW_ID helper As shadow variables are supposed to be shared among different KGraft modules their id's must be compile time constants. Introduce the KGR_SHADOW_ID helper macro for generating them in a uniform manner based on the bsc# number and a local id. - commit 237c8f3 ------------------------------------------------------------------- Thu Oct 5 12:12:28 CEST 2017 - nstange@suse.de - shadow variables: share shadow data among KGraft modules As it stands, each KGraft module maintains its own set of shadow variable management structures and thus, shadow variables are not sharable between livepatch modules. This behaviour is different from the upstream implementation and, as pointed out by Miroslav Benes, it also opens up an opportunity for a small window where the system might become vulnerable again during transition as we stack new livepatches on top. Let all KGraft patches share the shadow data. Sharing is implemented by moving the management structures from a KGraft module's .data to dynamically allocated memory. Each KGraft module will have specifically named pointers, 'kgr_shadow_hash12' and 'kgr_shadow_lock12', referencing them. Upon initialization, a KGraft module will discover already existing such shadow data by kallsyms-searching all loaded modules for these pointer symbols. If none is found, a new instance is allocated. The newly introduced kgr_shadow_init() implementing this is idempotent and can thus be called from the bsc# subpatches' initializers if needed. Upon KGraft module removal, the new kgr_shadow_cleanup() will conduct another kallsyms search and deallocate the shadow data in case there are no more users. kgr_shadow_cleanup() is also idempotent. Initialization and teardown of the common shadow data is serialized with the module_mutex which has to be taken for the kallsyms search anyway. - commit 8e1e705 ------------------------------------------------------------------- Thu Oct 5 12:12:27 CEST 2017 - nstange@suse.de - shadow variables: drop EXPORT_SYMBOL()s The shadow variable API will only ever get used by the KGraft module itself and thus, there's no need for exporting it. Drop all EXPORT_SYMBOL annotations. - commit ac6cfeb ------------------------------------------------------------------- Thu Oct 5 12:12:26 CEST 2017 - nstange@suse.de - shadow variables: introduce upstream patch Joe Lawrence posted the sixth version of his shadow variable patch [1] implementing the association of additional out-of-band data members to existing structure instances from livepatches. Jiri Kosina has applied this to his git://git.kernel.org/pub/scm/linux/kernel/git/jikos/livepatching.git for-4.15/shadow-variables tree and thus, it's queued up and close to getting merged. The plan is to eventually backport this shadow variable support to SLE kernels, but we also want to have it usable from KGraft modules by now. Port the implementation to the kraft-patches module. Namely, - dump shadow.c in it's current upstream state as it is after commits 439e7271dc2b ("livepatch: introduce shadow variable API") 5d9da759f758 ("livepatch: __klp_shadow_get_or_alloc() is local to shadow.c") 19205da6a0da ("livepatch: Small shadow variable documentation fixes") - add a shadow.h header and declare the newly introduced functions there - and incorporate the new files into the KGraft module's build system. [1] 1504211861-19899-2-git-send-email-joe.lawrence@redhat.com ("[PATCH v6] livepatch: introduce shadow variable API") - commit e899c4f ------------------------------------------------------------------- Tue Sep 19 17:05:12 CEST 2017 - mbenes@suse.cz - Update IBS_PROJECT to correct maintenance incident after initial submission - commit c81dd7f ------------------------------------------------------------------- Mon Sep 18 17:15:11 CEST 2017 - mbenes@suse.cz - New branch for SLE12-SP3_Update_3 - commit 278c98a ------------------------------------------------------------------- Tue Jun 13 15:54:27 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: register subpatch sources in rpm spec In order to reduce the manual merging work upon addition of new (sub)patches, commit 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") introduced the register-patches.sh helper. It discovers those and tweaks the main entry point, kgr_patch_main.c, as needed. However, a remaining manual merging task is to list a (sub)patch's source archive in rpm/kgraft-patch.spec and to %setup it. Make scripts/register-patches.sh do this. Namely, - introduce the @@KGR_PATCHES_SOURCES@@ and @@KGR_PATCHES_SETUP_SOURCES@@ placeholders in rpm/kgraft-patch.spec - and make scripts/register-patches.sh expand those within a spec file to be given as an additional command line argument. Finally, adjust scripts/tar-up.sh accordingly. - commit 9eafc8a ------------------------------------------------------------------- Tue Jun 13 15:51:42 CEST 2017 - nstange@suse.de - scripts/register-patches.sh: don't add ','s to @@KGR_PATCHES_FUNCS@@ register-patches.sh expands kgr_patch_main.c's @@KGR_PATCHES_FUNCS@@ placeholder by concatenating all available patches' KGR_PATCH__FUNCS together, separating them by commas. The KGR_PATCH__FUNCS are CPP macros supposed to be provided by each patch. If one of these happens to be empty, the preprocessed expansion will contain two consecutive commas which gcc doesn't like in array initializers. Do not add any commas to the @@KGR_PATCHES_FUNCS@@ expansion but require the individual KGR_PATCH__FUNCS macros to already contain trailing ones as needed. Fixes: 4e8dc885be22 ("scripts: create kgr_patch_main.c dynamically") - commit ba41416 ------------------------------------------------------------------- Wed Jun 7 12:05:41 CEST 2017 - nstange@suse.de - scripts: create kgr_patch_main.c dynamically The kgraft-patches repository has got many branches, each corresponding to a supported codestream. Each of those carries a potentially different set of live (sub)patches which are controlled through the entry points in kgr_patch_main.c. According to Miroslav, merging of a new (sub)patch based on the pristine master is a pita due to conflicts. Since all (sub)patches stick to certain conventions already, the required modifications of the merging-hotspot kgr_patch_main.c are quite mechanic. Let a script do the work. Namely, - insert some special @@-embraced placeholders at the few places depending on the actual set of (sub)patches, - let register-patches.sh discover the available (sub)patches by searching for directories - and let register-patches.sh replace those placeholders in kgr_patch_main.c Finally, add a register-patches.sh invocation to tar-up.sh. This procedure requires that a SUBPATCH located in directory SUBPATCH/ adheres to the following conventions: - It must provide a provide a SUBPATCH/kgr_patch_SUBPATCH.h header. - This header must provide declarations for kgr_patch_SUBPATCH_init() and kgr_patch_SUBPATCH_cleanup(). - This header must also #define a KGR_PATCH_SUBPATCH_FUNCS macro. It should expand to a comma separated list of KGR_PATCH*() entries, each corresponding to a function the subpatch wants to replace. [mbenes: fixed typos, empty line removed] - commit 4e8dc88 ------------------------------------------------------------------- Mon Apr 24 16:00:54 CEST 2017 - mbenes@suse.cz - Replace $(PWD) with $(CURDIR) in Makefile CURDIR is an internal variable of make and more suitable. - commit 03bf1d5 ------------------------------------------------------------------- Wed Apr 19 14:02:27 CEST 2017 - mbenes@suse.cz - Create Makefile automatically Introduce scripts/create-makefile.sh script to automatically create a makefile. The scripts is called from tar-up.sh or could be called manually. - commit 1af6c29 ------------------------------------------------------------------- Mon Oct 24 13:26:09 CEST 2016 - mbenes@suse.cz - Better to use SUSE:SLE-12:Update than Devel:kGraft:SLE12 project - commit bdc7598 ------------------------------------------------------------------- Tue May 10 15:43:59 CEST 2016 - mbenes@suse.cz - Add compat.h to deal with changes of KGR_PATCH macro Sympos patch set for kGraft redefined KGR_PATCH macro and added two new ones. Add new compat.h which contains macro magic so that all kGraft patches would work on both old and new kernels with the patch set merged. - commit 4186bef ------------------------------------------------------------------- Fri May 6 17:01:17 CEST 2016 - mbenes@suse.cz - Fix the number of parameters of KGR_PATCH macro New kernels contain kGraft's sympos patch set which changed number of paramaters of KGR_PATCH macro and introduced new macros. Fix it in master so it will be ok for new branches. - commit 78cf676 ------------------------------------------------------------------- Tue Sep 1 13:00:23 CEST 2015 - mmarek@suse.com - Include the RPM version number in the module name - commit 8fa02c6 ------------------------------------------------------------------- Wed Aug 26 11:29:44 CEST 2015 - mbenes@suse.cz - Remove forgotten debug option in the Makefile - commit 9c24ab8 ------------------------------------------------------------------- Mon Aug 17 13:42:04 CEST 2015 - mbenes@suse.cz - Add license and copyright notices - commit d42d3aa ------------------------------------------------------------------- Wed Jul 15 15:58:35 CEST 2015 - mbenes@suse.cz - Remove immediate flag Fake signal was merged to kGraft and immediate feature removed. Remove it in kGraft patches from now on too. - commit c767ad2 ------------------------------------------------------------------- Wed May 20 16:32:17 CEST 2015 - mbenes@suse.cz - Set immediate flag to false Using immediate set to true can lead to BUGs and oopses when downgrading, reverting or applying replace_all patches. There is no way how to find out if there is a process in the old code which is being removed. The module would be put, removed and the process will crash. The consistency model guarantees that there is no one in the old code when the finalization ends. Thus use it for all case to be safe. - commit 830e1a3 ------------------------------------------------------------------- Tue May 12 15:48:07 CEST 2015 - mbenes@suse.cz - Fix description in rpm spec file Spec file description mentions initial kGraft patch which is only true for real initial patch. Make it more neutral. References: bsc#930408 - commit a55e023 ------------------------------------------------------------------- Wed Apr 1 15:36:24 CEST 2015 - mbenes@suse.cz - Generate archives names automatically in tar-up.sh - commit 1f34f18 ------------------------------------------------------------------- Wed Apr 1 13:39:26 CEST 2015 - mbenes@suse.cz - Automatically generate .changes file from git log Also add comments to tar-up.sh script to distinguish between sections. - commit 212a7ae ------------------------------------------------------------------- Thu Mar 26 14:24:21 CET 2015 - mmarek@suse.cz - Revert "Require exact kernel version in the patch" This needs to be done differently, so that modprobe --force works as expected. References: bnc#920615 This reverts commit c62c11aecd4e3f8822e1b835fea403acc3148c5a. - commit bc88dd7 ------------------------------------------------------------------- Wed Mar 25 13:10:24 CET 2015 - mmarek@suse.cz - Require exact kernel version in the patch References: bnc#920615 - commit c62c11a ------------------------------------------------------------------- Tue Mar 24 12:15:41 CET 2015 - mmarek@suse.cz - Add the git commit and branch to the package description References: bnc#920633 - commit 1ff4e48 ------------------------------------------------------------------- Wed Nov 26 10:09:14 CET 2014 - mbenes@suse.cz - Set immediate flag for the initial patch Setting immediate to true will simplify installation of the initial patch and possibly also of the further updates. References: bnc#907150 - commit 391b810 ------------------------------------------------------------------- Tue Nov 25 16:26:40 CET 2014 - mbenes@suse.cz - Add .replace_all set to true Add .replace_all flag set to true even to the initial patch. Thus we will not forget to add that later. Also .immediate is there as a comment. - commit 933e15e ------------------------------------------------------------------- Mon Nov 24 15:02:33 CET 2014 - mmarek@suse.cz - Drop the hardcoded kernel release string The updated kgraft-devel macros set this during build time, so we do not need to know the kernel release string beforehand. As a name suffix for the source packages, let's use SLE12_Test in the master branch and SLE12_Update_ in the update branches. - commit 65f7a25 ------------------------------------------------------------------- Fri Nov 21 15:48:48 CET 2014 - mmarek@suse.cz - Check that we are building against the set kernel version - commit 689e44a ------------------------------------------------------------------- Wed Nov 12 04:11:14 CET 2014 - mmarek@suse.cz - Mark the module as supported References: bnc#904970 - commit 6249314 ------------------------------------------------------------------- Tue Nov 11 17:11:28 CET 2014 - mmarek@suse.cz - Build the test packages against Devel:kGraft:SLE12 - commit c952fbb ------------------------------------------------------------------- Thu Nov 6 13:55:43 CET 2014 - mbenes@suse.cz - Add top git commit hash to uname -v Add top git commit hash to version part of uname. This makes the identification of current patch level easy (even in crash: p kgr_tag). References: fate#317769 - commit 54c9595 ------------------------------------------------------------------- Tue Nov 4 16:23:50 CET 2014 - mbenes@suse.cz - Replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ We need to replace @@RELEASE@@ in kgr_patch->name with @@RPMRELEASE@@ due to sysfs tree. @@RELEASE@@ changes with each new version of package. - commit 51fd9dd ------------------------------------------------------------------- Mon Nov 3 17:27:24 CET 2014 - mmarek@suse.cz - Add a source-timestamp file with the git commit hash and branch This is required by the bs-upload-kernel script to upload packages to the BS. It can also be used by the specfile in the future. - commit feab4f1 ------------------------------------------------------------------- Mon Nov 3 16:56:31 CET 2014 - mbenes@suse.cz - Initial commit - commit 600de9d ------------------------------------------------------------------- Mon Nov 3 14:59:46 CET 2014 - mmarek@suse.cz - Add config.sh script This tells the automatic builder which IBS project to use. - commit aa7f1cb